Cybersecurity Controls

STOP. THINK. PROTECT.

Cybersecurity Controls Every Business Must Have

Cybersecurity in the business world is changing drastically.  What used to be ‘nice to have’ controls are now bare minimum requirements.  Outlined below are our recommended measures that all businesses need to implement to mitigate risk and minimize disruption  when a security event occurs.


Top 10 Security Controls

  • 1. Multi-Factor Authentication on Email

    Easy to implement and enhances security of your email in a big way! Also, push notifications are preferred over 6-digit codes. 

  • 2. Lengthy Passwords

    The longer the password, the more secure it is, but the minimum recommended character requirement is 12-16. Consider using a password manager to ensure you and your employees are not reusing the same password across multiple systems.

  • 3. Anti-virus, Anti-malware, & Anti-ransomware

    Endpoint security solutions that utilize Artificial Intelligence (AI) and machine learning – not signature-based like legacy solutions of the past.

  • 4. Secure Remote Access

    VPN isn’t always the way to go – this can be a huge security risk when not properly configured as most VPN connections allow full network access.  There are better, more secure, and easier solutions to use for secure access to any application or server.  

  • 5. Next-Generation Firewall

    Got a firewall? Great. But is it a next-generation firewall with all the security features configured and enabled? Just because you have a firewall doesn’t automatically mean your network is secure. And lastly, make sure it is under warranty and a current support contract! 

  • 6. Geolocation or Geo-IP Blocking

    Your network and your Microsoft 365 data are connected to the internet and, therefore the entire world. Did you know you can restrict what regions of the world can connect to your network or Microsoft 365 data? Unless you have set these restrictions up, you might unintentionally be adding unnecessary risk.  

  • 7. Onsite/Offsite Backup – Cloud to Cloud (including backup of 365)

    Just because you have a backup solution, doesn’t guarantee you can recover from a disaster or cyber-attack. How long it will take to recover your systems? Onsite backups just aren’t enough and most people don’t realize their email/data in Microsoft 365 is not backed up natively! Just because it’s in the cloud, doesn’t mean you can ignore protecting it.  

  • 8. Security Awareness Training & Testing

    Employees can be your biggest asset, but they can also be your greatest threat.  Educating and testing your staff can benefit the employee as well as your company by encouraging good security practices in the home and at the office. Arguably, the best investment you can make in security! 

  • 9. Email Security & Content Filtering

    Most breaches come through email. Anti-spam and web-content filtering are important measures, but alone they are not enough. Your email system should be configured to help flag external vs internal email to help staff recognize when something is suspicious.   

  • 10. Regular Application & Operating System Patching

    Proper patch management will ensure your systems are kept up-to-date and fix vulnerabilities in your software and applications that are susceptible to cyber-attacks.

Beyond the top 10 controls, there is much more you can do to secure your business and your data. Some of these controls include: 

  • 11. Multi-Factor Authentication (MFA) on Everything!

    If a system or application supports MFA, turn it on! It is arguably the best action you can take to protect your accounts from unauthorized access and attacks.

  • 12. Cybersecurity Insurance

    Don’t assume your general insurance policy will cover your claim should you experience a breach. Additionally, even with a Cybersecurity insurance policy if you’ve not done your diligence, your claim could be denied. Having insurance is critical, but completing everything on this list is equally critical! 

  • 13. Annual Risk Assessment

    Aside from being a requirement for most compliance and Cybersecurity Insurance policies, a risk assessment helps you to understand where you’re doing well and what areas need attention. 

  • 14. Device Encryption & Device Management

    With working mobility increasing, controlling how your company data is being accessed, from where and from what devices is a major concern – or it should be. Are employees accessing your company data on personal devices? The family PC? Their personal phone or tablet? What happens if that employee leaves the company….where is your data?  

  • 15. Vulnerability Scanning

    Vulnerability Scanning is a process that scans your network looking for known vulnerabilities to identify areas needing remediation through patching systems to shore up your security posture.  

  • 16. IT Security Policies

    Policies help to set expectations among staff and help to define procedures and improve operations while removing emotions from critical decision-making events.  

  • 17. Business Continuity Planning & Testing

    Do you have a list of employee contacts and a list of ALL of your customers contact information if suddenly you are unable to access your server or cloud data? Business Continuity Planning helps to ensure your business can continue to operate after experiencing a major event impacting the ability to access the building or your systems.    

  • 18. Network Mapping

    Documenting your network and how it is designed can help in the event you need to rebuild after a disaster.  

  • 19. Peripheral Control

    Protecting your assets and your staff from infecting your network or exfiltrating data, peripheral control blocks or prevents unauthorized use of devices such as USB thumb-drives.

  • 20. Application Control

    Review of what applications exist on your network and block or prevent unapproved applications.

  • 21. Data Loss Prevention (DLP)

    Prevent accidental or intentional copying, forwarding, or printing of confidential or proprietary data.


Contact your Account Manager to Review!

cybersecurity controls form

Share by: