18 Cybersecurity Best Practices

Strong passwords are crucial, but yours may not be as robust as you believe. Adding a couple numbers to the name of your first pet won’t take long for the hackers to crack. Try using passphrases that would be easy to remember but difficult to guess. Better yet, we recommend a password manager for generating strong, unique passwords and securely storing them in an encrypted vault.

To add an extra layer to the security of your credentials, we strongly recommend you enable multi-factor authentication (MFA) wherever possible.  

It’s critical to back up your data in case there is a situation where you lose your data such as in a ransomware attack. In a ransomware attack your data is stolen and encrypted and in some cases, you may never get it back. Storing copies of your data elsewhere, using hardware, software, or the cloud, minimizes the impact of data loss on your business.

This may seem obvious, but many people aren’t sure what is or is not a secure place to store data. For example, you should not store confidential information on a device without firewall or antivirus and anti-malware software, nor should you store it under an account with weak login credentials. If you use tools like SharePoint or OneDrive then storing them here and sharing links to them is a much more secure method to store and share files. 

Firewalls prevent the incoming of malicious or unnecessary traffic to your devices. Enabling firewalls on devices at home and work prevents outside access, significantly reducing the risk of unauthorized intrusion. It’s likely your networks at home don’t have near the amount of security in place as the networks at work therefore, you will need the extra protection while out of the office. 

 Any kind of confidential data being accessed by users with privileged access should be monitored. By monitoring the data, you will be able to see where it has gone, who had access to it, and what kind of alterations (if any) had been done to the data. You should also be using the principle of least privilege in which users only have access to as little data as needed in order to sufficiently do their work. Access from third-party users to any kind of data in any case should also be closely monitored for the same security reasons.  

Having employees work from home means that the attack surface will grow. Hackers are going after remote devices as they often contain gaps in security so it’s critical that you make sure these endpoints are secured. 

The internet of things encompasses devices that connect to the internet from anything like speakers to smart watches to security cameras. These devices typically lack in security so they require extra effort to ensure hackers can’t use them as a door to get around your firewalls and into your network.  

Be wary of emails sent outside of your organization, especially ones that come from suspicious looking emails. If you are opening an email that seems out of the ordinary, avoid clicking on anything within the email as it could take you to a malicious site or download a malware-ridden file onto your device. Email is the number 1 attack vector for common threats like ransomware because it is relatively easy to trick people. Always be on high alert.

Check out this post for tips on how to tell if an email or text is a phishing scam: https://lighthouseintegrations.com/phishing-scams/

When surfing the web, be sure to only visit websites that have “HTTPS” at the beginning of the URL. HTTPS is HTTP with encryption meaning that it is much more difficult to be intercepted by third-parties therefore, it is safer to use than websites with just HTTP. Most modern web browsers will alert you when you are trying to access an HTTP site but don’t count on this alone. 

Public networks have weak security and are notoriously unsafe to connect to. Hackers target these networks because there are many different devices of varying security levels to crack into. If one device is infected, it’s likely the hackers will be able to gain access to a whole bunch of other devices connected to the same network including yours. If you do need to access a public network, make sure your firewall is turned on, your security software is up to date and use a VPN whenever possible. 

Similar to implementing cyber awareness training sessions, we also advise maintaining a security-first work culture and with this, people-centric security. People-centric security trusts employees to handle business safely and securely, emphasizing their responsibility in maintaining security. Fostering a security-first culture involves posters, discussions, and regular security reminder to promote awareness and cybersecurity best practices. Prioritizing security at work promotes safe online behaviour, emphasizing the user’s responsibility for the organization’s security 

There really is no such thing as being secure enough in today’s digital world so it’s time to lose that mentality. Any business no matter the size, big or small, is susceptible to being hacked. Just consider that even the largest companies like Volkswagen and Facebook, spending millions on cybersecurity, have experienced hacks. Small businesses may have a lower payout for the hackers but it takes less effort and is easy money. 

When done correctly, your security infrastructure should not be complicated. Just because you have hundreds of security tools in place doesn’t necessarily mean you’re that much more secure. Multiple tools often duplicate functions, causing unnecessary time and money expenditures in maintenance and operation. These tools also don’t always communicate with each other and can cause data jams or other inefficiencies.