2017 has been an eventful year full of technology advances and modernisation with businesses adapting to the age of IoT and digital transformation. But while all of these bring many advantages, it also poses risks to the business. We’ve shared with you in our blog and infographic about the 2017 Australian Cyber Security Centre Threat Report that cyber crimes are increasing at a disturbing rate and that Australian businesses continue to be one of the prime targets. The rampant digital extortion in 2018 is expected not to slow down.
There are several cybersecurity best practices that you can adopt immediately to significantly lower your chances of being the next online fraud or ransomware victim. As the New Year begins to unfold, make these eight cybersecurity best practices part of your company’s New Year’s resolution.
#1 Perform proactive risk assessments
Some organisations assume that staying compliant with regulations is enough to protect their data. While it is a good first step, it doesn’t cover all bases. Performing proactive and repetitive risk assessments help you to better prepare for cyber threats. A typical information systems security review will identify vulnerabilities from a network, server, data and application components of security. It should allow you to discover and classify your assets, analyse possible threats, identify your vulnerabilities, determine risks, analyse control mechanisms you can put in place and create a control roadmap.
#2 Identify whitelist applications
Application whitelisting is a security strategy that allows only approved applications to run on your machine. What’s good about it is, it blocks all other programs including malware and other malicious software. If you are using Windows 8 or 10 and Windows Server 2012 or 2016 as operating systems, you can utilise Applocker from Microsoft so you can create rules to allow or deny apps from running based on types of files or users. Here’s a guideline to get you started.
#3 OS and application patching
Leaving your operating system or applications unpatched for updates leave a door open for a malware attack. It is highly recommended to turn on automatic updates on your PC but if you are using Microsoft System Center Configuration Manager (SCCM), you can automate patching with it.
#4 Use multi-factor authentication
MFA is one of the best ways to protect your account as it utilises an additional physical device to confirm the identity of the person accessing the account. It is an authentication method that requires either a phone call, a virtual or physical smart card, biometric device or a randomly generated passcode as verification methods. It is quite reliable for as long as the secondary device is not stolen or lost. If you are using Office 365, you can get started on setting up MFA by reading this article.
#5 Regularly backup your data
Backing up your data is fairly basic, and you should do this on a regular basis. You can copy your files over to a protected system which will allow you to get access to it when needed. Make sure to encrypt backups for those that contain sensitive data and verify that your files are retrievable. While backing up your data doesn’t stop a ransomware attack, having access to it at the very least helps your business from completely getting immobilised.
#6 Limit administrative privileges
Allowing too many people to download or use just about any software is dangerous! Practice limited administrative privileges especially for your new users and escalate their permissions only when necessary. Restrict your users’ ability to install and run any application. It can help prevent malicious software from spreading through your network.
#7 Boost staff awareness
Making your people aware of cyber threats is just as important as the tools that keep your sensitive data safe. Getting them to understand how a malware or phishing attack gets delivered to their devices is one of the first steps you can take to make them aware of the cyber threats that your company could face and its impact to your bottomline. Explain why certain measures have to be adopted and why they are important.
#8 Create an incident response plan
When a security breach happens, do you know what steps to take to help detect, respond to and limit the effects of cybersecurity incidents? That is what an Incident Response Plan is for. When laid out ahead of time, it can help in limiting the damage of a breach and allow you to remediate the incident effectively. When creating an IRP, consider keeping it simple and flexible to adapt to various situations and review the plan to make sure that the documented procedures are applicable.
Let us help you implement these best practices
Make these best practices part of your long-term strategy to protect your business from cyber crimes. However, implementing these correctly could be challenging if you don’t have deep experience or the right skills.
Professional Advantage has Cybersecurity Services that can help even small to medium-sized organisations to get the best protection that they need to stay on top of the ever-evolving cyber intrusions.
We can help you in any of these ways:
- Implement a baseline cybersecurity strategy called Essential Eight
- Perform a network vulnerability scan
- Perform a full information systems security review
Most of the best practices mentioned above are covered in our cybersecurity services. You can find more information about it on our website or you can comment below for your queries.