With threat actors increasingly targeting smaller businesses, digital risk is no longer an exclusive concern for specialist roles such as CISOs or threat analysts. In the modern threat landscape, IT leaders are now finding themselves performing the task of head of cybersecurity, too.
Each year provides a new set of concerns for IT security leaders and for many it can feel like you are trying to hit a moving target – and the truth is that you are. Bad actors keep finding new ways and new holes in your systems, and it is essential that you stay alert at all times.
But help is at hand. Here's seven top tips for reducing your digital risk:
1. Get up to date
Number one on your list is to make sure that all your systems and applications are up to date. For example, you’ve probably already replaced your old Windows 7 because it is no longer supported, but this was just one of a number of Microsoft products that is losing support in 2020. Sharepoint (2010), Hyper-V (2008) and Windows Server (2008) are all losing support, too. Click here for the complete list of Microsoft products that are being retired.
2. Protect your identity
Review the privacy settings on all of your applications. If you’re not already using multi-factor authentication for third party applications, now is the time to start doing so. Make sure that you or your employees are not using the same password on any two logins, get a secure password manager installed on all machines and enforce a strict randomising of password updates. This is one of the weakest points of security in any system and getting people out of poor habits will go a long way toward preventing breaches.
3. Cultivate a security culture
Your people should have security at the front of their minds. Reward staff for completing training and becoming more aware of any potential vulnerabilities and threats that their activity may have to company systems. Communicate success by publishing the names of those who have successfully adhered to these policies. Provide training on protecting their personal data. Make it cool to be cyber-savvy!
4. Be prepared
Always assume the worst can happen – and that it might have already happened. Prepare for emergencies and develop clear plans for disaster recovery and/or data breaches. Have current data backups in place including off-site. Work directly with your technology suppliers and business partners to ensure that they have procedures in place, too. In fact, it should be a necessary condition of doing business with your company so ensure it is included in your service level agreements.
5. Build your team
Make sure your staff are trained regularly and are kept up to date with the very latest information regarding various security threats. If you are intending to bring on more staff for security purposes, start your hiring process early: there is a shortage of qualified people so assume that it will take longer to fill positions than anticipated. Encourage diversity (including possibly considering outsourcing) to widen your talent pool. But have appropriate policies to ensure you are not reliant purely on trust, and consider monitoring for sensitive areas of operation.
6. Protect your data
Segregate your data so that not everything is in one place, or accessible from one entry point, and put extra security on your ‘crown jewels’ - your most important data. Encrypt data at reset and data in transition where appropriate.
7. Look outside
Remember that internal and perimeter security can only go so far. There is a strong likelihood that important and valuable information about your employees, customers and systems infrastructure has already been shared and sold by bad actors on both the Dark Web and the Surface Web. You should constantly monitor external marketplaces for the existence of your information. Make sure you are always one step ahead of the game and beat the bad actors where they live!
Protect your business from digital risks. SKURIO solutions safely reveal the threats to your data that exist outside your network and illuminate digital risk.