19 Essential Cybersecurity Best Practices

Virtual ArmourCybersecurity, Risk Mitigation & Prevention

19 Cybersecurity Best Practices

Every company, no matter how large or small, should have a robust cybersecurity strategy in place to protect their company’s digital assets. Staying secure in the digital era is no longer and set and forget practice. You must be diligent in your security practices and always on top of new trends.

To help you ensure your data is secure here are nineteen essential cybersecurity best practices.

Document Your Cybersecurity Policies

It is important that you document all of your cybersecurity policies. This not only helps ensure that all employees are following protocol but also helps ensure that new employees can be properly trained. Even the most robust cybersecurity policy is only effective if employees receive the training they need to properly adhere to it.

Keep an Eye on Things

One of the most important things you can do to keep your company’s data secure is to keep an eye on your network and accounts. Your employees should be trained to identify potentially suspicious activity and should know what to do if they encounter it. If a cyber attack does occur the best thing you can do is catch it early, hopefully before it does any extensive damage. If you don’t detect the problem you might not know anything is wrong in the first place.

However, most small and medium-sized businesses don’t have enough employees to monitor their system 24 hours a day, 7 days a week for 365 days a year. To help keep your company, and its data, safe you may want to consider a Managed Security Services Provider (MSSP). A good MSSP is able to monitor your system 24/7/365 and is staffed by a team of cybersecurity experts who can protect your company and its data, alert you to any potential cybersecurity problems, and help you address problems should they occur.

Learn more: What is a Managed Services Security Provider.

Use Firewalls

A good firewall acts as the first line of defense between your sensitive data and cybercriminals. In addition to a standard firewall, you may also want to implement internal firewalls to provide additional protection and prevent malware from spreading if the external firewall is somehow breached. To ensure your entire network is secure you should also ensure that any employees that work remotely also install firewalls on their home networks. To enforce this policy you may wish to consider providing all telecommuting employees with firewall software.

Back Up All Data Regularly

You should backup all of your data on a regular basis so that you are never at risk for losing all of your data. This is not only important from a cybersecurity standpoint but will also help ensure your data is safe should your office experience a fire, flood, or another potentially catastrophic disaster.

Install Anti-Malware Software and Keep it up to Date

Should one of your employees accidentally open a malware-infected file or visit a malicious site Anti-Malware software will offer your company an additional line of defense. This software is designed to detect suspicious attachments and websites and either keep them from delivering their malware payload or isolate any computers that have already become infected.

Keep All of Your Software up to Date

As companies detect possible security holes in their software they develop and release patches to fix them. However, you can only take advantage of these fixes if your software is up to date. Known software vulnerabilities that have recently been issued patches are a prime target for cybercriminals, who will often specifically look for companies that have not updated their software to include the new patches. Keeping your software up to date, and ensuring your employees do as well,  is a quick and simple way to help protect your company’s digital assets.

Protect Sensitive Data

You should avoid storing sensitive data (such as credit card information or health information) on desktops, laptops, tablets, or mobile devices, especially if those devices leave the office. Sensitive data must never be stored in unencrypted forms, and any sensitive data that is no longer needed should be removed from your system.

Be Prepared

All companies should run regular tabletop exercises and pen (penetration) tests. These exercises allow your employees to practice what they have learned about cybersecurity n a no-stakes environment. They also give you time to refine and adjust cybersecurity protocols if necessary. Tabletop exercises are similar to fire drills, where employees are presented with a hypothetical cyber attack and use company protocols and their skills to respond to it. Pen tests involve hiring an ethical hacker to purposely try to break into your company’s network, and then tell you how they did it so that you can strengthen your current protocols.

Educate Yourself

It is important for any business owner to understand the basics of cybersecurity so that they can take steps to safeguard their business and its digital assets. You can do this by talking with your internal cybersecurity team or scheduling training meetings with your cybersecurity provider so that you can expand your knowledge.

Educate All of Your Employees

Especially in small and medium-sized businesses employees may fulfill a wide variety of roles. This means that all employees should be familiar with your company’s cybersecurity policies and should understand who they should go to if they think something is fishy or encounter any possible cybercriminal activities. You should also make sure that your company’s cybersecurity policies are reviewed regularly and evolve to address new potential threats.

Enforce Safe Password Practices

Though choosing good passwords and changing them regularly can be inconvenient it is important that your employees select strong passwords and change them frequently. NIST (the National Institute of Standards and Technology) offers comprehensive guidelines in section 5.1.1.1. (Memorized Secret Authenticators) for choosing secure passwords.

Password Security Best Practices

Use Multifactor Authentication

Multifactor authentication is a simple and minimally intrusive way to empower your employees to help keep company data safe. Employee cellphones work well as multifactor authentication devices since it is unlikely that thieves or cybercriminals will have both an employee’s password and their cellphone.

Avoid Phishing Scams

You should ensure that all of your employees are trained to recognize potential phishing scams, and should know who to report them to. Though phishing scams are more likely to be deployed using email they can also be carried out by phone, text, or via social networking sites. The best way to avoid falling victim to a fishing scam is to avoid opening files or clicking links that appear to be suspicious. A good general rule to follow is that if something looks suspicious it probably is, so you should tell your employees to always check with your cybersecurity team before doing anything the message suggests.

Never Leave Devices Unattended

Physical security is a large component of cybersecurity that is often overlooked. Laptops, tablets, and mobile devices should be secured when not in use. Ideally, employees would never take computers, tablets, or mobile devices that they use at work home with them but this is not feasible for companies that employ BYOD (bring your own device) policies. However, all employees should remember to lock their devices when they are not in use. Employees should also not store sensitive data on their devices unless it is absolutely necessary.

Make Sure Mobile Devices Are Secure

You should make sure to educate your employees on how to properly secure their mobile devices, both personal and professional, that connect to your network. All devices should be locked using a PIN or password, and should not be left unattended in public. Employees should only install apps from trusted sources, and should not click any links or attachments found in unsolicited emails or text messages. Everyone should make sure their mobile device software is kept up to date, and data should be backed up regularly. Employees should also install programs such as Find my iPhone or the Android Device Manager so that lost or stolen devices can be tracked.

Use Public Wifi Wisely

Public wifi hotspots are everywhere, but not all of them are as secure as they should be. Make sure employees only connect to wifi networks they trust. If an employee must use a public wifi network make sure they forget the network when they are done using it. This prevents their devices from automatically reconnecting at a later date.

Be Smart About Found Flash Drives

One of the oldest cybercrime tricks in the book is to leave infect a flash drive with malware and then leave it in a parking lot or other semi-public place and hope someone picks it up. If an employee plugs the infected device into their computer it will release malware that can potentially infect your entire network. You should make sure you have protocols in place so employees know who they should talk to if they find suspicious flash drives or other devices.

Don’t Share Everything

We all know by now that we should never write down our passwords. However, you should also have policies in place that ensure your employees don’t accidentally share sensitive information. Employees should not take photos of their desks, and they should be careful about what information they share on social media.

It’s Okay to Ask for Help

We aren’t all cybersecurity experts, and that is okay. If you are unsure how to keep your company and it’s data safe from cyber criminals you should reach out to the experts for help. A good cybersecurity expert will help you identify weak spots in your current policies, and help you improve your overall cybersecurity by creating robust policies and training your employees on them.