Cybersecurity best practices

Dave Hodgdon

Keeping your business and employees protected against cyber crimes is a must, and we often see companies that only take cybersecurity seriously after an attack has immobilized their staff and compromised their data.

Addressing these 18 areas will help you navigate the sometimes-choppy waters of cybersecurity, keep your data and employees safe, and ultimately save you time and money. 

1. Security Assessments – It’s important to establish a baseline and have a plan to close your existing gaps and vulnerabilities.
2. Spam Email – Secure your email! Most attacks originate with emails. Choose a service designed to reduce spam & exposure to attacks on your staff.
3. Password Policies – Apply security policies on your network. Examples: deny or limit USB file storage access, enable enhanced password policies, set user screen timeouts, and limit user access.
4. Security Awareness Training – Train your users – often! Review current cyberattack trends and email attacks. Share company policies and procedures. Consider web-based security training to strengthen employee awareness.
5. Vulnerability Scanning – Scanning is an integral component of a vulnerability management program. It identifies security weaknesses and flaws in systems and the software running on them.
6. Advanced Endpoint Detection & Response – Protect computer data from malware, viruses, and cyberattacks. Endpoint Detection and Response (EDR) agents protect against file-less and script-based threats and can even rollback a ransomware attack.
7. Multi-Factor Authentication – Utilize MFA whenever you can – on your network, key applications, banking websites, vendor portals, and social media. It adds another layer of protection so even if passwords are stolen, your data stays protected.
8. Computer Updates – Keep computers updated for better security. Always install updates for trusted platforms/apps like Microsoft, Adobe, Java, etc.
9. Dark Web Research – Knowing in real-time what passwords and accounts have been posted on the Dark Web allows you to be proactive in preventing a breach.
10. SIEM/Log Management – Security Incident & Event Management uses big data engines to review all events and security logs from company-covered devices to protect against advanced threats and to meet compliance requirements. Typically needed when there is a compliance requirement.
11. Web Content Filtering/DNS – This technology stops users from viewing certain websites by preventing their browsers from loading pages from them. The goal is to block content that contains harmful information.
12. Mobile Device Security – Cybercriminals attempt to steal data or access your network through employee phones and tablets. They count on you to neglect these devices, but mobile device management and security close this gap.
13. Firewall – Next-gen firewall appliances need Intrusion Detection and Intrusion Prevention features. This is your first line of defense and needs to be monitored and updated with the latest security updates.
14. Encryption – Whenever possible, encrypt files at rest, in motion (think email), and especially on mobile devices. Notebook and tablet hard drives should always be encrypted.
15. Backup – Backup locally. Backup to the cloud. Have a business continuity plan in place that meets your expected uptime and recovery requirements and test it at least monthly or quarterly.
16. Cyber Insurance – Protect your business, data, people, and reputation with cyber damage and recovery insurance policies.
17. App Whitelisting – Prevent the execution of unauthorized software and help defend your company systems and users against malware, while reducing the attack surface. Typically needed when there is a compliance requirement.
18. Password Manager – Enable and encourage your team to create and manage strong passwords for all your applications and websites, and generates unique, complex passwords for every account.

Don’t let cybersecurity overwhelm you!

If you’re a small business owner or IT manager who’d rather leave staying ahead of the trends – and the bad actors – to the professionals, look for a local managed services and security provider (MSSP) who can help with all your needs, or consider co-managed IT services that offer a hybrid approach to support your existing IT team.

Dave Hodgdon is the CEO and chief technology advisor of PCG IT.