Cyber-attacks are one of the most significant challenges businesses and consumers face in the digital age. Not only are attacks difficult to plan for, they are increasingly more sophisticated. Monetary gains from hacking corporate systems will continue to support the rising trend toward cyber-attacks, but more concerning is that hackers are not often financially driven. Many view infiltrating networks as a personal challenge, and this relentless drive makes them even more dangerous.
While it doesn’t appear that cyber-attacks will be eradicated completely in the near-future, businesses can defend themselves by protecting their network. There are steps to take and processes to put in place, particularly when it comes to devices, software and authentication methods, which can ensure that businesses are doing everything in their power to stay ahead of cyber criminals. Here, I’ve outlined my top tips that all businesses should be considering in order to safeguard their information and protect their network from the increasing danger of cyber-attacks.
1. Use Strong Authentication Methods
With stolen credentials the culprit in four out of five of security breaches, traditional user names and passwords are insecure and no match for sophisticated hackers. Strong authentication is also referred to as two-factor authentication because you have to use two different things to prove your identity. It combines something you have, the authenticator (token, smart card, mobile app), with something you know, your login ID and password.
2. Upgrade Your Software With The Latest Patch
No matter how big or small the fix, software security patches are important. A machine that is not updated with the latest security fix is much more likely to have software vulnerabilities that can be exploited by the latest virus or malware. Set automatic updates and educate your employees to accept the updates when prompted.
3. Physically Secure Equipment & Ports
Thieves want more from a corporate laptop than just the cost of the hardware; one single stolen device can lead to masses of sensitive company data. If your computer equipment is not suitably protected, it is easy for criminals to either steal data or infect your computers and network without needing onsite access.
4. Establish Security Rules For Employees
Regardless of size or number of employees, every company needs a security policy. Ensure employees know the policy and are adequately trained to do what it asks – for example, if you require a biometric password (e.g. fingerprint), make sure your employees know how to set one. By teaching employees good security practices, you will help change their behaviour and motivate them to adhere to your policies. Make sure your employees learn the security policy and you enforce the rules.
5. Encrypt Data & Enable Biometric Passwords
An easy way to add an extra layer of security is to enable a password on boot. If a user laptop is stolen, the thief can still access the hard drive by booting from a different disk. With a biometric password enabled, the hard drive is inaccessible. For most large organisations, the operating system of choice is the enterprise edition of Windows, which includes the Bitlocker drive encryption system. This automatically encrypts any data saved to the hard drive or USB thumb drives.
6. Protect Devices Against Malicious Code
Equip all company PCs and devices with antivirus and anti-malware protection. Use monitoring software to ensure the virus protection is running and has not been disabled by the user and do not allow non-compliant systems to access your network.
7. Protect & Secure External Network Access
Ensure your network is secured by virtual private network (VPN) technology to create secure Internet connections to and from your private networks. Mandate strong authentication, such as one-time password tokens or certificate-based smart cards for users to connect through VPN. Make sure your firewalls are configured correctly. Gartner Research found that 95% of firewall breaches are due to misconfiguration, rather than a flaw within the firewall itself, so regularly review your firewall logs and make adjustments as necessary.
8. Perform Regular Internal Security Audits
Technology changes so rapidly that associated security policies must be reviewed much more often than other business processes. New software vulnerabilities are discovered everyday, so it’s important to be proactive rather than reactive. Regular security audits, at least annually, will help you measure your organisation’s current security policy and operations against potential threats.
9. Define Security Rules For Admin Accounts
A single factor of authentication is hardly secure, but even worse when privileged admin accounts are shared because of the sheer volume of the number of logins needed to maintain a typical enterprise infrastructure. Implement strong authentication for admin accounts and make sure login credentials are not shared.
10. Don’t Forget About Mobile & BYOD
With the continuous growth of mobile usage comes demand for employees to use their own devices to connect to your corporate network. While the BYOD (bring your own device) trend will continue to be fuelled by user demand, it presents both opportunities and challenges. Tightly examine your organisation’s specific situations and use cases and set appropriate policies to address this growing trend.