13 Cyber Security Practices you MUST Follow!
Inspired by today’s Friday the 13th, we’ve compiled 13 of the best cyber security tips and best practices you should be doing following!
1) Train your employees
Did you know that your organization’s biggest security risk is your employees? Since the Internet is constantly evolving, and new risks appear every day, cyber security awareness training is fundamental to keep people up to date on what the threats are, how to spot them, and most importantly how to avoid them. We’ve previously written about the importance of security training it here.
2) Create a strong, complex password
Security awareness should be part of your business’ DNA and practiced both top-down and bottom-up.
Password123 is no longer considered a good password, but was it ever really? (NO!) Why are passwords so importance you ask? While the answer may seem obvious, to some it’s not so clear. Passwords ensure the security and confidentiality of data that is stored on various computers to each employee. Would you drive a car with okay breaks? Probably not, you should be treating your passwords with this same regard. Small business owners should frequently review all passwords being used in their systems and update them. If any are deemed un-secure, change them.
DarkReading said it best when they said, “despite the hype, most attacks exploit known vulnerabilities. Make sure you are investing adequate time in patching your systems. It’s not glamorous, but it is extremely effective.”
4) HAVE A RECOVERY PLAN!
In an ideal situation, your security defense should prevent you from ever having to fall back on your recovery plan. However, today’s world that does not cut it with consumers, and they want to be assured that if their information ever does fall into the wrong hands, that you have a plan to recover it. Having a recovery plan can cut down response time, and allow your systems to be up and running faster. This will save you money, time and most importantly help to repair any reputational damage caused by an attack. (Check out this tips and tricks for large organizations here!)
5) Identify Your Sensitive Data
The very first tip in securing your sensitive data is figuring out just what it is. Every organization has it, whether it’s financial records, employee’s personal information or customer credit card details. Knowing where this information is stored, computers, servers, data centers is the first step, the following will help ensure that it is protected.
6) Limit and Monitor Individuals Access to Data
This step can take time, and not every SMB has the resources or patience to do this, but the safety of your data could depend on it. Determine what employees and external business partners really need to have access to in terms of network and applications in order to do their jobs. Keep a record of these accesses, and consider a two-factor authentication. When employees leave, ensure their access is immediately revoked.
Make sure to document your security policies in a knowledge database so that network admins, security staff, and even application teams understand exactly what is going on – and why. This is particularly important when setting up rules to support new applications, because when an application is decommissioned or moved, you’ll want to reverse that rule. But you won’t be able to do so if you don’t know about it.
8) Network-based security hardware and software
Use firewalls, gateway antivirus, intrusion detection devices, honey pots, and monitoring to screen for DoS attacks, virus signatures, unauthorized intrusion, port scans, and other “over the network” attacks and attempts at security breaches.
9) Encrypt your data
Stored data, filesystems, and across-the-wire transfers all need to be encrypted. Encryption is essential to protecting sensitive data and to help prevent data loss due to theft or equipment loss.
10) Outline Clear Use Policies for New Employees and Vendors
According to ObserveIt, “to strengthen and clarify the education you give your users, you should clearly outline the requirements and expectations your company has in regards to IT security when you first hire them. Make sure employment contracts and SLAs have sections that clearly define these security requirements.”
11) Watch out for phishing attacks
Despite a glut of research into new ransomware variants, low-tech threats like phishing attacks and viruses pose a more prevalent threat to small businesses than ransomware, according to a recent survey of SMB owners.
5 Best Practices to Mitigate the Risks of Phishing Attacks
Basic technology can stop an attack even if the end user makes a mistake since many of the phishing attacks leverage known weaknesses. Here are five best practices to mitigate the risks of phishing attacks:
- Make sure all security patches are up to date on a regular basis for all systems, especially for common attack vectors like Microsoft Office, Adobe Flash, and Java.
- Ensure the end user is running with proper privileges and not logged in as an administrator answering emails. This just makes it easier for malware to own the system and bypass defenses.
- Ensure defense software like AV is up to date including engine and signatures.
- Disable automatic macro execution in Office and only run macros that are digitally signed (the sample file discussed above).
- Deploy and maintain SPAM filters, next generation firewalls, etc. to stop malicious emails before they end up in an end user’s inbox and establish command and control of the hijacked system.
(Read more about phishing here!)
12) Be cautious about unsolicited attachments
The crooks are relying on the dilemma that you shouldn’t open a document until you are sure it’s one you want, but you can’t tell if it’s one you want until you open it. If in doubt leave it out.
13) Create a Data Breach Response Plan
No matter how well you follow these best practices, you might get breached. In fact, nearly half of organizations suffered a security incident in the past year. If you do, having a response plan laid out ahead of time will allow you to close any vulnerabilities and limit the damage the breach can do.