With cybersecurity attacks expected to increase next year, the end of this year is a great time to review the protections your business has in place to protect against the ever-looming threat of an incident.
Review these five essential steps for a strong security posture in 2022.
1. Is Your Software Updated?
One important thing you can do to lower your cybersecurity risk is to perform regular software updates.
Software updates often contain security patches against known threats.
You can update the following types of software:
Application software, such as a CRM tool, word-processing application, email client, or Web browser.
System software, such as your device’s operating system.
Driver software, which helps connect devices to a computer, like a printer.
Keeping your organization’s software up to date is critical in preventing attacks.
2. How Is Your Data Backed Up?
Data backups are another area we recommend reviewing heading into the new year.
In the event of a cyber attack, a natural disaster, or other large-scale emergency, having a backup policy in place saves and restores data.
We typically recommend that data is backed up off the network—most likely in the cloud—so that in the event of a cybersecurity incident, that clean backup can be accessed to restore any breached information.
Backing up data and processes is an important facet of any security strategy.
3. Draft Or Review Your Incident Response Plan
Data backups are often a component of a larger incident response plan: your organization’s template for what to do when a cybersecurity incident happens.
Having an incident response plan in place helps you know who will be involved in the process and what steps to take to safely restore your network and data assets as quickly as possible.
4. When Was the Last Time Your Passwords Were Changed?
The most basic and effective form of cybersecurity is the password.
That’s because stolen credentials are the cause of most data breaches.
Using a password manager can help generate and keep track of those credentials.
Just be sure that your master password is lengthy and complex, using a mix of numbers, symbols, and capital and lowercase letters.
Beyond passwords, we often recommend creating a passphrase, which could be an acronym that represents a memorable phrase to you.
In addition to strong passwords and password managers, be sure you have policies in place to change passwords and passphrases multiple times per year, or however often industry regulations require.
Further, once an app or device has been unlocked with a password, it should not be left unattended.
Finally, bolster your passwords even more by using multi-factor authentication, which requires an additional way for users to identify themselves beyond their password.
5. Is Encryption Enabled?
Most businesses—especially in regulated industries such as banking and healthcare—require the use of personal information.
All devices on which personally identifiable information is accessed should be encrypted. This includes devices such as laptops, smartphones, removable drives, and cloud storage.
What Other Cybersecurity Essentials Should We Review?
If you’re looking for even more protection next year, we recommend taking a look at the following actions you can do to protect your business.
Provide security awareness training. Your employees should know the basic steps to protect themselves and your business from a cybersecurity attack, such as phishing or ransomware.
Implement cybersecurity policies & procedures. Define policies for acceptable use by your employees of software and technologies using business accounts. Provide most employees with the lowest level of access they’ll need to certain information. Implement physical controls, if needed or required.
Monitor your network. Actively monitoring your network can help catch bad actors before they steal sensitive data or hold your data hostage. Many businesses have SIEM in place, but double-check your SIEM to ensure it’s configured appropriately.
As your business heads into next year, we recommend reviewing your cybersecurity protections in order to provide the best chances for protection against a threat.