18 Cybersecurity Best Practices
Cybersecurity isn’t just about using antivirus software or downloading the latest and greatest firewall. Cybersecurity is the workings of several different efforts combined to ensure the security of your business and its assets.
Below are some of the most important cybersecurity best practices that you should be implementing in your everyday business:
1. Use strong, unique passwords and mandate use of MFA
Using a strong password may seem like a given safe practice but, your passwords might not be as strong as you think. Adding a couple numbers to the name of your first pet won’t take long for the hackers to crack. Try using passphrases that would be easy to remember but difficult to guess. Better yet, we recommend the use of a password manager that can randomly generate a strong and unique password for you and securely store it in an encoded vault.
To add an extra layer to the security of your credentials, we strongly recommend you enable multi-factor authentication (MFA) wherever possible.
2. Backup Data
It’s critical to back up your data in case there is a situation where you lose your data such as in a ransomware attack. In a ransomware attack your data is stolen and encrypted and in some cases, you may never get it back. If you have copies of your data stored elsewhere, whether that be through a hardware, software or cloud solution, then the damage to your business for lost data will be minimized.
3. Don’t store important information in unsecure places
This may seem obvious, but many people aren’t sure what is or is not a secure place to store data. For example, confidential information should not be stored on a device without a firewall or antivirus and anti-malware software nor should it be stored under an account with weak login credentials. If you use tools like SharePoint or OneDrive then storing them here and sharing links to them is a much more secure method to store and share files.
4. Keep hardware and Software up-to-date
Keeping hardware up to date not only keeps business processes running smoothly and quickly but it also ensures that the hardware is compatible with the latest security upgrades. Old, outdated computers may not be able to support new updates or higher end security software.
Your software also needs to be kept up to date. Software developers are constantly on the lookout for bugs and vulnerabilities in their software and when these exploits are found, updates are sent out to their users. Not updating your software right away leaves you vulnerable to hackers looking to crack down on these gaps in security
5. Enable firewall protection at work and at home
Firewalls prevent the incoming of malicious or unnecessary traffic to your devices. By preventing access to your device from outside sources, it significantly lowers the risk of your device being tapped into. Firewalls should be enabled on devices both at home and at work. It’s likely your networks at home don’t have near the amount of security in place as the networks at work therefore, you will need the extra protection while out of the office.
6. Use antivirus and anti-malware software
Having antivirus or anti-malware software on your computer is like having a security guard standing at the door of your business. They stop suspicious traffic from entering your computer. These softwares are also able to detect and remove any viruses or malicious code found on your devices.
7. Monitor privileged users and third party access
Any kind of confidential data being accessed by users with privileged access should be monitored. By monitoring the data, you will be able to see where it has gone, who had access to it, and what kind of alterations (if any) had been done to the data. You should also be using the principle of least privilege in which users only have access to as little data as needed in order to sufficiently do their work. Access from third-party users to any kind of data in any case should also be closely monitored for the same security reasons.
8. Protect access from remote devices
Having employees work from home means that the attack surface will grow. Hackers are going after remote devices as they often contain gaps in security so it’s critical that you make sure these endpoints are secured.
9. Ensure IOT security
The internet of things encompasses devices that connect to the internet from anything like speakers to smart watches to security cameras. These devices typically lack in security so they require extra effort to ensure hackers can’t use them as a door to get around your firewalls and into your network.
10. Avoid opening emails or clicking on links that look suspicious
Be wary of emails sent outside of your organization, especially ones that come from suspicious looking emails. If you are opening an email that seems out of the ordinary, avoid clicking on anything within the email as it could take you to a malicious site or download a malware-ridden file onto your device. Email is the number 1 attack vector for common threats like ransomware because it is relatively easy to trick people. Always be on high alert.
Check out this post for tips on how to tell if an email or text is a phishing scam: https://lighthouseintegrations.com/phishing-scams/
12. Check for HTTPS on websites
When surfing the web, be sure to only visit websites that have “HTTPS” at the beginning of the URL. HTTPS is HTTP with encryption meaning that it is much more difficult to be intercepted by third-parties therefore, it is safer to use than websites with just HTTP. Most modern web browsers will alert you when you are trying to access an HTTP site but don’t count on this alone.
13. Avoid connecting to public Wi-Fi
Public networks have weak security and are notoriously unsafe to connect to. Hackers target these networks because there are many different devices of varying security levels to crack into. If one device is infected, it’s likely the hackers will be able to gain access to a whole bunch of other devices connected to the same network including yours. If you do need to access a public network, make sure your firewall is turned on, your security software is up to date and use a VPN whenever possible.
14. Training and education
Cyber awareness training is one of the best things you can do to educate your employees on current cyber threats and how to protect themselves from cybercriminals. Cyber awareness training is something that should be done multiple times throughout the year as hacker tactics are frequently changing and it keeps cybersecurity at the forefront of employees’ thoughts and actions.
15. Promote a security-first work culture
Similar to implementing cyber awareness training sessions, we also advise maintaining a security-first work culture and with this, people-centric security. People-centric security means that the people of a business are trusted to handle business safely and securely and that they understand they are responsible for upholding such security. A security-first work culture may look like hanging posters around the office, encouraging security related discussion, or even sending out monthly security reminders. Keeping security a top priority in the workplace encourages users to practice safe surfing and reminds them that every action they make (or don’t make) should be in the best interest for the security of the organization.
16. Never think you’re ‘secure enough’
There really is no such thing as being secure enough in today’s digital world so it’s time to lose that mentality. Any business no matter the size, big or small, is susceptible to being hacked. Just think, even the biggest companies like Volkswagen and Facebook, who spend millions on their cybersecurity, have been hacked. Small businesses may have a lower payout for the hackers but it takes less effort and is easy money.
17. Invest in security upgrades
Many businesses, especially small businesses, are reluctant to invest in top of the line security – mainly because of the hefty price tag that often comes with it. Although security is quite an investment, it is certainly an investment worth making. It may seem unnecessary to you, but keeping your business out of the hands of the hackers means everything. Not only will you lose money when you are hacked, but you may lose customers, fall to downtime, or even face legal repercussions.
18. Simplify your security infrastructure
When done correctly, your security infrastructure should not be complicated. Just because you have hundreds of security tools in place doesn’t necessarily mean you’re that much more secure. Many tools out there do a lot of the same things so you might be spending extra time and money keeping them up and running when you don’t need to. These tools also don’t always communicate with each other and can cause data jams or other inefficiencies.