Cyber Hygiene 101: Basic Steps to Keep Your Company Secure

Elise Silagy

March 2, 2020

Cybercriminals are increasingly targeting small and medium-sized businesses, at least in part because the little guys are less likely to have robust cybersecurity defenses in place, and don’t typically have the resources to support an in-house cybersecurity team. 
To help protect themselves, small and medium-sized businesses are increasingly turning to experienced MSSPs (Managed Security Services Providers) to help them craft robust cybersecurity protocols, train their employees, and respond quickly and effectively if an incident does occur

Why Are Cybersecurity Security Attacks Increasing?

As more information becomes accessible online, so does the risk of this information being attacked or stolen. Businesses that rely on the internet and other digital technologies for daily operations are becoming increasingly vulnerable to cybercriminals and need to take extra precautionary measures to safeguard their data. 
Around the world, businesses are increasingly relying on cloud-based and other digital services to handle their daily operations. Whether it’s sharing an accounting report with the team or it’s providing client financial updates, life in the workplace is going digital, especially as more employees choose to work remotely. 
Cyber Hygiene 101: Basic Steps to Keep Your Company Secure

What Steps Should I Be Taking to Safeguard My Company?

There are a few things you should be doing to help keep your company’s data secure.

Have a Plan

Your company can’t adequately defend itself if it doesn’t have a plan in place. To begin, create a list of potential cybersecurity incidents that could occur (such as a ransomware attack) or dangers your employees may encounter (such as phishing scams). 
Your MSSP can help you identify potential threats and create tailored plans to address potential threats and respond to potential incidents. These plans should be reviewed frequently to ensure they are still able to meet your needs.

Make Cybersecurity Everyone’s Job

For initiatives such as robust cybersecurity to really take root, company culture needs to reflect these goals. Telling employees something is important is one thing, but for the message to sink in, company leadership needs to lead by example. 

Invest in Employee Training

A plan is only useful if your team knows how to implement it, and employees can’t follow good cybersecurity practices if they don’t know what they are. Employee training helps ensure that employees understand the importance of cybersecurity, why these protocols are in place, and how to identify suspicious activities. You should also make sure your employees know who to report suspicious behavior to, and what steps they should be taking to help safeguard the company. 
You should also make sure to schedule refresher training for your employees at least once per year, and anytime there are significant changes to any of your cybersecurity protocols.

Consider Pen Tests & Tabletop Exercises

Pen tests can help you audit your current cybersecurity posture. Pen (penetration) tests involve hiring an ethical hacker to stress test your defenses and look for gaps in your cybersecurity that can be exploited. When the hacker is finished, they sit down with you and share their notes, pointing out flaws that they managed to exploit, and offering advice on how to better fortify your network. 
Tabletop exercises are similar to fire drills in the sense that they provide employees with a hypothetical cybersecurity incident (a ransomware attack, a breach, etc.) and let them practice responding to the event in a no-stakes environment. 
This gives employees the chance to try out your current protocols so that they are well-practiced, should the need ever arise. Once the exercise is finished, your team gets together and evaluates their performance and your existing protocols, identifies any deficiencies, and comes up with solutions to address any problems that arose. Regular tabletop exercises help keep response protocols fresh in employees’ minds and allow them to acquaint themselves with any changes or updates.

Secure Your Network

Something as simple as a robust firewall can go a long way towards improving your company’s cybersecurity posture. However, while an ordinary firewall is a step in the right direction, a managed firewall is not only specifically tailored to suit your needs, but it will also help keep unauthorized users out, but also help you keep tabs on network activity and alert you to anything suspicious.
Cyber Hygiene 101: Basic Steps to Keep Your Company Secure

Protect Your Endpoints

Even the strongest fort is vulnerable if the front gate is left unlocked. If endpoints, such as laptops, smartphones, and tablets, aren’t secured, it can allow cybercriminals to access your network. 
As more organizations adopt a BYOD (Bring Your Own Device) approach, securing endpoints becomes more difficult since employees aren’t using devices that the company has direct control over. You can help safeguard your network by making sure all devices that can access your network are secure by installing security software, keeping all software up to date, implementing two-factor or multi-factor authentication, making sure employees understand why cybersecurity is important and what steps they need to take to secure their devices.

Use Secure Passwords

Secure passwords can mean the difference between a secure network and a vulnerable one. To help your employees choose robust passwords, consider following the NIST password guidelines, which are laid out in section 5.1.1.1 (Memorized Secret Authenticators) of the NIST guidelines.

Limit Permissions

Restricting which areas of the network employees can access, and ensuring that access to sensitive areas of the network, records, or programs is only granted on a must-have basis, can help keep your network secure. By not granting higher permissions than each employee needs to complete their job, you can limit the number of individuals within your organization that can access sensitive data. This helps ensure that if an employee’s username and password become compromised (for example, if they fall for a phishing scam), then there is a better chance those credentials won’t grant the unauthorized user access to sensitive information. 
You should also ensure that all former employees have their credentials revoked when they leave the company. This helps ensure that these credentials won’t be used to access the system, either with or without the former employee’s knowledge. While an active employee may realize their credentials have been compromised when they go about their daily tasks, a former employee has no reason to access the system and is therefore much less likely to notice that cybercriminals are using their credentials.

Keep Your Software Up to Date

When software companies discover bugs or other vulnerabilities that could be exploited by cybercriminals, they release patches to fix them. However, if you don’t keep your software up to date, you won’t be able to take advantage of the protection these patches offer.
Furthermore, cybercriminals are more likely to target companies that use software that has recently been patched, since they know not all organizations are diligent about keeping their software up to date.

Backup Your Data Regularly

If you fall victim to a ransomware attack, or your data becomes corrupted or lost, backups can help you mitigate or even avoid service disruptions and other headaches. However, bear in mind that any data generated after the last backup will likely be unrecoverable if an incident occurs. 
The best thing you can do to safeguard your organization is to take a proactive approach to cybersecurity, not a reactionary approach. It’s always easier to avoid or prevent a problem than it is to solve one.

Post Categories

Related Posts

What Your Business Can Learn From Netflix About Credential Sharing

What Your Business Can Learn From Netflix About Credential Sharing

Credential sharing, the practice of using someone else’s digital identity to gain access to a platform or product, has become commonplace, particularly when it comes to video streaming services. While credential sharing brings with it obvious user-end security issues for organizations of all sizes in all verticals, it also poses a serious problem for organizations that depend on the revenue generated from paid user accounts. 

read more
The Growing Trend of “Hacktivism”, & What it Means for Businesses

The Growing Trend of “Hacktivism”, & What it Means for Businesses

When most people think of a hacker, they think of a loner hiding in a dark basement, destroying computer systems and other digital resources for personal financial gain, or a sophisticated computer whiz employed by a foreign government up to no good.
However, in recent years, a growing number of hackers have been putting their skills to use for a different reason: activism. This trend, dubbed “hacktivism”, is on the rise and can have serious consequences for businesses of all sizes in all verticals and industries.

read more

VirtualArmour Solutions

Detection, investigation, and resolution of your security alerts
Prevention and visibility to protect you from a breach.
Support and monitoring of your firewall and overall security

Evaluation of your infrastructure for vulnerabilities and security gaps.

Team of cybersecurity experts that can bolster your existing security team or supplement light IT staff – to manage and monitor networks, devices, & assets.

Level of Need

Essential Services

Requirements for devices, investigations, and tickets are for a smaller IT environment that needs less.

Requirements for devices, investigations, and tickets are for a larger IT environment that needs continuous white glove service.
One time engagement. Single Service Implementation.

Partners

Become a Partner

VirtualArmour partners with companies focused on providing solutions for cybersecurity

Portal Login

About VirtualArmour

Our Team

When people, process, and technology work together, great things happen.

Articles and Resources

Your best resource for articles, tips and best practices for every cyber security situation.

Technology Partners

Learn more about how our team supplies and services, the latest hardware and software solutions.

Careers

Read about life at VirtualArmour and search for current openings.

Industry

Read more about the industries we serve and our solutions to keep you safe.