A new year represents a time for change. We have new goals, new ideas, and newfound motivation to be our best selves for the new year. All of this inspiration means that now is a perfect time to revamp security measures for your company. This can mean making small changes to your current security policies, or undergoing a major project to improve your policies in the long run. No matter the size of your organization, these are the top 5 security measures that you should initiate in 2020.
Raise Employee Awareness
It may seem like a no brainer, but you’d be surprised how many companies don’t prioritize employee awareness of cybersecurity issues. While it may be a bit overkill to explain the minutiae of your technical security measures to every single employee, it’s important that everyone have a basic understanding of your security policies and know their role should your organization face an incident.
Simple ways to improve employee awareness include:
- Testing employee’s knowledge of company policies and procedures
- Encourage employee participation in policy development by asking for feedback
- Conducting a Table Top Exercise to practice incident response procedure
The best practice for raising employee awareness of cybersecurity issues is to engage with them and make security a priority for all roles within your organization. Once everyone feels responsible for protecting company data, it’s much easier to increase security measures across the organization.
Practice Safe Passwords
“Password protected” doesn’t mean much to a hacker, especially if your password is too short, too common, or too easy to guess. As a general rule of thumb, you should encourage your employees to avoid passwords containing the name of your company, common words like “password”, “qwerty”, or letter/number combinations like “abc123”, “C0mp@nyN@m3”, etc. It may seem obvious to avoid passwords that can be so easily guessed, but one of the most common points of weakness that Ra Security discovers when infiltrating a network is a series of weak passwords – and they almost always fall into one of the above criteria.
So How Do You Choose a Password?
Picking a password is kind of like picking your favorite kid: it’s hard to do, annoying to remember, and you definitely shouldn’t tell anyone what you choose – but the process can be made a little easier if you keep these three things in mind.
- Longer passwords are better
- Random phrases and mnemonics can help remember tricky passwords
- A password saver like LastPass is your new best friend
Choosing a password can be a royal pain in the (p)ass, but ensuring that you and your employees are using secure, complex passwords is vital in securing your priviliged accounts and network from a hacker.
Use Multi-Factor Authentication
Sometimes simplicity is key. That’s why Multi-Factor Authentication remains one of cybersecurity’s best practices. Despite this, many still don’t use MFA for even their most important accounts. Either they find it annoying, don’t see the need, or simply don’t understand how MFA works.
How MFA Works
Multi-factor authentication makes it nearly impossible for a hacker to log in to an account as you because they need more than just your password to gain access to the account. Accounts with multi-factor authentication require at least one other point of contact to give a user access to the account. These other factors can be a code sent to a mobile phone number, a security token provided on another device, or voice recognition to confirm that the accountholder is the individual trying to access the account.
While it may seem inconvenient to have to wait for a text message, enter a code, or perform some other task to authenticate your account, we guarantee that it’s less of a hassle than dealing with the aftermath of a major security breach.
Back Up Your Data
Back. up. Your. data.
BACK UP YOUR DATA
If we haven’t made it clear already, backing up your data is vital when it comes to protecting your information and is a more relevant practice now than ever before. With the increasing prevalence of ransomware, having a recent, secured copy of your data can be the difference between moving on with your business and getting suckered into paying a massive ransom to get your data back.
That’s not to say that backups aren’t vulnerable. Just like your primary copy of your data, backups should be updated regularly, thoroughly protected, and encrypted to make it as difficult as possible for a hacker to access and exploit it.
Want an insider tip that a lot of companies overlook? Don’t leave the responsibility of backing up your data to just one person. While nobody wants to think that someone they work with could have malicious intent, dividing backup duties among multiple members of your staff is key to ensuring that nobody “forgets” to back up your data in the event of an attack.
Develop a Comprehensive Cybersecurity Policy
We touched on this a little bit in point number one, but the final recommendation that we have for all companies to implement in 2020 is to develop a comprehensive cybersecurity policy. Your company policy should serve as a formal guide that all employees can refer to and adhere to when making any decisions with data, information transfer, or account access. A written cybersecurity policy puts all of your employees on the same wavelength as your security specialists and allows managers and executives to enforce data protection rules fairly and equally across departments.
A company-wide cybersecurity policy can serve as the roadmap for department-specific security plans that work to achieve company goals without disrupting the workflow of the department.
If this sounds complicated, let Ra Security help! We offer everything from Rapid Attack Simulation Penetration Testing, to help you understand where your system vulnerabilities lie, to Policy and Procedure Development, to help you build a strong foundation for your company’s cybersecurity success.
Don’t quite know what you need? Take our quiz and an analyst will be in touch to help you determine which of our signature services is right for you.
What are your security goals for 2020? Leave us your security resolutions in the comments!