The cybercrime landscape is changing. This means that your security methods should be in a constant state of flux, always shifting and morphing as new threats emerge. As you review your security protocols, consider how the cybercriminals of today will be attempting to access your data. It’ll likely look a bit different than it did five or ten years ago.
As you’re reviewing your security methods, be sure that you safeguard your digital assets from every angle. You should be building security measures in each of the following three areas:
Multifactor authentication (MFA) is a multi-step process users take to gain access to an account. Three types of authentication methods are:
Knowledge-based methods for authenticating identity might include passwords, PINs, and answering security questions.
Inherence factors are items unique to you as a person, like scanning your fingerprint or facial features.
You can authenticate your identity using an item that only you possess, like entering a code that was displayed on a smartcard or inserting your unique thumb drive.
Cybercriminals know that MFA is the standard, which is why many are spoofing MFA requests. In this more complex version of a phishing attempt, the criminal sends an information request that looks like an MFA prompt. You should educate your employees on what a legitimate MFA request will look like. You should also consider combining MFA protocols from different categories. For example, using one knowledge and one possession factor protocol will be stronger than using two knowledge factor protocols.
Consider using a password manager application if you’re not already. Not only do these apps store your login information safely, but they can also help you create strong passwords. A few other common password hygiene tips are:
Protect your network by setting your employees up with a virtual private network. When your employees are working outside of the office, VPNs encrypt the information sent between their computers and the outside world. When using a VPN, cybercriminals won’t be able to see their keystrokes or trace their actions back to your network.
Make sure your antivirus software is up to date. Antivirus software provides basic protection against malicious software like worms, viruses, spyware, and ransomware; notifies you of vulnerabilities in your systems (like unpatched software); warns users of risky websites; and so much more. You should also be sure your firewall software has been patched so that it can manage network traffic as intended.
Pop-ups aren’t always problematic, but they can be. They can be used by hackers to collect sensitive information or encourage users to download harmful files. Blocking them at the source helps prevent accidental clicks and creates a safer browsing environment for your employees.
Backing up your data is an effective failsafe if your employees’ devices fail, get stolen, or are otherwise compromised. Simple hardware failures can result in data loss that can negatively impact operations and permanently damage relationships you have with your customers and business partners.
But backups aren’t just helpful for preventing data loss; they can also help when you need to update your devices or migrate to a new system. If you have that data already backed up, you can quickly and easily transfer that data to the a device or network.
Build a culture that promotes employee involvement in cybersecurity. You can have your employees play a part by:
Continuously monitor employee activities for suspicious behavior. These monitoring systems can be technological (e.g., software that detects suspicious patterns) or human based (e.g., whistleblower options) or a combination of both. You can also perform regular security audits so that a third party can evaluate the effectiveness of your security measures.
An incident response plan is a written playbook for how you should respond if a data breach occurs. Formalizing your plan of attack will help reduce the cost of a data breach. When building your plan, here are a few things to remember.
Investing in cybersecurity insurance isn’t just recommended; today, it is absolutely necessary. Insurance should never be your only method for protecting yourself, but it should play an important role in managing the health of your organization. Cyber liability insurance can help organizations cover some of the following costs if a data breach occurs:
The bottom line is that the cybersecurity strategies you implemented in the past may not be enough to ward off the tactics that criminals are using today. Take the steps necessary to protect yourself, your employees, and your customers. If you want to discuss these practices with our team, reach out to us today. Our Meaden & Moore advisory team would be happy to assist.