Cyberattacks are not confined to big organizations and government agencies. Organizations of all sizes are at risk. The risk is rising as organizations access more Cloud applications, and employees take advantage of web-based services (e.g., file sharing and the use of public hotspots to communicate). Fortunately, there are best practices organizations can follow to cost-effectively reduce their risk profile. Such practices are also designed to protect against cyberattacks.
1. Use Passwords (Effectively)
It may sound basic, but passwords are one of the easiest ways to protect oneself. It’s far costlier to identify and repair damage after hackers gain access to your network than it is to employ passwords to help keep them out in the first place. There are two elements to developing an effective password policy:
Create strong passwords
Strong passwords are difficult to guess or to deduce with brute-force hacking techniques.
Protect passwords from unauthorized use
While strong passwords can protect your network, it’s up to employees to also protect your systems. It’s management’s job to help employees understand why and how they do so to assure protection. You can accomplish both by creating and enforcing an effective password policy. Management should lead by example, creating a workplace where cybersecurity policies are adhered to at every level -- including at the top. Employees who recognize the consequences of their actions will be more likely to make cybersecurity an ongoing priority. Think human firewall!
2. Update Your Software
New operating system and application vulnerabilities are exploited by hackers daily. Prime targets include web and common business applications such as Adobe Reader and Flash. They are targeted simply because they’re installed on many systems. For example, the “Code Red” worm in 2001 targeted Microsoft IIS web servers, which host websites around the world. The worm created a denial of service (DoS) attack that infected over 350,000 servers in a single day. Such an attack can flood networks with useless data, consuming computing resources businesses need to operate.
Vendors typically release software updates that include the latest security patches to forestall common attacks. Installing patches when they are available is a great way to prevent hackers from exploiting security flaws vendors have already identified and addressed. Patches fully leverage your investments by securing your business-critical processes.
3. Don’t Overlook Physical Security
Physical security is a critical element of cybersecurity. A disgruntled employee can derail your cybersecurity efforts by simply walking out of your office with equipment or intellectual property. Don’t let it happen!
Get more cybersecurity insights from David Florio and Sophie Doukas at their session Good Cybersecurity Doesn't Have to Be Costly or Take Years to Build at the 2018 CSAE Conference & Showcase in Ottawa.