Part 3 - The best ways to protect yourself
The best cybersecurity systems work like the layers of an onion.
Each layer operates on top of but separately from the layer below and together form a robust system protection. The degree of protection needed depends on the risk profile of your company, which will be determined by the types of assets you have and how difficult it is for hackers to infiltrate them.
Despite there being some expensive cybersecurity options available that can be complex to install and operate, there are also many simple, low cost cybersecurity strategies that can form the basis of a very secure system.
The first step is to make sure your computer or networks are running antivirus software. This operates as a preventative measure that is always monitoring your network for malware. It not only alerts you if a virus is found but also works to automatically remove them. Popular antivirus software such as Norton, McAfee, or Kaspersky also act to protect users from potentially unsafe web pages.
The next step is to make sure that your antivirus software is maintained up to date so that all the latest patches and security updates are installed on all machines. The companies that produce antivirus software are constantly looking for new cyberthreats and update their software accordingly to fix vulnerabilities. The best option is to configure the antivirus software to automatically run scans at set times and to update the software automatically so you don’t ever have to remember to do it.
All companies that operate more than a few computers should install a firewall to protect the network. This digital wall keeps malware and hackers away by constantly filtering all incoming traffic for potential threats. Firewalls can be software based such as internal firewalls within an operating systems such as Microsoft Windows or hardware based. Some examples of third party hardware firewall devices are Barracuda or Bluecoat.
Two factor authentication
Two-factor authentication (2FA) is a user login process requiring a second form of identification beyond just a password. This can be configured in a variety of ways so the additional information required to login is a code sent to an email address or smartphone or even better to small separate hardware devices (fobs) such as Yubikey.
A virtual private network (VPN) creates a “tunnel” through which your data travels when entering and exiting a web server. That tunnel encrypts and protects your data so that it can’t be read (or spied on) by hackers or malicious software. While a VPN protects against spyware, it can’t prevent viruses from entering your computer through seemingly legitimate channels such as phishing links. Therefore, VPNs need to be used in combination with other cybersecurity measures.
Studies have found that up to 80% of data breaches are the result of weak or stolen passwords. Therefore, require both your employees and users to create strong passwords. This can be set in password policies outlining a minimum number of characters and a mix of upper and lowercase letters, numbers, and symbols. Passwords also need to be regularly changed.
Educating yourself and your employees about cybersecurity is actually one of the most effective measures available. Uneducated employees are a company's biggest liability in terms of being vulnerable to attacks such as phishing scams. Inform and train all staff on the main threats and measures to take including limiting what information they share about themselves online, how to identify phishing emails, and the need to avoid clicking on links or download attachments unless certain they are from a trusted source.
As a business policy that is communicated to all staff, make sure important data is only sent and received by authorised employees who need it for their job and minimise data sharing outside the organisation. Set up permissions for all external software downloads and installations and encourage employees to lock their computer or accounts when not in use.
There are also other great cybersecurity resources available for further information:
- National Institute of Standards and Technology (NIST) - NIST contains a Cybersecurity department and regularly publishes security best practice guides through its Computer Security Resource Center (CSRC) called NIST Special Publications (SPs).
- The Center for Internet Security (CIS) - CIS is a non-profit security resource and IT community. It has developed the CIS Top 20 Critical Security Controls, which is a prioritised set of cybersecurity best practices to counter the most dangerous current security threats.
For more information on cybersecurity threats and the best solutions to them, talk to the IT experts at FinXL who are always happy to help share their knowledge on the current state of the field.