Best cybersecurity practices to make your business cyber resilient
Considering the fact that cybersecurity threats are real and inevitable in today's hyper-connected world, businesses, regardless of their size, must consider cybersecurity as a critical part of their investment planning.Renu Mehta | Devdiscourse | Updated: 06-02-2020 22:08 IST | Created: 05-02-2020 21:07 IST
Cybersecurity is no longer a buzzword but a prominent concern in the hyper-connected world. The digitalization drive and increasing use of new technologies such as big data, Internet of Things, cloud, blockchain, and artificial intelligence, has significantly raised cyber risks, as never before.
And when it comes to businesses, regardless of their size, they continue to experience a greater number of destructive cyber attacks, compromising sensitive data and valuable assets. Cyber risk has also been identified as the top-most corporate perils for 2020 and beyond, according to a report based on the insight of more than 2,700 risk management experts from 102 countries and territories.
Here are some of the best cybersecurity practices that businesses must follow to address cyber risks and achieve resilience.
A firewall is a network security system that monitors incoming and outgoing network traffic and decides whether to accept, reject or drop specific traffic based on a pre-defined set of security rules. It establishes an obstacle between secured and controlled internal networks that can be trusted and untrusted outside networks, such as the Internet.
They may be able to prevent some attacks by blocking malicious traffic and restricting unnecessary communications. Though it doesn't guarantee that your system won't be hacked, it definitely serves as the first line of defense in network security.
Regular data backups
While cyber-attacks are inevitable, regular data back-up and updates to other off-site devices help ensure additional protection and quick recovery, in case data is compromised. It is essential to deploy an automatic backup solution to limit damage and restore normal operations quickly.
Strong passwords and multi-factor authentication
Commonly used passwords such as '123456' or 'password' or 'abc123' which are also listed among the worst passwords of 2019 can simply give further advantage to attackers. Using strong and unique passwords may help prevent "brute force attack" where the cybercriminals use software tools to try millions of character combinations to attempt an unauthorized login. Security experts recommend to use password managers that store and protect all passwords in one place.
Multi-factor authentication (MFA) is a must-have tool for businesses. It adds an extra layer of security on top of passwords to protect the most sensitive data against cybercriminals. For example, if an attacker learns the username and password, it's impossible for him/her to pose as an authorized user without providing multiple authentication factors. These factors can include - passcodes, a physical device like a phone or biometric identity.
Virtual Private Network
A Virtual Private Network or VPN creates a safe and encrypted connection that ensures secure transmission of sensitive data over a public network such as the internet or WiFi Hotspots. In the simplest terms, a VPN technology prevents bad actors from eavesdropping on your online activities by creating an encrypted connection or data tunnel between your local network and a VPN server in another location.
VPNs can hide confidential information such as online banking credentials or social media passwords over a public network that would otherwise be used by government agencies, marketers, cybercriminals or cyber thieves for surveillance, identity theft, financial fraud or other illegal activities.
In addition to hiding sensitive information, Virtual Private Network helps you escape spying, data and bandwidth throttling, anonymously access any content on the web, even the geo-restricted websites, from anywhere in the world.
Keep security softwares up-to-date
It is essential for any employee or organization to keep its security softwares, web browsers, and operating systems up-to-date to defend against new cyber threats. Software updates not only patch software vulnerabilities but also add new security features to deal with potential vulnerabilities and stand vigilant against future attacks.
Cyber Security Incident Response plan
To identify compromises at the earliest stage, to minimize damage in the event of a security breach and continue operation under attack, a well-defined incident response (IR) plan is needed.
Employee awareness and training
Organizations should implement initial and periodic cybersecurity training on information security concepts for their employees. This will help them identify potential threats and vulnerabilities in the future. The speed with which organizations detect security breaches is faster for those who provide higher levels of training, says an Accenture report on cyber resilience.
Cybersecurity training will not only help the employees make good choices online but also deal with future social engineering attacks such as Phishing, Vishing or Smishing where the attacker uses social skills to compromise critical information about an organization or its digital resources.
The Cybersecurity and Infrastructure Security Agency (CISA), a division of the United States Department of Homeland Security (DHS) that defends critical infrastructure against threats recommends the following security practices to avoid being a victim of social engineering attacks:
- Be suspicious of unsolicited phone calls, visits, or emails from unknown individuals asking about employees or other internal information. Verify an unknown individual's identity directly with the company, if he/she claims to be from a legitimate organization.
- Do not provide personal information or information about your organization, including its structure or networks, unless you are certain of a person's authority to have the information.
- Do not reveal personal or financial information in an email, and do not respond to email solicitations for this information.
- Don't send sensitive information over the Internet before checking a website's security.
- Pay attention to the Uniform Resource Locator (URL) of a website.
- If you are unsure whether an email request is legitimate, try to verify it by contacting the company directly. Do not use the contact information provided on a website connected to the request; instead, check previous statements for contact information.
- Install and maintain anti-virus software, firewalls, and email filters to reduce some of this traffic.
- Take advantage of any anti-phishing features offered by your email client and web browser.
Investing more in cybersecurity
Considering the fact that cybersecurity threats are real and inevitable in today's hyper-connected world, businesses, regardless of their size, must consider cybersecurity as a critical part of their investment planning.
According to Accenture's 2019 State of Cyber Resilience report, the rate at which organizations scale investments across their business has a significant impact on their ability to defend against attacks. Those best at scaling technologies perform four times better than their counterparts. Also, for those best at scaling technology investments, security teams discovered almost three-quarters of cybersecurity attacks againsttheir organizations compared with only half of all cyberattacks for their counterparts.
(Disclaimer: The opinions expressed are the personal views of the author. The facts and opinions appearing in the article do not reflect the views of Devdiscourse and Devdiscourse does not claim any responsibility for the same.)
- FIRST PUBLISHED IN: