By Caroline Blivet
Share

10 Best Practices to Implement for Cybersecurity

December 11, 2019

Cybercrime is big business. The idea of a hacker working solo for the fun of the challenge has now been left in our digital past. The cyber attacks of today are often complex and backed by a staggering level of resources, including advanced hardware and software and a wide network of highly skilled cyber criminals.

The traditional approach to cybersecurity – building stronger and better defenses to keep hackers and unauthorized individuals out ­– is no longer enough.

In order to keep their data and assets secure, today’s businesses must assume that a cyber attack is inevitable rather than a possibility. Robust security measures mean not only strengthening the walls around your system but also implementing sophisticated monitoring, detection, and response systems. This approach means that when (not if) a breach occurs, it can be rapidly detected and blocked, and appropriate action can be taken to limit its impact

We've put together 10 best practices that you can implement in your organization to keep your data and assets secure.

1. Develop a cybersecurity strategy for your organization.

You can’t deal with cybersecurity challenges as they occur. It’s vital to carry out a complete audit of your current security tools, training programs, and processes and to identify the specific threats you’re facing. You should also assess how effective your current security protocols are and if there are any persistent or recurring threats that have managed to breach your security systems in the past.

2. Create a detailed cybersecurity policy.

Cybersecurity is a concern of everyone in your organization, from the CISO right down to the lowest level employees. The only way everyone can understand security best practices is by having a comprehensive policy to follow. As well as a company-wide policy, it may be appropriate for individual departments to have their own specific security policies.

3. Backup and encrypt your data.

The best defense against cyber attacks is to assume they can and will occur. In the event of a data loss or corruption, a recent and comprehensive data backup is the only way to recover.

Your backups must also be protected, of course. This means encrypting the data and spreading the responsibility of creating and managing backups between several people to avoid the risk of insider threats.

4. Use multi-factor authentication.

Multi-factor authentication is one of the simplest and easiest ways of preventing unauthorized access to your systems and data. MFA is so effective that the National Cyber Security Alliance has added MFA to its safety awareness campaign.

MFA adds an additional layer of security every time you log in such as a security token, text message, fingerprint, or voice, which drastically reduces the risk of identity theft. MFA also allows you to improve access control by distinguishing users of shared accounts.

5. Create secure passwords and keep them safe.

Insecure passwords are one of the easiest ways a hacker can gain access to your account. All staff should be trained on the importance of creating a secure password (a mixture of upper and lowercase letters, numbers, and symbols) and the importance of never sharing passwords or storing them in insecure locations.

6. Use the principle of least privilege.

A secure security system must have proper access control. Instead of granting users access to all data and high-level permissions as default, start them on the lowest level of privileges, and add new permissions only as and when they’re required. If a user temporarily needs access to sensitive data, make sure these permissions are deactivated when they are no longer needed.

7. Know who is accessing your data.

These days it’s common for organizations to work with third-party service providers and contractors who may access systems remotely. This is not normally a problem, but it’s vital to monitor access and activity on the network so any malicious or risky activity can be blocked.

8. Educate and train your employees.

Training should be an essential component of any security strategy. Employees are not only your greatest asset when it comes to security, but they are also your greatest liability.

Make sure every employee understands that cybersecurity is a top priority, whatever their position, and send out regular news and updates on new threats, scams, viruses, and other important cybersecurity information.

9. Keep all software and apps up to date.

Software updates are sometimes rolled out to introduce new features, but often, they’re to fix bugs and security holes that a hacker may take advantage of. Keeping software up to date is the simplest way to ensure your systems are secure. If you no longer use software, make sure it is deactivated and deleted from your systems.

10. Don’t underestimate hackers.

Don’t think that cybercriminals won’t be interested in your company. Data breaches affect organizations of all sizes, and small businesses are often especially vulnerable because they don’t have the resources larger companies do to stay secure. Don’t make the mistake of thinking your company data has no value to cybercriminals.

 

If you want to learn more, download our whitepaper "Designing a Winning Cybersecurity Strategy in the Age of Cloud".

Loading Conversation