With new cybersecurity breaches making headlines each year, the importance of protecting your business against cyber threats cannot be overstated. After each new incident, business leaders try to look up the “cyber security tip of the day” from organizations like the U.S. Small Business Administration (SBA) or from cybersecurity companies like Compuquip.
To help you better protect your business against the never-ending stream of cyber threats it faces, here’s a short list of some of the top cybersecurity tips for businesses:
Cybersecurity Tip #1: Treat Cybersecurity Like an Ongoing Project
One of the biggest mistakes that businesses of all sizes tend to make is treating cybersecurity like it’s some kind of one-off project. They’ll learn some basic cybersecurity tips and adopt a few new security tools or policies—then stop there.
The thing is, just getting your network security measures to “good enough” isn’t the end of your cybersecurity efforts. At least, it shouldn’t be. Cyber threats are continuously evolving, so your network security measures should evolve right alongside them.
To keep your cybersecurity architecture strong and relevant in the face of ever-evolving threats, it’s necessary to periodically revisit your security policies, procedures, and tools to verify that they’re still effective—and make tweaks if they aren’t.
One “top cyber security tip” is to run penetration tests against your own network security. These tests can help reveal previously-undetected vulnerabilities so you can fix them—preferably before an attacker can leverage them.
Cybersecurity Tip #2: Rework Your User Account Security Now
The time where simply having strong passwords would be enough user account security has long since passed. While strong passwords that incorporate upper and lowercase letters, numbers, and special characters are still important, they aren’t enough to contend with modern cyberattacks.
Modern user account security needs more protection than a single knowledge-based account authentication method. Some precautions that businesses need to take regarding user account security include:
- Using Two-Factor or Better Authentication. It’s 2019—there’s no excuse for using a single-factor authentication scheme. Using multiple authentication factors, such as something the user knows, something the user has, and/or something the user is (knowledge, token, and biometric-based authentication) should be standard at this point. Using two or more authentication factors makes it harder for malicious actors to hijack user accounts to steal data, which is good for your business.
- Limiting User Account Access Privileges to the Minimum Necessary. A policy of least privilege (POLP) limits each user’s account access privileges to the absolute minimum necessary for that person to fulfill their job function. For example, engineers don’t get access to financial databases, and accountants don’t get access to sensitive design documents. This way, if a user’s account is compromised, the damage caused will be minimized.
- Reminding Employees to NEVER Share Passwords. Employees should be reminded to never share their user account passwords with anyone else—not even with people claiming to be their company’s tech support or bosses. Many phishing attacks rely on employees being gullible enough to divulge sensitive information to a “trusted” source or authority figure. If employees know that no one in the company, including tech support or their managers, would ever ask for their account access information, they’re less likely to fall for these kinds of attacks.
Cybersecurity Tip #3: Create Contingency Plans for If Things Go Wrong
One of the more frequently-overlooked tips for cybersecurity is creating contingency plans for what to do if something goes wrong. Many organizations put in lots of protective measures to prevent security breaches, only to be blindsided by something they didn’t account for.
The thing is, no business is immune to attack. There will always be an attacker who is skilled, persistent, or just plain lucky enough to find or create a weakness in your cybersecurity architecture. Or, there may be a natural disaster that impacts the computers/servers hosting your company’s data and apps. What do you do when such a disaster strikes? How do you recover and return things to normal working order?
This is what a disaster recovery (DR) or incident response plan (IRP) is for. DR plans involve setting up resources to help your organization return to its normal operation following a loss of service caused by disruption to your computing assets. Remote data backups are often a key part of disaster recovery solutions since they can be used to restore lost data.
Incident response plans are more about identifying, containing, eliminating, and investigating cybersecurity breaches. One “cyber tip” for creating an IRP is to consider what resources your organization has, what needs the most protection, and what constitutes an “acceptable risk” for a breach. This helps you focus your IRP to protect your most critical assets with the resources you have available. If you find that your resources aren’t enough to meet your acceptable risk profile, it may be time to consider acquiring some additional cybersecurity resources.
Following a few basic cybersecurity tips may not revolutionize your defenses and make them impenetrable, but it will help you minimize your risks.
Worried about whether your cybersecurity measures are enough to protect your business? Reach out to the Compuquip Cybersecurity team today to discover your options for protecting your business!
9 IT Practices Putting Businesses at High Risk
Discover potential fixes for each of these practices to maintain a strong cybersecurity posture.