Stick to cyber safety practices. Next in our Back to the Basics theme for this month, security doesn’t have to be complicated. A simple cybersecurity strategy will help you get started.
You have probably heard many recommendations for safely navigating the cybersecurity world. It is likely that you cannot follow all of that advice at one time. However, now that you have a plan (because you followed the advice in our last post), take some practical steps. Stick to cyber safety practices with your cybersecurity strategy.
Does security really matter?
No one person or organization is immune from cyber attacks. Malicious actors will attempt to breach your network. Malware and ransomware links will be clicked. Statistically, it’s not a question of if but when you will face a cyber attack. Our job as security professionals is to make sure it’s as difficult as possible for an attack to disrupt business operations. Attacks might be inevitable, but loss of data, time, and resources can be minimized.
Multi-factor authentication (MFA or 2FA) is one of the best ways to prevent password compromises. Enabling MFA on networks and online accounts will mean that more than one authentication step is required to log in. Users need more than a password to stay safe.
Adding MFA will usually mean a text message sent to the user's phone, a code is generated on a security app, a push notification is sent to the phone, or the user carries a physical security key.
Multiple layers of authentication mean that, even if an attacker has gained access to your password, MFA will create an additional step and prevent access to your sensitive information. This is vital to your cybersecurity strategy.
No, but really. Require MFA.
It's important enough that it warrants another heading. MFA should not be an option for employee users on the company network. Create security policies and technical controls (not just a written request) that require and enforce MFA.
Do not make exceptions for anyone in the organization. This is another reason that CEOs and leaders need to agree with the company cybersecurity strategy, as we discussed in the Security Culture blog.
Require MFA on administrator accounts especially -- these accounts have access to the most sensitive data. Microsoft reports that only 30% of Azure Active Directory global administrators use MFA (from CISA). This is ironic because administrators should understand the need and be the FIRST to implement the best security that is possible.
MFA is important for business networks as well as individual accounts online. This is one way that every person can contribute to a safer cyber world.
Patches and Updates
Use the tools you already have. Keeping your systems and software patched is one of the most cost-effective ways to improve your security posture.
When a new security patch or update is available, it’s important to make use of it! This can also mean enabling automatic updates that work behind the scenes or after business hours.
CISA’s Known Exploited Vulnerabilities Catalog is a great resource as well. It provides frequent updates about vulnerabilities that others have discovered.
Make backups of your data. This is an invaluable security practice. If a malicious actor takes your data or holds it for ransom, your company is in a MUCH better position if you have a copy of the data.
In the Poneman Institute's 2021 Cyber Resilience study, 58% of organizations that did NOT pay a ransom cited this reason: "We had a full backup of our data." This should be standard operating procedure in your cybersecurity strategy.
Keep working on this! A good cybersecurity strategy takes time and effort. We know you can do it, and you will never be sorry that you invested time in this.
Stay tuned for more of the Back to Basics series. Using CISA’s Action Plan for Small Business, we’re offering the latest in cybersecurity best practices.
We at StandardUser Cybersecurity are on a mission to share cybersecurity and cyber safety education with everyone, to make our world a better place. Are you with us? How can we help? Let us know today.
Whatever your cybersecurity challenge, we can help you keep your business running. We are a defensive and offensive cybersecurity company, using over 30 years of experience with active commercial and government work and proven security methodologies. We also educate teams and professionals who want to build on their skills. Occasionally we communicate with cybersecurity memes.
We set the standard for cybersecurity excellence.