15 Best Security Practices to Help Prevent Cyberattacks
Preventing a Cyberattack Begins with Your Team
Do you know what your company’s greatest vulnerability is when it comes to a cyberattack?
It’s your people! Employees unknowingly click on malicious links and download a host of viruses and malware every day.
Here are some disturbing facts about cyberattacks that employees inadvertently assist with:
- 91% of cyberattacks launch through phishing emails, which infect organizations with ransomware.
- 81% of hacking-related breaches are due to compromised passwords.
- 78% of employees claim to know the risks of clicking on unknown links, yet admit they still do!
- One of the top malicious email attachment types is a .doc, the extension used by Microsoft Word. Most employees admit they would always open this document, believing it to be legitimate communication.
Since your employees are your first line of defense, it’s vital to create a culture where security is top of mind. But people are fallible, which is why we are outlining some best practices you should implement immediately to secure your network and data.
15 Best Security Practices to Prevent a Cyberattack
- Install Operating System Security Updates and Service Packs. Software companies regularly release updates, patches, and security fixes to defend against known vulnerabilities. It is critical to update your servers, workstations, software applications, and browsers every time a patch is released.
- Be Proactive with Your Antivirus Software. At the most basic level, ensure antivirus software is running on all devices, automate daily scans, check that it is updated regularly for the latest vulnerabilities, and educate staff on running manual scans on new downloads. You may also wish to inquire about NextGen Antivirus solutions.
- Implement a Firewall with UTM. Standard firewalls used to be the gate that kept the bad guys out. However, end-users are now clicking on malicious emails and websites, unknowingly opening the door and inviting cybercriminals. Implement a firewall containing Unified Threat Management (UTM) features that provide a suite of protection against today’s increasing threats.
- Enforce Strong Password Policies. Implement a system that forces employees to change passwords periodically and not reuse past passwords. It’s also an excellent practice to teach them how to use passphrases. For example, the phrase “to be or not to be” might be represented as “tbOn2b.”
- Use Multi-Factor Authentication (MFA). Multi-factor authentication provides an extra layer of network security if someone is hacked and login credentials are stolen. When users attempt to login to the device or application in question, they receive a text or email alerting them to the login and providing a unique code. That code must be used to gain access. Therefore, assuming the hacker does not have access to the email or text alert, they would remain locked out.
- Create Firm-wide Data Storage Policies. Consider a firm-wide policy that restricts where sensitive data and Personally Identifiable Information (PII) can be stored. Do not allow this level of information to be copied to an external drive or saved outside your secure network. When using external drives, such as a USB flash drive, disable auto-run so that drives are scanned before files open on your network and discourage personal USB drives from being plugged into a work computer.
- Encrypt Internal and External Disk Drives. Even with data storage policies in place, we highly recommend encrypting internal and external disks as an added layer of protection. This extra layer of security protects your data if a computer or drive is lost or stolen.
- Assess Your Remote Workforce. Home offices represent a tremendous security risk. How are your employees accessing and saving data? Are they transferring files through email? Are they using personal devices for work? Is their home Wi-Fi network adequately secured? Assess the risks, and then take the necessary steps to remedy the vulnerabilities.
- Backup Data Regularly. Backups should be automated and run regularly (e.g., every day, every hour, or real-time, depending upon your business). Backup storage is another best practice that should not be ignored. It’s OK to store a backup on-site, but a redundant copy should also be kept in a secure cloud-based platform and tested periodically to ensure they work.
- Implement Email Security Software. Email is the most significant source of security breaches. Cloud-based email security systems stop threats before they ever make it to your company’s mail server. Spam, viruses, and malicious URLs are some of the easiest ways for ransomware to infect users.
- Erase Hard Drives. Before disposing of or selling old devices, including computers, tablets, printers, copiers, external hard drives, flash drives, and fax machines, securely wipe all data. Simply deleting files is not a secure method. Anyone with recovery software and evil intentions will be able to access the data, putting you at risk.
- Implement a Mobile Device Management (MDM) System. Whether you are a BYOD (bring-your-own-device) organization or issue firm-approved devices to your employees, it is difficult to ignore mobile device management. Laptops, tablets, and smartphones are often used for business and require their own degree of protection. An MDM system manages your mobile devices, pushing installations, installing updates and patches, managing applications, and even provides you with the ability to wipe a mobile device clean should you and your employee part ways.
- Implement DNS Perimeter Security. DNS is the starting point for internet connectivity across all devices. DNS Perimeter Security provides an additional layer of network security across all platforms, protecting companies from malware, phishing scams, botnets, and more.
- Establish a Guest Wi-Fi Channel. Establish a Wi-Fi channel that guests, clients, patients, and vendors can use when on-premises. It should restrict access to all sensitive areas of your network and limit where they can browse.
- Provide Employees with Security Awareness Training. Educate employees on what they can and cannot do on their work computers. Teach them how to recognize malicious emails and strengthen spam filters by reporting suspicious emails and events.
Clearly, there is much that goes into adequately securing one’s network. But with cyberattacks on the rise, preventing a cyberattack must be a priority for every business. Implementing the items discussed above will strengthen your network’s security.
If you need assistance with these best security practices, don’t hesitate to contact us.
*Statistics from IBM and the Ponemon Institute’s “The Cost of Insider Threats Global Report 2020,” Verizon’s 2020 DBIR Report, and Cybersecurity Ventures Security Report.