10 Simple Things You Can Do to Improve Your Company’s Cybersecurity Posture
Technology is playing an increasingly important role in the world of business. As the days march on, business leaders are still not placing enough emphasis on cybersecurity and related issues. This perspective not only has negative effects on a company's overall security posture, but it also opens even the strongest organizations up to the types of digital threats from which they might not recover.
According to a 2016 study conducted by the experts at IBM, the average cost of a data breach is currently $4 million, or $158 per compromised record. There are ten relatively simple yet incredibly important tips that you can use to improve your company's cybersecurity posture, to help make sure that you don't find yourself in a similar costly situation.
10 Simple Things You Can Do to Improve Your Company's Cybersecurity Posture
- Advocate a Security Culture
- Keep Applications and Operating Systems Up to Date
- Maintain Current Backups
- Restrict Admin Access
- Use a Next Generation Firewall
- Use Anti-Virus and Anti-Malware Software
- Keep Current On Emerging Cybersecurity Threats
- Password Protect Your Mobile Devices
- Password Protect Your Wi-Fi Network
- Have a Strong Password Policy
1. Advocate a Security Culture
People in your business aren't going to care about cybersecurity because you tell them to - they have to want to do it on their own. Security has to be a state of mind that is always present. The best way to accomplish exactly that is to integrate it into your company culture from the outset. Remember that all employees, whether they’re managers or peers or contributors - will look upward to see how they should behave. Adopting a cybersecurity culture from the bottom up helps organizations weave the thread into their own central fabric.
2. Keep Applications and Operating Systems Up to Date
No application or piece of hardware is perfect. Hackers always to exploit gaps wherever they can find them. Developers and software publishers regularly release software updates that may increase security against cyber threats. Out of date systems have out of date information on the latest threats, and since cybersecurity moves so fast, it can get hairy quickly.
The Equifax breach in late 2017 is a prime example of software not being kept up to date. Learn more about what we learned from that here.
3. Maintain Current Backups
One of your most powerful weapons against the vast majority of cybersecurity threats facing businesses today, is the current backup that you are keeping. Regularly backing up all data isn't just a great practice - it should be a mandatory one.
If you run into any issues, you can restore them to exactly where they were at the time of that backup, saving you and your company time and money trying to restore everything that was lost.
4. Restrict Admin Access
More often than we'd like to think users are given full access to their workstations to install software or change settings. While this can be convenient, it also gives takes a major layer of protection away from users who might accidentally click on an attachment or bad website.
You can limit the likelihood of this type of attack by limiting the amount of people who have administrative access to their own laptops and desktops and also limit what access they have within the applications your business uses.
5. Use a Next Generation Firewall
A firewall is usually your first line of defense from the Internet. Modern firewalls can protect your organizations from threats like Ransomware, crafted packet attacks, and exploits from unpatched or obsolete servers.
Older firewalls had static rules that allowed or denied traffic flows, while modern firewalls deeply inspect traffic for unusual behavior, malware, and can even protect your users through content filtering.
6. Use Anti-Virus and Anti-Malware Software
Investing in an anti-virus or anti-malware solution like those from McAfee, Symantec and similar companies not only helps to protect you against the latest viruses, but they also often include analytical and monitoring tools that can identify suspicious network activity before you have a massive problem on your hands. It is important to make sure you keep these solutions up-to-date and tested regularly for the best results.
7. Keep Current On Emerging Cybersecurity Threats
If you want to win a war, you have to know as much about your enemy as possible. Remaining secure in the digital age requires learning as much as you can about the new types of cybersecurity threats as they emerge.
Ransomware is a big one now, which can encrypt your hard drives and hold your data for ransom. Read articles to understand what’s happened to others and use this learning to be better prepared.
8. Password Protect Your Mobile Devices
Mobile devices like phones and tablets present a security risk due to the ubiquity and portability in our modern lives. If you allow your employees to access their Email, applications, or data with OneDrive or DropBox from their mobile devices it's imperative they have a passcode.
The passcode protects information if the devices fall into the wrong hands. You can even configure policies to erase a phone after a certain number of bad attempts. It's just good security hygiene to get in the practice of protecting all data, even if it means a little added work to unlock a phone or tablet.
9. Password Protect Your Wi-Fi Network
Letting just anyone onto your network essentially opens the door for them to look at all of your files and applications, which is a big security risk. It helps make sure that your business isn't on-the-hook for any illicit or otherwise illegal activity performed by people who shouldn't have access in the first place.
Also, when password protecting your Wi-Fi network, always make sure to use a complex password that can't be easily guessed. You should also use segregated networks for people such as clients and private networks for your own employees, to protect your data.
10. Have a Strong Password Policy
Using complex passwords doesn't just apply to your IT department - everyone using digital resources to do their jobs should be required to create complex passwords at all times.
Even though your users may raise objections, you need to take steps to educate your employees on how and why to do this.
Teach them how to create complex and strong passwords, put policies in place to reduce the likelihood that these passwords are never shared. Establishing a regular cadence for password changes, such as every 90 days is a common standard.
These are ten simple tips that you can use to start placing a much-needed emphasis on cybersecurity in your organization. In terms of remaining protected in the digital age, oftentimes small, incremental changes to your existing infrastructure can make all the difference.
Remember: the biggest mistake you can make is to assume that you're playing a game you can actually win. Never stop working to improve your efforts and never assume that you've done enough to remain protected.