In 2019, cybersecurity breaches continue to make the news, with businesses of all types being under threat. As cyber criminals use increasingly advanced techniques to gain access to our IT systems and sensitive data, it is of vital importance to protect your business.
The vast majority of targeted businesses are small as these are perceived as being under-protected, but there are measures you can put in place to ensure that your own company isn’t next. Experts from Syntax IT Support provide their top tips.
Rethink user account security
Cybercriminals typically gain access to company networks by exploiting weaknesses in individual user accounts. Sure, having strong passwords is important, but this is no longer enough to keep your business safe, and account security must be improved if you want to protect yourself against the latest cyber attacks. To improve your user account security you need to do more, including the following:
Using multi-factor authentication
Single-factor authentication is simply not enough to stay secure in the modern-day. Using multi-factor authentication should be the standard across your business, as this makes it much more difficult for cybercriminals to access user accounts and sensitive data. Multi-factor authentication can be knowledge, token or biometric-based and involves using two or more pieces of evidence to verify the user’s identity before they can log in or complete a transaction.
Limiting user privileges
It’s vital to ensure that all users across your network don’t have full administrative access, as this could put your business at risk by allowing accounts to do far-reaching damage across the whole server if they become compromised. A policy of least privilege (POLP) is best practice, as this limits each user’s access privileges to the absolute minimum necessary for that person to do their job.
Reminding employees about password policies
Employees should be reminded to create secure passwords and to never share these with anyone else. Phishing attacks often prey on unwitting employees by pretending to be a trusted source, so it pays to make sure that your employees understand never to divulge their login details, even to people claiming to be their manager or their company’s tech support team.
Treat cybersecurity as an ongoing project
Treating cybersecurity like it’s a one-time task to be dealt with is a big mistake. IT security measures are something that should be reviewed and reworked often, as cyber threats are always evolving. Keep your company’s cybersecurity efforts relevant by continuously verifying that they are still effective, getting a security professional to help you if you don’t have an expert in-house.
Having a cybersecurity expert run penetration tests against your own network security is a worthwhile investment, as these professionals will essentially hack your business using the same techniques that a cybercriminal would use in order to identify any vulnerabilities. By running these tests, you can fix any issues before a genuine hacker is able to exploit them for their own gain.
Create a response plan
Once you’re happy with your business’ defences, it’s vital that you don’t become complacent, and part of staying prepared is creating a contingency plan. Although we all hope that a successful cyberattack won’t occur, it’s prudent to prepare for the worst-case scenario, creating a disaster recovery or incident response plan to deal with anything that could come your way.
A thorough response plan will include best practice for dealing with and minimising the risk of security breaches, with details of remote data backups and how you can protect your most critical assets. This will help your business return to its normal operation without delay, potentially saving the whole company from collapse.