This Christmas, we don’t come bearing French hens, turtle doves or a partridge in a pear tree. Instead, our gift is valuable security advice that could save your organization millions. Here are 12 tips that will make your business more secure this Christmas and in the new year.
Tip 1. Two locks are better than one.
Multi-factor authentication is a login verification method that requires you to prove beyond your password that you should be granted access to a system. It’s a highly effective cybersecurity tool and, according to Google, it even prevents 100% of automated bot attacks. And Microsoft found that accounts with multi-factor are 99.9% less likely to be compromised.
Every business, no matter the size, should require team members to use multi-factor authentication.
Tip 2. If you weren’t expecting it, don’t open it.
According to the FBI’s Internet Crime Report, there were 11x more phishing emails complaints in 2020 than in 2016. Fraudulent email is one of the most common ways hackers attempt to gain employee login credentials.
The key to avoiding falling prey to a phishing email is trusting your instincts. Does an email not feel right? Did you request the information that is supposed to be in this attachment? Is this email expected? If something doesn’t seem right, do not open the attachment, or click any links. Reach out to the sender directly to verify its legitimacy.
Tip 3. Beware of all low-tech hacking.
Social engineering, often referred to as low-tech hacking, is when a hacker uses psychological manipulation in an attack. For example, they may call customer support and pretend to be an employee who needs a password reset. Or they could pose as an authority figure and use intimidation in the form of negative consequences if you don’t comply.
Tip 4. Security is everyone’s responsibility.
Whether you work in marketing, accounting or network infrastructure, everyone plays an important role in preventing a security incident. It’s important to keep security at the forefront of everything you do. Many security threats can be avoided by following your company’s best practices and official company security protocols, policies and procedures. Be sure to keep these policies current and review them regularly with all employees.
Tip 5. Find and protect your sensitive data.
Unintentional data loss occurs when confidential data accidentally leaves the network. Unfortunately, this happens more often than you might think because of user carelessness, misplaced data or a misconfiguration of devices or cloud services. Examples of unintentional data loss include stolen laptops, lost USB drives and improper asset disposal. To find and protect data, businesses can perform a data audit or use a data classification tool.
Tip 6. Don’t overlook insider threats.
Sometimes people within an organization will use their network access or company knowledge to harm the business. Be attentive to unusual changes in an employee’s demeanor, work activities and hours, as well as activities performed where access must be authorized. Simply being aware can often be the key to stopping a threat before harm is done.
Tip 7. If it seems suspicious, report it.
Hackers count on issues not being reported. To fully protect your organization, the IT team must learn about security incidents in a complete, accurate and timely manner. All businesses should have reporting policies and procedures. Make sure everyone in the company understands the appropriate avenues of reporting incidents. And remember, no matter how minor, always share with your IT team suspicious activities.
Tip 8. Limit damage by creating a response plan.
In 2020, the FBI received 791,790 complaints for all types of internet crime, which was a record number from the American public. This resulted in reported losses exceeding $4.1 billion. Business leaders need to know that this looming and growing threat means it’s not a matter of if but when a company will be breached. Responding to an incident as soon as possible can have a deep impact on a business’ losses, if it survives at all. A smart, strategically developed incident response plan can dramatically minimize the effects of a breach.
Tip 9. Regulation is coming – be in the know.
The federal government is becoming more focused on curbing security threats and incidents. As a result, we have seen an increase in cybersecurity legislation introduced in Congress. We cannot say with certainty what the regulations will look like, but we do believe it’s coming. One recently proposed bill prevents ransomware attack victims from paying more than $100K in ransom. It would essentially outlaw ransom payments without authorization since hackers rarely demand payments below $100K.
Tip 10. Is your cloud vendor secure? Better check.As organizations continue to rely on cloud infrastructure, security incidents involving cloud providers will inevitably grow. With this expectation in mind, organizations need to view a cloud provider as a business enabler and a potential business liability. One way to ensure a cloud provider is taking appropriate safety measures is by reviewing their System and Organizations Control (SOC) reports and independent service audits. Providers should be able to prove that they are following industry-leading best practices and compliance-driven operational standards.
Tip 11. Know your IOT vulnerabilities.Often times, IoT devices are created without much consideration for security. This means organizations need to weigh the risks when considering if IoT devices should to be added to the network. Many devices do not have a way to centrally manage and apply updates, thus making security updates complex. Unfortunately, it will still be years before a secure IoT landscape is realized.
Tip 12. Don’t underestimate cybercriminal organizations.Cybercriminals are the organized crime gangs of the 21st century. Similar to how legal businesses outsource cyber operations, nefarious organizations are also outsourcing much of their cyber operations, using malware vendors, freelancers hackers, ransomware affiliate programs, vendors that specialize in exploits and more. This all translates to increased overall cyber risk as the quantity, quality and adaptability of malicious operations grows.
Network Security Professionals Paul Cammarata and Justin Harper are members of the C Spire Authority team and have 28 years of combined IT experience.