A new year means new resolutions! And when it comes to resolutions, the usual suspects are around our health and well-being. I’ll exercise more! I’ll eat healthier! Those are welcomed promises, and we certainly commend and support you.
Similar promises can be implemented in your business - particularly around cyber. Ready to add more cyber to your diet?
Here’s a shortlist that we recommend you do. Getting these right will directly contribute to your overall cyber health.
Manage your passwords. Use a password manager to quickly implement and manage strong passwords. Do not re-use or share passwords.
Whenever you have the option, use Multi-Factor Authentication (MFA). MFA will help you detect unauthorized access attempts to your accounts and applications. A common example of MFA is an SMS code sent to your mobile phone to allow a log-in. An Authenticator app installed on your mobile device is the preferred way to facilitate MFA.
Secure your router, especially when working from home. Change your Internet Service Provider (ISP) default router password and the wireless password. Change the default router’s name and the name of the WiFi network (SSID). Choose names that are not identifying you or your businesses.
Change the built-in firewall in the ISP’s router to the most secure settings. Add a separate firewall device to your Network if you know how to do it.
If you don’t need wireless, disable it. Access to ethernet cables is more difficult than to your wireless network. If you must have wireless, make sure the password is strong and that you use the latest security protocols (WPA3 is best).
If you must provide wireless for non-employees in your business, create a Guest Network. Guest Network allows visitors to access the Internet only and not your internal network and devices on the network.
Make sure all the end-points on your network are kept protected. Daily updated anti-virus software is a great start, but Endpoint Detection and Response (EDR) software provides much more protection for a very small cost
All devices (computers, mobile phones, printers, etc.) that connect to your business network must be kept fully updated. Attackers often use vulnerabilities as they are made public. The longer it takes you to update the security patches the more exposed your business is.
Do not forget your IoT sensors and Smart Home appliances. Change their default passwords and keep them up to date.
Avoid downloading and installing applications from unknown sources or not through credible App Stores. Some are used as honey-pots to trigger a malicious software download.
Back up your important data. Choose a secure cloud service rather than the usual cloud suspects. Try to diversify where you store the copies of your data: cloud, office, home is a recommended mix. Test that your backup actually restores and keep the latest copy offline.
Get everyone secure access. A VPN is a basic solution, but if your workforce is mostly remote, it's worth upgrading them to a Secure Connectivity solution (based on SASE and Zero-Trust). The new solutions are not only more secure but also increase employees and overall business productivity.
Restrict access to your company’s crown jewels. Less access makes you more secure. Make sure only people and devices that have a viable reason can access the information.
Email communication is crucial to running your business, but it also presents a large cybersecurity risk. Consider getting an Email Security solution to prevent attacks before they land on your devices. This additional layer of security is affordable and can save you a great deal of money and grief.
Secure your mobile phones. Mobile phones today mirror both the information you have on your other machines, and facilitate access to sensitive applications. Attackers are now shifting focus and launching multi-faceted attacks through the weakest link — your mobile. There are solutions you can get to mitigate the risks.
Review your privacy setting on various social media and online accounts you use for personal and business use. Adding your birthday, home address, and other Personal Identifiable Information will increase your risk.
Dispose of old gear in a secure fashion. Failing to do so can expose your information and increase your risk.
And of course, educate your employees about cybersecurity, the risks, what scams and attacks look like, and what to do or not to do. Sharing this article with others will be a good start!
Looking for additional guidance on how to improve your business cybersecurity posture in 2022? We are ready to discuss.