15 Best Practices that Help Prevent Cyber Attacks
Do you know what your greatest vulnerability is? It’s your people. Employees unknowingly click on malicious links and download a host of viruses and malware every day. In fact, there is a hacker attack every 39 seconds and 63% of all network intrusions are due to compromised user credentials.
Here are a few other disturbing facts:
- 43% of cyber attacks target small businesses.
- 60% of small businesses go out of business within six months of an attack.
- 78% of people claim to know the risks of clicking on unknown links; yet they admit they still do!
- 1 in ever 131 emails contains malware.
Since your employees are your first line of defense, it is vital to create a culture where security is top of mind.
15 Best Practices to Implement Immediately
- Update the security software on your network and every connected device. Keep it current by turning on automatic software updates. That goes for your operating system and web browsers too.
- Get proactive with your anti-virus software by confirming that it’s running on all devices, scheduling automatic daily scans, ensuring it’s updating regularly, and educating staff on how to run manual scans on new downloads.
- Make sure your network is protected with a firewall. This is one important way to keep the bad guys out. If you don’t have a firewall appliance, make sure you have a software-based one enabled on your computer.
- Enforce strong password policies, encouraging passphrases, forcing employees to change passwords periodically, and not allowing them to reuse past passwords.
- Use multi-factor authentication (MFA) for an extra layer of network security. Even if your password is stolen, MFA should prevent hackers from gaining access.
- Restrict where sensitive data can be stored. Don’t allow personally identifiable information (PII) to be copied to an external drive or saved in a location outside of your secure network.
- Assess how your telecommuters work. Are they using a home computer for work, and possibly transferring files via an unencrypted USB drive? Is their home wi-fi network secure? Consider setting up telecommuters with a secure work device and setting firm rules around the computer’s use.
- Back up data on a regular basis (every day, every hour, or real-time, depending upon the nature of your business). Backups should be stored on-site and off-site and periodically tested to ensure they work.
- Safely manage email; it’s the biggest source of security breaches! Tips include never opening attachments or clicking on links from an untrusted source; never sending confidential information over public email (use a secure encrypted service); only using an official business email address that is protected by a spam filter (not personal accounts); and being wary of email phishing and extortion scams.
- Wipe hard drives before disposing of old devices, including computers, tablets, printers, copiers, external hard drives, flash drives, and fax machines.
- Don’t neglect mobile devices. Download apps from trusted sources and allow them to update regularly. Implement strong authentication, such as fingerprint recognition or a strong passphrase. Configure app permissions immediately after downloading.
- Protect your social networks by limiting who has administrative access to your account, setting up strong authentication, and carefully configuring privacy settings.
- Create policies for using USB drives. Disable auto-run and scan the drive before opening files. Don’t allow personal USB drives to be plugged into a work computer. Don’t allow sensitive information to be stored on an unencrypted USB drive.
- Establish a guest wi-fi channel that restricts access to sensitive areas.
- Educate employees on what they can and cannot do on their work computers, and how they can help strengthen spam filters by reporting suspicious emails and events. Also be aware of what your third-party vendors are accessing.
5 Steps to Take When Developing a Formal Cyber Security Plan
- Identify your sensitive data. Determine what you need to protect, such as employee social security numbers and payroll information; customer data; credit card information; and company secrets (proprietary formulations, patents, etc.). Ensure you know every location where copies are stored.
- Protect it. Assess what needs to be done to properly protect everything you’ve identified.
- Create a detection and alert system. Set up systems that will alert you if an incident occurs, including the ability for employees to report problems as they occur.
- Develop a response plan. Ensure everyone knows their role in helping to contain an attack and assess the damage.
- Develop a recovery plan. Once business operations are restored, you’ll need to determine if anything was lost and if you have any legal obligations to alert customers, vendors, and board members.
If you need help with any of the above steps, contact an ACT specialist today to learn how our Comprehensive Security Assessments can protect your organization.