With cybersecurity attacks expected to increase this coming year, now is a great time to review the protections your business has in place to protect against the ever-looming threat of an incident.
Review these five essential steps for a strong security posture in the new year.
1. Is Your Software Updated?
One important thing you can do to lower your cybersecurity risk is to perform regular software updates.
Software updates often contain security patches against known threats.
You can update the following types of software:
Application software, such as a CRM tool, word-processing application, email client, or Web browser.
System software, such as your device’s operating system.
Driver software, which helps connect devices to a computer, like a printer.
Keeping your organization’s software up to date is critical in preventing attacks.
2. How Is Your Data Backed Up?
Data backups are another area we recommend reviewing heading into the new year.
In the event of a cyber attack, a natural disaster, or another large-scale emergency, having a disaster recovery plan in place saves and restores data.
We typically recommend that data is backed up off the network—most likely in the cloud—so that in the event of a cybersecurity incident, a clean backup can be accessed to restore any breached information.
Backing up data and processes is an important facet of any security strategy.
3. Draft Or Review Your Incident Response Plan
Data backups are often a component of a larger incident response plan: your organization’s template for what to do when a cybersecurity incident happens.
Just be sure that your master password is lengthy and complex, using a mix of numbers, symbols, and capital and lowercase letters.
Beyond passwords, we often recommend creating a passphrase, which could be an acronym that represents a memorable phrase to you.
In addition to strong passwords and password managers, be sure you have policies in place to change passwords and passphrases multiple times per year, or however often industry regulations require.
Further, once an app or device has been unlocked with a password, it should not be left unattended.
Finally, bolster your passwords even more by using multi-factor authentication, which requires an additional way for users to identify themselves beyond their password.
5. Is Encryption Enabled?
Most businesses—especially in regulated industries such as banking and healthcare—require the use of personal information.
All devices on which personally identifiable information is accessed should be encrypted. This includes devices such as laptops, smartphones, removable drives, and cloud storage.
What Other Cybersecurity Essentials Should We Review?
If you’re looking for even more protection next year, we recommend taking a look at the following actions you can do to protect your business.
Provide security awareness training. Your employees should know the basic steps to protect themselves and your business from a cybersecurity attack, such as phishing or ransomware.
Implement cybersecurity policies & procedures. Define policies for acceptable use by your employees of software and technologies using business accounts. Provide most employees with the lowest level of access they’ll need to certain information. Implement physical controls, if needed or required.
Monitor your network. Actively monitoring your network can help catch bad actors before they steal sensitive data or hold your data hostage. Many businesses have SIEM in place, but double-check your SIEM to ensure it’s configured appropriately.
As your business heads into next year, we recommend reviewing your cybersecurity protections in order to provide the best chances for protection against a threat.