One thing that never changes about the cyber world is that it’s always changing. New technologies are being introduced all the time and malicious actors are always coming up with new ways to steal data. This might be one reason why a recent report found that despite the current uncertainty surrounding the economy, most organizations are not reducing cybersecurity spending—in fact, the majority are planning to spend more. These numbers serve to demonstrate that many are realizing that cybersecurity is an ongoing task that requires strategy and vigilance.
To improve cybersecurity maturity, organizations from every industry should perform a cyber risk assessment on a regular basis and mitigate the gaps that can be exploited. However, even small steps can make a significant difference.
In honor of National Cybersecurity Awareness Month, here are four key strategies you can implement to help improve your company’s cybersecurity.
1. Enabling Multi-Factor Authentication
Multi-factor authentication (MFA) has been proven to be very effective at verifying that users are the people they claim to be. It is accomplished by using at least two out of three types of authentications: something you know, which could be a password or PIN number; something you have, such as a smartphone with an authentication app; and something you are, such as a fingerprint, voice, face ID, or other biometric data.
By enabling MFA, you can greatly lessen the chances that an intruder will be using your employees’ credentials to gain unauthorized access to your organization’s systems.
2. Using Trusted Password Management
Surprisingly, a significant number of organizations have legacy passwords or service accounts that lack strong, robust passwords. In fact, poor password quality is an extremely common issue in companies and is usually how hackers first gain access to the organization.
Here are some tips for improving your company’s password policy:
- Use strong passwords, including capital and lowercase letters, digits, and special characters.
- Require employees to create new passwords on a regular basis.
- Use password managers to generate and store passwords securely.
- Advise employees not to share personal credentials with anyone.
3. Updating Software
It sounds so simple to do, and yet so many companies fail to update their software on a regular basis. This can result in a much greater risk of being targeted by hackers, who can exploit unfixed security flaws in software. So why does this continue to be a problem?
The answer is likely because of a combination of inconvenience and fear. Patching can be a manual, time consuming process, and users would rather avoid having to reboot their computers to install updates. In addition, users might be concerned that their software will stop working or cause other applications to not function properly.
Nevertheless, there’s no question that updating software is a simple step that can greatly strengthen your cyber posture. Here are some tips:
- Be sure to only download updates from the company that created it.
- Have your employees receive automatic updates so as to simplify the process.
- Advise users to beware of pop-ups that urge them to download something or fill out a form; it could contain malware.
4. Recognizing and Reporting Phishing
Phishing attempts continue to increase and break records. According to the Anti-Phishing Working Group (APWG)’s Phishing Activity Trends Report, there were nearly 1.1 million observed phishing attacks in the second quarter of 2022, the most the group has ever measured in history. One reason for this is that today’s phishing can be quite sophisticated, with graphics that mimic emails or texts from banks, employers, and companies. Clearly, many people are being duped: In a mock phishing engagement carried out by CYE against a US-based bank, nearly 40% of the employees clicked on the URL that was sent to them.
To address this issue, organizations should be sure to conduct mandatory cybersecurity awareness training for all employees. The training should advise users to:
- Be cautious of email attachments and links to websites.
- Avoid responding to SMSes that ask you to click on unfamiliar websites.
- Ensure that business emails are used strictly for work, not for personal communications.
- Check the sender’s address carefully.
- Look for spelling mistakes in the email and the URL.
Undoubtedly, these tips can greatly strengthen your organization’s cyber posture. However, these steps should be part of an ongoing cybersecurity strategy that provides visibility of your attack routes, quantifies the risk of each security finding, and optimizes mitigation plans to close gaps.
Want to learn more about how to improve your organization’s cybersecurity? Contact us for more information.