Set Your Cybersecurity Resolutions for the New Year!

January 3, 2019 Eric Dosal Eric Dosal

With a new year comes new cybersecurity threats and challenges to overcome. Cybercriminals are constantly looking to exploit the slightest weakness in a business’ cybersecurity architecture—so it’s important for businesses to continuously refine the cybersecurity measures and strategies they use to defend against security breaches.

The new year marks an excellent opportunity to make some new cybersecurity resolutions to protect your business from the countless cyber threats that it faces. What kind of cybersecurity resolutions should you make to improve your business cybersecurity and prevent costly data breaches?

Here’s a list that might make for a good starting point:

Cybersecurity Resolution #1: I Will Keep My Software Up-to-Date with the Latest Security Patches

One of the most basic strategies for stopping security breaches has little to do with cybersecurity tools. Instead, it has to do with the business software that you use in your day-to-day operations.

Business software can be incredibly complex. Because of this, different programs may have unexpected bugs or interactions that create security vulnerabilities which attackers can exploit. To counter these bugs, software developers frequently release new security patches.

However, if a business doesn’t upgrade all instances of its software with the latest security patch, it could be left open to an attack. Sometimes, this happens because a new computer or other asset is introduced to the network without being properly checked. Other times, this may happen because one network asset is relatively isolated and underused, so it gets neglected.

Whatever the case, it’s important to routinely check all IT assets on the network to ensure they’re up to date with their security patches. Alternatively, some companies may use a platform-as-a-service or software-as-a-service (SaaS) cloud solution which applies updates to the platform or software automatically.

Cybersecurity Resolution #2: I Will Not Give Every Employee Unrestricted Access to Everything

Controlling who has access to specific assets and data on the network is a crucial aspect of business cybersecurity. All too often, a business may not have any rules regarding who can access what, giving a majority of their employees the keys to the proverbial kingdom. This, in turn, makes the business extremely susceptible to phishing attacks.

Phishing could be considered an “evergreen” type of cyber threat at this point—there always seems to be a large number of these attacks happening at all times of the year. This could be because, as noted in the Verizon Data Breach Investigations Report (DBIR), “4% of people will click on any given phishing campaign.” So, statistically speaking, if you have just 25 people in your organization, at least one of them will fall for any given phishing campaign.

The reason giving everyone unfettered network access makes your business more susceptible to phishing attacks is that if an employee with unlimited access has their user credentials stolen in a phishing attack, then the attacker will have unlimited access.

Here, applying a policy of least privilege (POLP) and using multifactor authentication (MFA) can be crucial for managing access control and limiting your business’ risk of a data breach after a phishing attempt.

Cybersecurity Resolution #3: I Will Be Proactive about My Business’ Cybersecurity

Odds are that, if you’re reading this, you’ve already made a commitment to finding some way to improve your company’s cybersecurity architecture. However, there are still many business leaders who seem to be trapped in a reactionary mindset when it comes to cybersecurity—meaning that they wait until a security or data breach happens and then try to find fixes after the fact.

However, the modern threat environment that businesses face simply won’t allow a reactionary stance to succeed for long. To protect against ever-evolving cyber threats, businesses need to take a proactive approach to cybersecurity.

What does being proactive about cybersecurity entail? A few key elements of a proactive cybersecurity mindset:

  • Active Use of Threat Intelligence. Rather than responding to attacks after they hit, a proactive cybersecurity strategy calls for the security team to employ a threat intelligence framework. Using this framework, the network security team can remain apprised of the latest cyber threats so they can preemptively modify the business’ cybersecurity architecture to counter them.

  • Frequent Use of Penetration Tests. There may be undetected vulnerabilities in a network that are completely unknown to anyone—just waiting to be discovered and exploited by an attacker. Penetration tests help organizations discover these security flaws before attackers do—allowing the cybersecurity team to implement countermeasures—such as disabling a vulnerable software, notifying the vendor to create a software/firmware patch, or even adding new cybersecurity measures—to thwart the specific vulnerability.

  • Creation of an Incident Response Plan. Even with the best cybersecurity architecture and protocols in place, a security breach can still happen. Having a plan in place to deal with that breach can have an enormous effect on the breach’s impact. Consider this: an organization that doesn’t have a plan in place is far less likely to be able to identify, contain, and eliminate a threat on the network than a business that has such a plan in place. This impacts the speed of response—which may make the difference between an attacker breaking out of the first network asset they compromise and being stopped before they reach sensitive systems and cause a data breach.

Need help meeting your cybersecurity resolutions for the new year? Contact the cybersecurity experts at Compuquip for help and advice!

it-practices-putting-bussinesses-at-high-risk