Top five cybersecurity practices to decrease risk
These steps can start your layered approach to security
October may be Cybersecurity Awareness month, but in reality, it’s always a good time for organizations to assess and maintain a healthy cyberdefense, especially in today’s ever changing cyberthreat landscape.
In the past, if you had a good firewall, intrusion detection system, and an up-to-date anti-virus solution, you could feel relatively safe that you were in a good place to keep the bad stuff out of your network. Today, however, the threat landscape has dramatically changed, and it is mission critical to make adjustments and create an effective cyberdefense. If you don’t, your business could become a statistic.
According to the 2018 Symantec Internet Security Threat Report, which reveals the latest trends and cyber security attack statistics, hackers are becoming more sophisticated and innovative. The report shows that in 2017:
- Malware detections have increased by 8500%
- Implanted malware increased by 200%
- Attacks against IoT devices increased by 600%
- Spear phishing was a leading technique for targeting networks with 71% of all targeted attacks beginning that way
So, which steps can you take to reduce the risk of a cybersecurity attack? Here are the top five best practices your organization should enlist.
1. Replace outdated operating systems and software
In the past two years, Microsoft has discontinued support for two widely-used operating systems: Windows XP for desktop PC’s and Windows 2003 for servers. And by January 2020 (mark your calendars), Windows 7 will no longer be supported. When systems and software are discontinued, it means the vendor, in this case Microsoft, is no longer providing updates, which creates an environment raft with vulnerabilities that sophisticated hackers can take advantage of. It is also highly likely that any security audit of your network will not pass.
Now is the time to upgrade to a currently supported operating system like Windows 8.1 or 10 for desktop PCs. Simultaneously, you should evaluate if your Windows servers' current function could be better achieved with a cloud solution like Office 365 (before upgrading to Windows Server 2008 or 2012).
Backup of your data is more important now than ever before because of new threats like ransomware. Be sure your backups are running and secured offsite. Not only do you need to protect data from a hardware failure, loss, or natural disaster but, you also need to protect it from a cyberattack which could encrypt that data. If you fall victim to ransomware and don’t have your data backed up, your only is option is to pay the ransom which is now escalating into extortion.
For your backup and recovery solution, use a business class backup (not a USB drive, for example) and regularly check to ensure the backup is working. Also, be sure that backups are stored offsite in an encrypted format to minimize the risk of a data breach due to lost or stolen backup media.
3. Patch and keep patching
Patching your servers and PCs with automated security updates is a critical security control. If patching is not in place, cybercriminals will look for those unpatched weaknesses as a way to exploit and gain access to systems. To ensure security updates for operating systems and common applications are updated on a regular basis, make it simple and use an automated patching tool or service.
4. Ensure your firewall is current and working
Because they are hidden in a computer room or closet, firewalls are another critical IT asset that is sometimes forgotten. Most firewalls have two components: hardware and software licensing. If you have had a firewall for more than five years, ask yourself if the hardware is still supported by the manufacturer and if the licensing is current. If not, you and your network are open to unnecessary risk.
Make it part of your plan each year to check with your firewall vendor so you know its age and licensing requirements. A lot has changed in the past five years, and it might be time to find a more capable and current firewall.
5. Good email practices
More and more businesses are moving to encrypted email, especially for communications containing sensitive personal and identifiable information (PII) as well as personal health information (PHI) in order to comply with state laws and federal regulations like HIPAA. If you’re not encrypting email, then you put your business or organization at risk. Many data breaches have happened when a user accidentally sends an email containing unencrypted PII. The best and most simple approach is to have a solution in place which scans for PII and forces encryption.
When it comes to preventing an IT security breach, there is no one silver bullet. To help prevent cybercriminals from attacking, businesses need to have a layered approach to security so there are multiple safeguards in place to stop and prevent an attack. Implementing these five top best practices is a good way to start. If you are unsure about what your business needs, consult with experienced IT teams to ensure your best chance of success.
Mark Benton is the director of product management for Systems Engineering, a managed IT, security and cloud services firm with offices in Portland, Maine, and Manchester, New Hampshire. He can be reached at 888-624-6737 or through syseng.com.