5 CRITICAL Cybersecurity Actions You Need to Implement NOW
According to the Federal Bureau of Investigation, phishing scams cost business in excess of 5 billion dollars per year. These cyberattacks are up a whopping 2370% over the past two years. Phishing scams in conjunction with malware and ransomware are threatening businesses and individuals globally. It is important to fully secure your business network against attacks like WannaCry ransomware. You MUST take a proactive approach.
In order to stay in-line with digital security "industry best practices," Soteryx recommends performing annual audits, implementing network hardening, conducting in-depth staff trainings, and developing a cybersecurity policy. These actions may require professional assistance depending on your staff's skill set in cybersecurity.
While you examine whether you will implement these actions with your current staff or call upon external expertise, there are actions you MUST implement on a more immediate basis.
Here are 5 critical cybersecurity
Actions you need to implement NOW:
1. ENFORCE LONG, COMPLEX PASSWORDS
Ensure that your users are using long, complex passwords! This means using passwords with a minimum length of 12 characters. Passwords should have upper and lower-case letters, and should include numbers and punctuation. Passwords should be multiple-word passwords. Numeric/letter substitution is NOT enough!
For example, "2017MyCatEatsPaint!" Is an easy-to-remember, complex and secure password. It's length makes a brute-force attack difficult, and its use of upper and lower-case letters, as well as numbers and punctuation, enhances its resistance to attack.
On the other hand, a password like "f00tb@ll" is NOT a good password. It uses common numeric substitution of a dictionary word, and its short length (only eight characters), makes it more susceptible to a brute-force attack.
2. DISABLE UNSOLICITED INCOMING LINKS
If possible, disable links in your email client. Along with that, train users to NEVER click on unsolicited incoming emails. In recent years, the bulk of cyber-threats have accessed systems through phishing or spear-phishing attacks. Some devastating attacks such as crypto-locker or crypto-wall can be easily prevented by addressing click-through links on incoming emails.
This also applies to telephone inquiries as well. Never provide or confirm personal information on an unsolicited incoming telephone call. Though telephone attacks are less common, they still occur, with some success.
3. DATA BACKUP
It is imperative, not just from a security standpoint, but also for good business practices to back up company data.
Backups should be run every night, and backed up onto storage that is separated from the company network. Being separated from the network is important. If malware encrypts all mapped network drives, and the back drive is connected to the network, the backup will be useless as well.
Furthermore, it's just good business practice to have files backed up, in case of server failure, or in the event that a user accidentally deleted or changed a file.
4. USE CURRENT ANTI-VIRUS
It is important to use current anti-virus and enable OS updates. Current means a paid subscription that updates automatically. Yes, there is a cost involved with this, but the cost is worthwhile. It is important to run anti-virus on computers as servers as well.
5. UPDATE NETWORK SECURITY POLICIES
Although this is a large topic, it is important to ensure that network policies are configured to best protect your system. This includes limiting incoming ports on the firewall, limiting access to network resources, updating software and firmware, limiting servers to running only software required for their function, and reviewing the system and disabling any accounts that are no longer used. These are just a few of the things that need to be reviewed while updating and remediating network security policies.