By Neelesh Kripalani, Chief Technology Officer, Clover Infotech
The beginning of a new year marks a time of reflection and planning. It’s time to sit down and draw up a few New Year’s resolutions. Some of you might want to hit the gym more or check a few travel goals off your list or stay in close touch with friends and family. However, considering the increasing usage of digital devices and the corresponding rise in the number of cyber-attacks, organizations as well as individuals need to start embracing the tradition of making cybersecurity resolutions too.
We have a few cybersecurity-related resolutions that you may want to consider adding to your list if you haven’t done them already.
#1 – Prioritize Cybersecurity: What’s the point of buying umbrellas after the rain? Similarly, it’s high time to prioritize cybersecurity and pro-actively build a defence mechanism instead of working on it after falling prey to a cyber-attack.
#2 – Don’t neglect data privacy: Organizations have several data points related to their customers, partners, and employees. Ensure that you have the right data protection and data privacy policies in place within your digital ecosystem.
#3 – Implement Multi-Factor Authentication (MFA): Using strong passwords and changing them regularly is important but it’s not enough. You should also consider adding MFA to verify identities as it makes lost or stolen user credentials worthless to adversaries.
#4 – Increase remote working security: While working from home is convenient and has many benefits, it also exposes both individuals and businesses to a range of cybersecurity risks. Use of comprehensive antivirus software, strong password policy, updated devices etc. are some of the safety measures to follow.
#5 – Train your employees: Majority of the cybersecurity incidents have an element of human error due to negligence and/or bad habits. Good resolutions change bad habits such as blindly trusting links in the email, delaying updates, not following password hygiene etc. The best solution is to periodically conduct training for employees comprising of simulated attacks such as phishing campaign etc.
#6 – Write and communicate cybersecurity policy: A cybersecurity policy is a written document that contains behavioural and technical guidelines for all employees in order to ensure maximum protection from cybersecurity incidents. Such policies reduce the possibilities of a cyber-attack and if an attack does occur, the key stakeholders are aware of the exact risk mitigation measures.
#7 – Create back-up of your data: Consider the data back-up files as your investment. As they say don’t put all your eggs in one basket, you would want to diversify them as much as possible to limit your exposure. The 3-2-1 is a good rule to ensure such diversification. The rule states that:
· There should be 3 copies of data
· Store 2 backups on different media
· Store 1 copy off-site
#8 – Remain vigilant against phishing attacks: Phishing attacks are one of the most common security challenges that both individuals and companies face in keeping their information secure. All individuals connected to the company’s network, especially those who have access to sensitive data, should be able to identify suspicious emails in their inboxes. It’s important to understand the signs of phishing email such as spelling errors, urgency, inconsistencies in email addresses/domain etc.
#9 – Control administrative privileges: Administrative credentials are incredibly valuable to cybercriminals looking to access your organization’s data. Make use of the right tools such as Privileged Access Management (PAM), Privilege Identity Management (PIM) etc. to prevent misuse of administrative privileges.
#10 – Start using VPNs: VPNs encrypt the connection between your organization’s and employee’s network which ensures that sensitive data can’t be intercepted by threat actors.
This is not an exhaustive list, but it will certainly cover a lot of your risks.
Cyber criminals are more organised than ever, and their attacks are increasingly sophisticated. By making resolutions to improve your cybersecurity, you can move towards a more secure infrastructure and perhaps a less stressful year.