Have you audited your organization’s cybersecurity strategy lately? Cybersecurity is a process, and not a project. Processes need to be evaluated from time to time to make sure that they continue to serve the business. When it comes to cybersecurity, there are some parts of the process that need to change, some that need to continue. We’re going to talk about those things that should continue in this article.
Foundational Cybersecurity Practices to Continue
Some cybersecurity practices don’t go out of style. Just like brushing your teeth is a foundational practice to caring for your teeth, there are foundational practices that continue to be important to cybersecurity.
1. Build and Maintain a Multi-layer Cyber Defense
You can’t rely on one or even a few security tactics to protect your data and IT systems. The different layers of security that you have at the system, network, application and device levels work together. If an attacker manages to penetrate one layer, the next layers can stop them.
2. Update and Patch Software
Vulnerabilities are found in software all the time and cyber attackers use these to make their way into your devices and network. Software developers are continually updating their applications with patches to close vulnerabilities.
When software goes out of support – like Server 2012 will later in 2023 – there will be no more patches to close up holes. When software cannot be patched, it needs to be updated to the newest version. Automate software updates and patches when possible and don’t forget to include 3rd party software.
3. Refresh Hardware and Devices
Modern software works best on modern hardware but that’s not the only reason to set up a refresh schedule for your computers and connected devices. Old equipment can have vulnerabilities in its components.
Plus new equipment has more built-in features that can minimize risks. For example, a modern firewall can also have EDR capabilities. Don’t forget to put IoT (Internet of Things) devices on your upgrade schedule to take advantage of expanded security features.
4. Ongoing Cybersecurity Awareness Training
Keep security top of mind with your people through ongoing cybersecurity awareness training. Cybersecurity awareness training is so important that your cyber insurance probably requires it.
Phishing continues to be a tried-and-true cyber-criminal tactic because it works. Cyber criminals evolve their phishing techniques by matching up their messages with what’s going on in the world and by using targeted personal information to get their targets to lower their guard.
5. Password Management and MFA
Two layers of security that work closely together are password management and multi-factor authentication (MFA). MFA doesn’t negate the importance of strong passwords or the practice of having unique passwords for different accounts. Cyber attackers continue to steal account credentials but MFA can stop them from gaining account access.
6. Reliable Data Backup and Recovery
You should always have a copy of your data separate from your main IT systems in case you lose access to it due to a cyber-attack. However, you shouldn’t view your backup as insurance against ransomware, because an intruder could threaten to expose your data if you refuse to pay.
A reliable backup is one that is designed with your ideal recovery point and recovery time objectives, and is regularly tested to make sure it’s doing what it’s supposed to be doing.
7. Don’t Use Public Wi-Fi without Protected Access
Public Wi-Fi is too risky to use unless you have mechanisms to protect the data that flows to and from your device. If you have to use it, connect to public networks with end-to-end encryption like VPN (virtual private network). Add other layers of security by making sure that there is device-level security and that settings for Wi-Fi auto-connect are turned off.
Don’t Forget Cybersecurity Basics
When you’re defending your organization against modern cyber threats, the basics are still important. These seven items don’t make up an entire list of foundational security practices, but they give you a way to start a conversation with your IT team about the effectiveness of your security strategy.
Here at XPERTECHS, we provide clients with the guidance they need to stand up a strong cyber defense. We know what should be included in a comprehensive cybersecurity strategy so that business leaders can be confident that they’re effectively managing cyber risk.
Schedule a consultation to explore how XPERTECHS can help you up your game.