As our world grows more connected and hackers become more sophisticated than ever, businesses need to plan ahead and act fast in order to protect sensitive information and bolster their cybersecurity approach.
Of course, it can be challenging for any business to keep up with the increasing number of cyberattacks that have become so prevalent today. Small businesses, in particular, often don't have dedicated security resources and lack the ability to detect an attack until it's too late. That’s why it’s more important than ever that organizations preemptively adopt and enforce security measures that protect the best interests of employees, partners and customers.
Read on for a few dos and don’ts on how businesses can fortify their security approach and avoid becoming a target of cybercrime.
DON’T operate by a ‘wait and see’ method
Some of the slow response to enact change is human nature – threats are somebody else’s problem until they hit close to home. But these types of threats aren’t going away. Companies and executives should focus on developing and sustaining the capabilities and processes to detect, diagnose and remediate breaches now, before it’s too late.
DO plan for a security breach
Unfortunately, data breaches will continue to occur. According to a recent report from the Identity Theft Resource Center, nearly 12 million records were exposed in 791 U.S.-based data breaches during the first six months of 2017. And as much as any business hopes it never happens to them, it’s better to be overly prepared. Prepare for the worst. Hope for the best. The goal is to limit the damage if a breach does happen, which means thinking about what an attacker can gain access to if they get inside your network and systems.
Having backups in place is key, including some that are off-site and offline (attackers, ransomware and malware can often harm connected systems and data). It’s also critical to anchor countermeasures to a known and trusted set of cybersecurity standards such as the CIS Critical Security Controls. And if any gaps in the security approach are detected, act as quickly as possible to mitigate the potential damage.
DO employ a multi-factor authentication process, with role-based access
Traditional authentication practices are increasingly unable to meet the needs of digital businesses today, which is why moving beyond simple, username and password security is crucial in order to keep attackers out of companies’ systems. A multi-factor authentication process adds additional layers of data protection that adapt to a company’s specific authentication policies in real time, an essential defense when so many devices are now interconnected.
And for employees who need to authenticate themselves, companies can ensure their access is appropriate for their role, following the “principle of least privilege” to keep them away from data and systems that don’t relate to their job responsibilities.
DO engage and prepare the organization
To make real improvements in cyber defenses now, businesses need to engage their employees in the process and get them involved in the important business risk conversations. The best way to do this is to communicate early and frequently to all internal audiences, using practical and easy-to-understand examples.
Hands-on training programs are also key in getting internal team members on board with adopting new online behaviors. Relating awareness materials to tactics employees can use at home has proven to increase their willingness to pay attention to and enact new measures on the job. To take it a step further, consider rewarding those employees who understand how sensitive and important security and data privacy are and are doing their part to proactively identify potential security issues.
DO leverage the expertise of others
Even with all the tweaks to strengthen security measures, companies are still likely going to experience vulnerabilities.It’s important to work with an expert, either someone solely dedicated in-house or a third-party firm specializing in security, but someone with a holistic vantage point of the company. They bring perspective, new skills and extra resources that can make a huge difference.
DON’T stop learning
Ultimately, cybersecurity awareness is a process that requires continuous improvement as technology and business needs evolve. The main goal is to improve an organization’s security culture in small, realistic ways over time. It’s not a simple task, which is why staying educated on the latest in security defenses is the most important thing companies can do to keep their stakeholders secure. Learn from others by studying industry data breach reports, networking with industry peers at security-related events and user groups and reading blogs and post-incident commentary.
Bottom line, data breaches aren’t going anywhere. Increasing security awareness down to the individual level is imperative as organizations move toward implementing better security postures, and these are just a few ways to get the ball rolling.
Cyber security is a key concern for organisations of all sizes. Protecting devices, networks, data and apps is an essential component of doing business. Vodafone provides security products and services to businesses of all sizes, helping you secure your business anywhere because we are everywhere. We are trusted by organisations globally, including utilities, financial institutions and government agencies. For more cyber security insights, you can find us on Twitter and LinkedIn.