Cybersecurity Best Practices to Protect Your Business
|
Cybersecurity is an issue your business has to address, no matter your product or your customer. From unsophisticated “phishing” attempts to more sophisticated tactics, a breach of your network can compromise customer credit card information, valuable intellectual property and employee personal information. Here are some strategies to harden your network defenses and make sure you are best prepared to deter a cyber attack.
1. Employee Training and Awareness
When it comes to protecting your network, employees are the weak link [1]. They download viruses, they don’t change their passwords, and they increasingly use personal electronic devices at work. Any cybersecurity program needs a training component for both new and current employees. That training should include tips on how to spot a “phishing” attempt, how to create stronger passwords and a review of company policy on handling confidential information. Some IT security teams proactively publish bulletins to employees on new cybersecurity threats as soon as they are identified.
2. Increase IT Staffing
The first line of defense a business has against cyber attacks is a strong IT department. That department is typically staffed with employees who maintain the day-to-day function of the network and, increasingly, employees who monitor and mitigate security breaches. IT security employees typically have extensive technical qualifications and experience that can slow down the hiring process [2]. Using a staffing agency can help your organization quickly deploy the talent you need while you develop a broader security strategy.
3. Creating Multi-Level Access Control
In every spy movie, someone uses the phrase “need to know.” In every IT department, the phrase should be “need to access.” Users on your network should have access to the files or databases they need for their specific role, and nothing more. Most IT departments create access “levels” for employees, typically tied to seniority and number of direct reports. These access levels should be reviewed quarterly to ensure that key information remains compartmentalized. Multi-level access control will not completely protect your data, but it will make theft that much more difficult.
4. Monitoring User Activity
Anyone on your network can be a threat or can unwittingly become a threat if their account is compromised. Spotting suspicious activity can sometimes be difficult, as cyber attackers may loiter in your network for weeks or even months, assessing network vulnerabilities. However, IT security staff should be trained to spot some of the more common indicators that sensitive data may be at risk. Has anyone repeatedly tried to access secure information they don’t need for work? Has anyone downloaded excessively large files to an external device? Are there any employees trying to access proprietary information long after a project has been completed? If the answer to any of these questions is “Yes,” then prompt follow-up will be necessary.
5. Mind the (Air) Gap
Despite your best efforts, your network will always be vulnerable. You need a fallback option if your network is compromised and your business is about to be significantly impacted. This option is called “air-gapping” [3] a computer or server and preventing it from accessing any outside network. What you are doing is physically disconnecting from the outside world, which in turn makes it impossible to remotely compromise an air-gapped system. That fallback option can be used to preserve sensitive information if your entire network fails.
These strategies can’t guarantee your network’s security, but they can help you deter routine cyber attacks and prepare for more targeted penetration. One thing is clear: Protecting your network is not just the IT department’s responsibility; it’s the responsibility of every employee. If you don’t educate your workforce and make them part of the solution, every employee you hire will represent one more network vulnerability.
Schedule a conversation with one of our staffing experts.
Sources
[1] http://fortune.com/2016/06/20/employees-computer-security/
[2] https://www.enterprisetech.com/2017/02/14/cyber-skills-gap-grows-along-threats/
[3] https://www.wired.com/2014/12/hacker-lexicon-air-gap/
Leave a Reply