Going Beyond “Don’t click on that link!” – Best Practices for Cyber Resilience

by | Jul 21, 2020

Keeping yourself and your organization cybersecure can feel like an uphill battle in the face of an ever changing landscape of threats but the good news is that there are certain easy to learn behaviors security experts use that can shore up security before and after an attack. Whether you’re simply looking to improve your own cyber hygiene, helping a team shore up best practices while working from home, or setting up standards for an entire organization, these tips are a great place to start when building cyber resilience.

Stay educated on cybersecurity trends

The best way to keep yourself (or your business) cybersecure, is to make sure that you are keeping up-to-date on cybersecurity trends. There are many excellent blogs that break down highly technical subjects such as cybersecurity, cyber risk, and cyber insurance into manageable news stories. Keeping informed on new threats and best practices will help both prevent attacks and deal with the aftermath of issues when they occur.

Practice password hygiene best practices

Keeping your passwords secure and private is an important part of maintaining your safety and security as well. Here are a few best practices that can help keep your passwords up to snuff when it comes to cybersecurity:

  • Use multi-factor authentication where possible
  • Keep your passwords private and avoid sharing credentials
  • Use strong passwords (don’t use personal information; use at least 10 characters; include numbers, symbols, capital and lowercase letters)
  • Avoid using the same password for multiple platforms
  • Change passwords frequently (at least quarterly)
  • Utilize a password manager that creates strong passwords automatically

Be careful with your email

Right in line with passwords, email behavior is rife with possibilities for security issues. Ensuring that you are practicing good email etiquette will help protect your entire company as well as your data. Here are a few best practices when it comes to email:

  • Make  sure to use encrypted email, many cloud based emails have encryption on by default
  • Learn to recognize phishing emails by reading messages carefully before responding.
  • Never open attachments or links from unknown senders
  • Report suspicious emails as SPAM

Keep your systems and applications up to date

We know update notifications can be annoying but keeping your systems, applications, and software up to date can protect you from attackers and malware that take advantage of vulnerabilities. You can also install an automated software monitoring manager to help keep everything current.

Close unused accounts

In this day and age, we all have a number of unused accounts languishing on the internet but these accounts can actually be an easy way for an attacker to gain access to your network. Reviewing your old accounts once a quarter is a great place to start when doing security housekeeping.

Use antivirus software and firewalls
Antivirus software and firewalls serve as a barrier between you and your data and malicious attacks. Make sure your software comes from a trusted vendor (and of course, keep it up to date!). Firewalls are also important because they help screen out malicious activity coming from the internet – namely, hackers and viruses. Your operating system and routers may have built-in firewalls but be sure to ensure they are turned on and activated.

Protect your routers and wireless access points

Wireless access spots and routers offer unique vulnerabilities in terms of access to your networks and, in turn, deserve special attention. To start, make sure that your Wi-Fi network is always password protected (WPA2) and that your router is protected by a firewall. Update your router password as well so attackers can’t just turn off your security. Additionally, be very careful when utilizing free, public Wi-Fi as your communications and data may not be private or secured. In fact, we generally recommend only connecting to secure Wi-Fi networks.

Backup your data and keep it current

While it’s important to put prevention mechanisms in place, even the best prevention won’t be able to prevent 100% of attacks. Backing up your data – ideally in both a physical location as well as the cloud – helps to prepare you for the worst case scenario. Having access to important data in the case of ransomware attack or data breach (not to mention a physical event) can be invaluable. Top security managers follow a 3-2-1 backup rule recommending that you keep three copies of your data on two types of media (local and external hard drive) and one copy off site (cloud storage).

Be cautious with social media

Social media can be a great way to connect with friends, family, and even professional colleagues but it also opens up a host of security issues. Like any platform where you share data, it’s best to exercise caution when registering an account on social media or posting information. Never accept connections from people you don’t know, never post personally identifying information about where you live, and when in doubt, set your accounts to private.

And a few just for teams:

Have formal, written policies regarding security

Your team can’t stick to rules or guidelines that they aren’t aware exist so put your policies down in writing and make sure they’re widely circulated. Convene an internal team to review them on a regular basis and communicate updates to the entire team to make sure everyone is on the same page. Elect an internal leader to hold your team accountable and to answer any questions as they arise. Help create a culture of security and transparency and make sure to incorporate these policies during onboarding as well.

Encrypt and password-protect all devices

Encryption can help protect any and all data on a device, especially if it is misplaced or stolen. As an organization, there may be a good deal of proprietary information being distributed throughout your company’s devices so encryption is especially valuable for team devices. While you’re at it, encourage your team to lock up devices when they are not in use.

Limit administrative access to key personnel

Since access is a key component of security, we recommend being diligent about who gets access to what in your organization as well as revoking access as soon as an employee moves on. It’s also a worthwhile best practice to consider reviewing all passwords and access whenever an employee is terminated.

Utilize your internal resources

When in doubt, remember that you likely already have security allies at your organization. Reach out to your IT or technology department to get their thoughts on security or to incorporate them into your policies. The more you can involve your team, the better compliance is likely to be.

As the saying goes ‘an ounce of prevention is worth a pound of cure’ – and it’s certainly true in the world of cybersecurity. There is no surefire way to protect yourself entirely but with a bit of time and some extra attention, you’ll go a long way towards ensuring extra resilience in the face of a threat or attack. Be sure to watch the our blog and LinkedIn page for more tips, information, and updates on cybersecurity and cyber resilience – and share your own tips with us!