Cybersecurity is a must have for businesses, but one of the most common questions we hear is "Where do I start?"
There are a lot of variables that go into cybersecurity postures, but there are commonalities between all of them. While there is no way to eliminate all cyber threats, there are actions to take to mitigate risk.
The very first step in a cybersecurity posture is to choose a path and stick to it. Everything you do for cybersecurity will have pros and cons, but the most important thing is to stay the course with your cybersecurity posture.
Once you have committed to a plan, there are a few basic things that every cybersecurity posture should have. Think of these as the first level of building blocks:
- Antivirus software. Anti-malware software is a must for both personal and professional devices. Without an antivirus software, your system is completely vulnerable
- Backups. Ensuring your information is housed safely is essential for businesses. This can be accomplished through a local appliance, managed providers, or data centers that can host your data.
- Multi-factor authentication. This involves the use of a code or app authentication in addition to password login through an approved device, such as a person’s smartphone.
- Updates and patches. Hardware that is up-to-date and under warranty is a more difficult target. The update notifications you receive on your devices aren't always just to make your device or application run more efficiently. Often, they contain changes in response to the ever-changing landscape of cyberthreats.
Bonus: Cybersecurity Training
Employees are often the largest cybersecurity risk for an organization. Employee security risks are often due to negligence, apathy, and a lack of knowledge. The most common, and dangerous, mistakes employees make in cybersecurity are
- Using weak passwords.
- Using unapproved personal devices.
- Sending emails with sensitive data to the wrong recipients.
- Accessing free WiFi Hotspots for work.
- Sharing sensitive data with colleagues using unsecured messengers.
- Unauthorized application installation.
- Not backing up critical data.
It may not be malicious in nature, but there is always the risk of human error when it comes to cybersecurity. Employees can be your weakest link or first line of defense when it comes to data security. During onboarding with Anteris we provide training for employees and continuing education throughout your partnership. Reminders are necessary to help employees remember and employ best practices.
The Next Steps
Once your foundation is laid, it's important to continue building your cybersecurity posture. The items listed below can be seen as the next steps, or things to implement once your foundation is solid.
- Mobile device management. If you’re giving your employees cell phones for work use, you need a mobile device policy to protect your data in the event an employee’s phone is lost or stolen. More importantly, you can control what these mobile devices can do: what can be accessed, the apps that can be downloaded, purchases made, etc. Basically, the entire device can be controlled, letting you dictate what is company use and what is not.
- Data loss prevention. This is monitoring and protecting sensitive information to ensure it does not leave its designated area, and that all data is accounted for and where it ought to be.
- Having a disaster recovery plan. Even with the best plans, there is no way to completely guarantee against cyberattacks. It is essential to have a disaster recovery plan in the event of an attack and to test it regularly.
- Encryption. Encryption isn't just limited to email. This is making sure that the websites being visited are secure (encrypted websites will use HTTPS), your data at rest is secure (for example, if someone steals an encrypted hard drive, they still can't access the data even though the other security measures have been removed), and your data in transit is protected (this can be email, entering information on websites, etc.).
- Remote VPN. Remote virtual private network (VPN) allows you to access your company's resources that live behind something, like a firewall, even when you are not in the office. This can be particularly important as more people are working outside the office and make need to connect to a public WiFi.
If you have Microsoft 365, there are also additional security steps you can—and should—take.
- Advanced threat protection. This is an add-on to Office 365 that detects suspicious activity and prevents malicious attacks from hitting your network.
- MFA. In addition to the MFA option listed above, Microsoft 365 has it's own MFA that can, and should, be enabled.
- Multi-Geo. This allows you to provision and store data at rest in the data locations that you've chosen to meet data residency requirements while allowing your workforce to work in other locations.
You may already be doing everything we've already discussed and that's great. There are more advanced steps you can take to enhance your cybersecurity. These could be
- Third-party risk assessment.
- Third-party penetration testing.
- Threat hunting.
How Anteris Can Help
At Anteris, we make security a top priority. As cybersecurity professionals, our security services support your business and protect your data from outside threats through services such as Active Dark Web monitoring.
We pride ourselves on being lifelong learners. Being a security expert doesn't mean that someone has learned everything they need to know about cybersecurity. That's impossible. It's always changing. We know that and recognize that cybersecurity is an ever-evolving process to assess, align, and act, and keep moving forward as cybersecurity changes.
Network security isn't a one size fits all thing. As a strategic managed IT services provider, we will strategize and implement the technology that will best protect your organization. Every business is different, and cybersecurity plans will reflect that. We're here to help you assess where you are now and work with you to figure out what your next move is, whether it's starting with the basics or building out a more robust plan.
We believe that education is the key to the prevention of all types of cyberattacks, and work with our Clients to provide ongoing education to make employees aware of the security dangers and provide them with the knowledge of the best practices for protecting against cyber threats.
While there is no guaranteed protection against threat, we also have best practices for recovery in the event of a security breach.
Let us make your technology freeing, not frustrating.