Have you been working on strengthening your cyber security stack in your business or crossing your fingers and hoping for the best? How much protection is really enough?
There are a lot of remedies for improving cyber security out there, but which ones present the best value for your business, and what constitutes a “zero trust” environment?
If you’re just starting out, these 10 items will greatly improve your business’s cyber security safety in a short amount of time (we call these “best practices”):
- Use multi-factor authentication. This one is obvious, but we still see it not being employed regularly. Multi-factor authentication is generally extremely easy to enable (often times just a checkbox) and it greatly improves the safety of that account. When we’re talking about accounts like your business email, or your banking account it’s a no brainer.
- Use a password manager. This is another easy one to employ but people still ignore it, or even worse they use the password manager built into their browser. We’re not saying that’s completely wrong, especially if you’ve started using stronger passwords because of it. It’s still a good idea, however, to use a password manager that’s not directly connected to your system. Often times the same password or biometric you use to log onto your computer is the one used to unlock your browsers password database, so if someone has breached the device all those passwords will be available to them too.
- Employ Biometrics. Speaking of biometrics, they can be an improvement over passwords when it comes to a physical devices security. Especially for mobile devices, most of us access our work emails, banking accounts, etc. through our phones. It’s very easy to lose a phone, so making that phone unusable to whoever finds it (or has taken it) is a good idea.
- Don’t give everyone admin privileges. Not every employee needs all the keys to your kingdom, limit admin access only to those who really need it so if you do have a breach the damage can be limited as well. This is a key component of a zero trust environment (which we describe in the chart below).
- Communicate your goals and train your employees. Loop employees into your increased cyber security efforts and provide training, no one wants to be responsible for a cyber-attack in their workplace but without training employees can become unknowing and unwilling threat vectors.
- Monitor network activity. Now we’re starting to get into the more challenging topics, monitoring your network activity can be a very effective way of noticing early when something is amiss. There are tools out there that can do this monitoring for you and provide warnings if suspicious behavior is detected (like a device being logged in after hours when it never usually is).
- Use encryption. It’s pretty easy to use encryption in email or with sensitive documents (again often just a checkbox) but it’s an effective way to make sure sensitive data doesn’t fall into the wrong hands.
- Use backups. Again, in the same vein of protecting your data having automatic backups will greatly increase your chances of recovering after a cyber-attack. Especially if those backups were stored offsite (such as cloud backups). We wrote an article on the best ways to manage your OneDrive storage (which is included in your Microsoft 365 subscription) here.
- Regularly patch your devices. Many of your vendors actually provide security protections for you via their patches, which more often than not are addressing specific security concerns that have been identified. Patching costs nothing but your time and the benefits are ten-fold compared to the costs of a security breach in your business.
- Have a security audit performed. The best way to address the holes in your security plan is to have a reputable IT company perform a security audit. Valley Techlogic is a provider of these audits in the Central Valley and you can request a consultation here.
Performing these ten activities in your business will greatly improve your cybersecurity effectiveness across the board, but if you’ve reached the bottom of this article and have realized you do all of these you may be wondering what’s next? Or perhaps you’ve heard of zero trust but aren’t sure what that entails, here are the key components to having a zero-trust cybersecurity environment:
We address ALL of these topics in our new book, Cyber Security Essentials, which covers all the components of a cybersecurity framework and how to implement them in your business. You can see a preview of the book in the video below.
Looking for more to read? We suggest these other articles from our site.
-
Threads, Twitter, or neither? What are the differences and what are the benefits of engaging on social media for your business
-
Refurbished versus new, what are your options when it comes to on-premises servers?
-
RAID Arrays Explained, What is it and do you need one?
-
Patch Management 101 – From Neglected to Automated; 5 Tips for Managing Patching in your Business
This article was powered by Valley Techlogic, an IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://twitter.com/valleytechlogic.
You must be logged in to post a comment.