Fortune favors the prepared mind, so here are seven tips to toughen up your security stance and help you survive.
These days, everybody and their cat is affected by cybercrime. With 64% of businesses having suffered web-based attacks in 2018 and more than 4.1 billion user records exposed in the first half of 2019 alone, cybercrime stats are showing how far we are from being safe from the predations of hackers and online extortionists.
We have become so desensitized to cyberattacks and data breaches that we might as well regard them as inevitable and assume all of our company’s sensitive data is pretty much public. Right? Not necessarily. As they say, fortune favors those who are prepared. Protecting your company from cyberattacks is not an impossibility. It is a matter of commitment.
So, here are some tips from the Cybernews team about what you can do to keep your company from joining the latest cybercrime statistics.
0. Hire a cybersec consultant
Before we get into the ins and outs of preparing for the inevitable, let us make one thing clear: reading an article on the internet does not a secure business make. Unlike a qualified professional dedicated to shoring up your company’s cyber defenses.
Depending on the size of your organization, you may not have to hire a full-time cybersecurity consultant. But even small businesses cannot afford to have Jesus take the cybersecurity wheel.
Getting a cybersecurity consultant will help you prepare for incoming attacks by first auditing your company’s risks and processes, and then implementing the actual defenses according to their findings.
1. Make your team think before they click
If there is a single takeaway from this cyberattack protection guide, it is the fact that any security practices you use yourself are only as effective as those of your least security-savvy team member. This means that you should start prepping for the next cyberattack by educating your team to recognize and handle any imminent digital threats.
Countless businesses have been compromised as a result of someone simply clicking an infected email attachment, accepting the wrong “cookie” from a strange website, or divulging a password to a social engineer impersonating their coworker.
These types of threats are something the team has to be aware of, without exception. A single clueless marketing intern replying to a phishing email is all it can take for an attacker to breach your cyber defenses. After all, that’s how 91% of cyberattacks start.
So, educate your team about potential cybersecurity threats (or hire a cybersecurity consultant to do it for you) and be sure to do it on a regular basis, with a sprinkling of a “digital fire drill” every month or two.
2. Check their access privilege
Contrary to popular belief, the vast majority of cyberattacks are not complex intrusions carried out via undiscovered backdoors. Most attacks happen by compromising a single team member with needlessly elevated network access privileges. And it gets worse as companies get bigger. In fact, 88% of companies with more than 1 million folders have 100,000 folders accessible by every employee.
When it comes to cybersecurity, concepts like “horizontal organizational hierarchy” should be thrown out the window and replaced with restrictive permissions that limit each team member’s access to company-wide data. This means ensuring that every employee should only be able to access information that is necessary for their job.
3. Keep your apps up to date
Make sure neither you nor your team members click that “Remind me tomorrow” button ever again.
As the infamous WannaCry ransomware attack reminded countless users and companies back in 2017, ignoring software updates can cost you your devices and every single bit of precious data on them.
Every day you postpone an update is another day cybercriminals have to identify and exploit its vulnerabilities. By updating regularly, you will minimize the risk of exposure to cyber threats from hacks, ransomware, and other attacks. The easiest way to never miss an update is to enable automatic updates wherever possible.
4. Use identity management tools
With that in mind, even a single strong password can be a challenge to memorize. Multiple strong passwords? Exponentially tougher. That is why it is no surprise that team members often resort to reusing their passwords on several accounts. Or worse—simplifying them for the sake of convenience. And that is pretty much equivalent to handing over your data to hackers on a silver platter.
Thankfully, password security does not have to be complicated. By using an identity management platform, you can make the collective headache of trying to memorize strong passwords go away in an instant.
Business identity management tools are particularly useful for shoring up the digital security of your staff. By creating, storing, and updating passwords in bulk, your team can improve data safety without compromising productivity. And with advanced features like automatic logins, multi-factor authentication and credential synchronization, you will make attackers think twice before they attempt a cyberattack.
5. Use scorched data tactics
Your next cyberattack is not an “if.” It is a “when.” And the best way to prepare for such an eventuality is to ensure that whoever sneaks into your servers leaves with an indecipherable block of text the size of a Stonehenge monolith.
By using encryption whenever possible, your team can make breaching your company pointless. This includes using secure messengers and email providers, encrypted file transfer services, and even full hard drive encryption tools like BitLocker.
6. Prepare for the worst
In the event of a worst-case scenario, having cyber insurance in place will help your business mitigate the damage. Depending on the coverage, cyber insurance could take care of damage such as legal fees, public relations, network infrastructure repair, liability, and more.
Just like ye olde insurance against brick and mortar theft or burglary, cyber insurance is not really an “optional” investment. Because in this day and age, a cyberattack can actually be something too traumatic for your business to survive in real life.