Cybersecurity in the business world is changing drastically. What used to be ‘nice to have’ controls are now bare minimum requirements. Outlined below are our recommended measures that all businesses need to implement to mitigate risk and minimize disruption when a security event occurs.
Easy to implement and enhances security of your email in a big way! Also, push notifications are preferred over 6-digit codes.
The longer the password, the more secure it is, but the minimum recommended character requirement is 12-16. Consider using a password manager to ensure you and your employees are not reusing the same password across multiple systems.
Endpoint security solutions that utilize Artificial Intelligence (AI) and machine learning – not signature-based like legacy solutions of the past.
VPN isn’t always the way to go – this can be a huge security risk when not properly configured as most VPN connections allow full network access. There are better, more secure, and easier solutions to use for secure access to any application or server.
Got a firewall? Great. But is it a next-generation firewall with all the security features configured and enabled? Just because you have a firewall doesn’t automatically mean your network is secure. And lastly, make sure it is under warranty and a current support contract!
Your network and your Microsoft 365 data are connected to the internet and, therefore the entire world. Did you know you can restrict what regions of the world can connect to your network or Microsoft 365 data? Unless you have set these restrictions up, you might unintentionally be adding unnecessary risk.
Just because you have a backup solution, doesn’t guarantee you can recover from a disaster or cyber-attack. How long it will take to recover your systems? Onsite backups just aren’t enough and most people don’t realize their email/data in Microsoft 365 is not backed up natively! Just because it’s in the cloud, doesn’t mean you can ignore protecting it.
Employees can be your biggest asset, but they can also be your greatest threat. Educating and testing your staff can benefit the employee as well as your company by encouraging good security practices in the home and at the office. Arguably, the best investment you can make in security!
Most breaches come through email. Anti-spam and web-content filtering are important measures, but alone they are not enough. Your email system should be configured to help flag external vs internal email to help staff recognize when something is suspicious.
Proper patch management will ensure your systems are kept up-to-date and fix vulnerabilities in your software and applications that are susceptible to cyber-attacks.
If a system or application supports MFA, turn it on! It is arguably the best action you can take to protect your accounts from unauthorized access and attacks.
Don’t assume your general insurance policy will cover your claim should you experience a breach. Additionally, even with a Cybersecurity insurance policy if you’ve not done your diligence, your claim could be denied. Having insurance is critical, but completing everything on this list is equally critical!
Aside from being a requirement for most compliance and Cybersecurity Insurance policies, a risk assessment helps you to understand where you’re doing well and what areas need attention.
With working mobility increasing, controlling how your company data is being accessed, from where and from what devices is a major concern – or it should be. Are employees accessing your company data on personal devices? The family PC? Their personal phone or tablet? What happens if that employee leaves the company….where is your data?
Vulnerability Scanning is a process that scans your network looking for known vulnerabilities to identify areas needing remediation through patching systems to shore up your security posture.
Policies help to set expectations among staff and help to define procedures and improve operations while removing emotions from critical decision-making events.
Do you have a list of employee contacts and a list of ALL of your customers contact information if suddenly you are unable to access your server or cloud data? Business Continuity Planning helps to ensure your business can continue to operate after experiencing a major event impacting the ability to access the building or your systems.
Documenting your network and how it is designed can help in the event you need to rebuild after a disaster.
Protecting your assets and your staff from infecting your network or exfiltrating data, peripheral control blocks or prevents unauthorized use of devices such as USB thumb-drives.
Review of what applications exist on your network and block or prevent unapproved applications.
Prevent accidental or intentional copying, forwarding, or printing of confidential or proprietary data.