This blog post was originally posted on December 31, 2019 and as been updated to share new information.
A New Year is here and it is time to make some new resolutions.
While you make personal resolutions such as eating healthier or getting in shape, you shouldn’t neglect professional ones as it applies to your organization and employees.
Given the widespread application of technology in business, it is necessary to have a cyber security plan in place to protect company data and your computer network in the New Year.
Some of the tips that you can adopt or enforce to boost your business security against hackers are discussed below.
1. Deploy Firewall
You can’t stop intruders from attacking your business but you can make their attempts much more difficult by deploying strong firewalls in your network.
With firewalls in place, you can dissuade cybercriminals from lurking around your network.
Firewalls help to block unauthorized access to protected information or devices. It is a basic cyber security measure to keep your business safe. Without a properly installed and configured firewalls, even unskilled malicious users can find their way into your system.
2. Update Your OS and Software
No systems is fully secured. This is why OS, software and device vendors roll out updates and patches.
Hackers are usually one step ahead of developers as a vulnerability needs to be discovered first before it can be patched.
Updates block newly discovered vulnerabilities and security holes so that other users don’t become victims.
If you or your employees are used to ignoring update prompt, then it is time to stop the practice and fully embrace all updates.
To enforce updates, you can set your system to automatically update itself so that staff cannot override them. You should also educate employees about the importance of updates for your organization’s cyber security.
3. Confirm All Requests
Hiding behind internet anonymity, cybercriminals can pretend to be whoever they want through phishing. This is why it is important that your organization encourage confirmation of requests relating to information or money requests.
Through phishing, hackers may pretend to be the CEO and request for wiring of funds or credentials to a private system only to sabotage it.
When your employees receive such request, they should confirm its validity by using other channels of business communication such as phone or company chat app to make sure they are dealing with the right person.
Emails with suspicious attachments should be sent to the proper department for vetting before acting on them.
4. Use Password Manager
Passwords are only as secure as the way they are handled. Human memory is quite limited in the number of random sequences that can be stored. With the explosion of web apps, this has forced many employees to reuse the same weak password for different accounts thus exposing all to security risk.
If one of these accounts is compromised, attackers may then use the same password to gain access to others.
A solution to weak passwords and reuse is to use a password manager that will generate strong passwords and save them for retrieval.
5. Use Multi-Factor Authentication
If a network or asset is worth protecting, then using only one password for access is inadequate. The more hoops you need to jump before gaining access to a system or resource, the more secure it is.
Multi-factor authentication (MFA) makes it difficult for an unauthorized party to gain access to a system.
Even if a cybercriminal managed to steal an employee’s credential, with MFA in place, they are still far from success as they would need to successfully get other layers of security to access that specific account.
You may use an MFA that is linked to a phone number. More secure MFA options include online authenticator such as Google Authenticator and hardware security keys for sensitive systems.
6. Avoid Public Wi-Fi
Public wifi are convenient to use but are often insecure. Employees often need to work outside of the office and may use to public WiFI for connectivity.
When employees connect to a public hotspot, they are exposing the business to security risks.
A malicious user on the same network may hijack live sessions. They may even operate a rogue WiFi network to lure unsuspecting victims and gain access to their system and by extension, business data.
A strict policy of not using public wifi should be put in place. If employees must use public network, then it must be done through a VPN to encrypt data transmission.
7. Scan Your Computer Network
Long-term usage of a system without scanning leads to accumulation of junk items including potentially harmful codes. You should take advantage of the New Year break in activity to scan your entire network for unwanted and unsecured apps, servers and codes.
Regular scanning of system should be part of your organization’s calendar.
Bonus Tip! Don’t Become A Victim Of Phishing Thru Social Engineering
Phishing is a form of social engineering that may be executed via email, SMS, or voice calls. A Phishing email is the most common method by which hackers compromise business systems.
Phishing that is tailored to a particular target is known as spear phishing. Phishing messages are designed to fake familiarity with the intended target. A user may receive a fake email about a product they use or a store they shop at to help create engagement with the malicious email.
Phishing emails may contain malicious attachments or links which are designed to exploit the vulnerability in the victim’s system or application such as the browser when opened. Hackers may also directly request personal information via email.
Long-term usage of a system without scanning leads to accumulation of junk items including potentially harmful codes. You should take advantage of the winter holiday break where employee activity may be lower to scan your entire network for unwanted and unsecured apps, servers and codes.
Regardless of an employee’s role or security position, the basic practices discussed above will help keep your organization safe.
To get the best from your employee, you must develop adequate and robust security policies and engage employees in regular training to build a company culture that promotes cybersecurity. For more information on how improve your cyber security techniques for the New Year, please contact SDTEK.
Wishing everyone a very Happy New Year!