Just like the shelter-seeking raccoon will go for your older, decaying roof over your neighbour’s freshly shingled one, cybercriminals—like animals—look for the path of least resistance. That means they are likely to attack the most vulnerable of businesses, i.e., the easy targets, and pass over those which may have protections that act as a barrier to their success.
If you’d prefer not to be a target, here are the top 5 things you can to reduce your attack surface:
1. Know your risks.
There are many small configurations—with minimal investment—that can make your business less appealing to attackers. This includes hiding server version information, prohibiting email spoofing, establishing your own social profiles (so hackers won’t do it for you), and so on.
2. Train your employees.
95 percent of breaches are the result of human error. In order to reduce this, you want to make sure that these errors aren’t happening inside your organization. Training is the best way to mitigate this risk.
3. Practice proper IT hygiene.
Just like your dentist recommends regular brushing and flossing to reduce your risk of tooth decay, IT Hygiene is a very important practice for keeping your data and your information safe— and out of the hands of criminals. Good IT hygiene involves a regular routine of patch management, changing passwords, 2-factor authentication, routine offsite backup, and so on.
4. Have a disaster recovery plan.
A disaster recovery plan is the fire and flood insurance to your company’s data and assets. And like home insurance, you must establish such a plan before disaster strikes. Testing your restore from backup, establishing a comprehensive recovery procedure, and imaging company devices are some ways you can achieve this.
5. Document your Incident Response Plan.
Instead of scrambling around how to respond when incidents do occur, a documented plan will enable you to quickly and smoothly notify customers of a breach, communicate internally, and perform regulatory, reporting, legal, and PR activities.
While you can’t prevent every attack, these practices will better protect you from threats and equip you with the tools to recover when those cyber-rodents do come knocking.