As we enter 2018, all companies have good reason to be concerned about cybercrime. The threat is very real, and the impact of becoming a victim is potentially catastrophic. Unfortunately, many organizations have limited resources to combat cybercrime.
Here are a few cost-effective tips that virtually any company can implement to help protect themselves from the current wave of cyberattacks.
1) Update your Security Policies
An effective security policy is an organization’s first line of defense. No matter how large or small your company is, you need to have a plan to ensure the security of your information assets, and you should update it regularly. For example, as we head into 2018, many organizations may need to bolster backup procedures to combat recent ransomware trends.
The process of creating an appropriate security program will force you to think holistically about your organization’s security, and form the foundation for all of your security initiatives. Organizations can, and sometimes should, bring in outside consultants or products to help craft effective security policies. But many, if not most organizations can do it themselves at very little cost.
2) Educate and Involve Employees
Research consistently shows that human error, where employees either didn’t follow policy, or didn’t receive training that would alert them to a potential security threat, is one of the leading causes of security breaches. According to a CompTIA-commissioned survey of 1,200 full-time workers across the U.S. titled "Cyber Secure: A Look at Employee Cybersecurity Habits in the Workplace," 45 percent say they do not receive any form of cybersecurity training at work.
It doesn’t cost a great deal to provide a series of brief training sessions about cybersecurity, but the benefits are substantial.
We can’t expect employees to act securely without providing them with the knowledge and resources to do so.
3) Use Strong Passwords and Keep Them Secret
Major studies by Verizon and others continue to find that most data breaches are caused by stolen passwords. Verizon recently reported that 81% percent of hacking-related breaches leveraged stolen and/or weak passwords.
Using strong passwords is the single, most cost-effective security initiative an organization can implement. Ideally, organizations should implement products that detect weak passwords and require the use of strong passwords. But if that’s not possible, any organization can at least educate their users on the importance of strong passwords and ask them to upgrade all of their weak passwords.
Two-factor authentication should also be considered. Many services, like Google for example, offer two-factor authentication at no extra cost, and the added security is extremely beneficial.
Strong Password Construction Guidelines
The SANS institute recommends that strong password policy include the following characteristics:
- Contain a mix of uppercase and lowercase letters, punctuation, numbers, and symbols
- Consist of at least 15 characters
- Be unique from other accounts owned by the user
- Never include dictionary words
- Never include patterns of characters
- Use passwords created from characters in a phrase, not from a word
4) Perform Frequent, Regular Backups
It’s now more important than ever to perform frequent, regular backups. All organizations need to protect themselves from ransomware, and in addition to basic security practices, the best way to do so is by having backups.
The number of individuals and companies that don’t perform regular backups is astonishing. Although it does take some time to perform backups, with a little bit of thought and planning, one can automate most of the process, so the actual cost and time required is minimal.
When creating an effective backup plan, it’s important to make sure the backups are not accessible to ransomware. A frequent mistake is to assume that automatically backing up to the cloud is adequate. In many cases this is not true. A friend of mine had all of his important and sensitive data stored in the Google drive folder on his PC. Because it was automatically copied to Google’s cloud, he assumed he had a nice backup. Unfortunately, if ransomware encrypts that data on his PC, the damaged files will be propagated to the cloud.
5) Keep Systems Updated
Cybercriminals frequently use malware to penetrate their victim’s computers and networks. Since malware relies on vulnerabilities in the system, it’s critical to remove those vulnerabilities as soon as they are known.
It’s true that very advanced and sophisticated malware exploits vulnerabilities that are yet unknown. However, the vast majority of malware related cybercrime and data breaches are due to old vulnerabilities—operating systems or outdated applications that individuals and organizations have failed to patch or update.
Setting your computer to automatically update your operating system is a very simple procedure and doesn’t cost anything. Additionally, many applications will also automatically update themselves if properly configured. Numerous free products, ranging from anti-virus tools to browser plugins, are also available to automatically scan your computer for outdated software.
Staying Safe in 2018
With the ever-increasing risks of cybercrime, it’s critical to implement cost-effective measures to protect yourself and your organization. While nothing can replace a comprehensive (and potentially expensive) security program, implementing the simple and inexpensive steps outlined above will go a long way towards keeping you safe in 2018.