Let’s celebrate the Christmas season with 25 days’ worth of simple cybersecurity tips to keep your business up and running smoothly!
1. Use strong passwords. Avoid common words. Mix letters, numbers, and symbols. This is an obvious one, but you’d be amazed how many people are still using some variant of the word “Password.”
2. Don’t repeat passwords. If one of your accounts is breached, or a data breach results in your email and password being shared on the dark web, cheap tools available on the dark web can scan millions of websites in a matter of minutes and attempt to log in to each one using that same password and email combination. These easy-to-use tools will find every account you own with the same password combination. Repeating a password for a “throwaway” account like an online shopping login can easily lead to your bank account being compromised.
3. Enable Multifactor Authentication (MFA). MFA is a simple tool that adds an extra layer of protection. This one can be a tough adjustment for some, but it’s a simple step that becomes habitual very quickly while making it harder to breach your accounts if your login info is compromised.
4. Keep software updated and apply patches regularly to close vulnerabilities. This seems like an obvious one, but it’s on this list because many businesses do not keep up with updates and patches that address critical vulnerabilities.
5. Avoid public Wi-Fi. If you have no alternative, use a VPN. Public Wi-Fi networks are unsecured and very good conduits for a wide range of attacks, especially in populated areas where people frequently work on the go—Starbucks, etc.
6. Verify links before clicking by hovering over them. This allows you to see the actual destination. This is especially important in emails—even emails from trusted sources.
7. Don’t open unknown attachments. They can contain malware or viruses.
8. Log out of accounts when done, especially on shared or public devices.
9. Use next-gen antivirus and ensure that it’s updated for maximum protection.
10. Be wary of phishing attempts. Look for red flags in all emails. Phishing attacks remain the most successful attack vector for bad actors because people keep falling for them.
11. Implement regular security awareness training. Consistent training and phishing tests will help lower the chances that a member of your team will open a door for a hacker to stroll into your network.
12. Keep admin privileges to a minimum. If one endpoint with admin privileges is compromised, a hacker can run free within your network.
13. Back up your data regularly. Look into both cloud and physical storage options. Make sure your backups are backed up and be aware that there are different types of backup options with a wide range of capabilities, some far better than others. Talk to an IT consultant if you’re not sure where to start.
14. Stick to Wi-Fi best practices. For business networks, use strong encryption, a separate guest network, and a hidden SSID.
15. Monitor bank statements to spot fraudulent activity as early as possible. This one seems obvious, sure. But a lot of business owners don’t pay close enough attention to what’s coming and going.
16. Prepare an incident response plan that outlines roles, responsibilities, and recovery steps in the event of a cyberattack. This is another one where it’s probably best to consult with an IT professional. The same can be said for the next two tips.
17. To protect your network from unauthorized access and detect potential intrusions, use firewalls and intrusion detection systems.
18. Use SIEM or other tools to monitor network traffic for anomalies.
19. Perform cyber risk assessments. Regularly test your network with simulated attacks to find and fix weaknesses. A third-party cyber risk assessment (or penetration test) will illuminate your network’s weaknesses in a safe environment.
20. Logging and auditing allow you to keep records of system access and changes and monitor for suspicious activities. This is another great step, and it’s another step that will probably require talking to someone with the expertise to implement it.
21. Implement mobile device management (MDM) policies to control access and enforce policies on mobile devices. Mobile and other personal devices represent a big risk to all organizations. Even if you implement every other cybersecurity tip on this list, including advanced firewall and network activity monitoring, a team member conducting business on a personal device is operating outside of the environment you’ve worked so hard to secure. Anything that comes through their personal device then has a wide-open backdoor to your network.
22. Don’t save passwords on browsers. Use a password manager instead. You would be amazed at how easy it is to pull passwords right out of Google Chrome. Password managers like LastPass are exponentially more secure.
23. Use application whitelisting to control which applications can run on your systems.
24. Ensure secure deletion of data on retired devices to prevent data leaks.
25. Urge all team members to report security incidents immediately. Your team should never ignore suspicious activity or feel afraid to report something that feels even a little off. It’s always better to err on the side of caution, and your policies should encourage team members to feel comfortable drawing attention to unusual or unfamiliar behaviors.
Most of these are easy to implement—or at least start implementing. A few of them are a little tougher for less tech-savvy individuals, but all of them are worth the time and effort.
Cybersecurity tips and advice can seem trite. You’ve heard enough of them. You’ve seen the headlines. After a while, they’re easy to ignore.
But please keep this in mind when it comes to cybersecurity tips: Organizations that don’t implement these basic security measures are far more vulnerable to cyberattacks. It’s simple but true. That’s why we keep putting them out there.
If you have questions about any of the cybersecurity tips or advice on this blog, please don’t hesitate to contact us at ask@gotier3.com. We’re happy to give advice even if you’re not looking for managed cybersecurity services.