We don’t know what the new year will bring, but we’re certain cyberattacks are on the horizon. The strength of your cybersecurity strategy will determine whether malicious actors successfully attack your organization. Focus on the 5 factors below and stay secure in 2020.
1. Adopt the ‘Assume Breach’ Mentality
There’s an incredibly valuable chart in Verizon’s 2019 Data Breach Investigations Report. Using timelines, the data shows how within minutes cybercriminals breach your network and extract data. But it will take you months to discover the nefarious actor – if not longer – and several days to contain the breach.
Minutes to steal your data; months for you to realize anything happened.
Combat this in 2020 by adopting the “assume breach” mentality. This recognizes the new threat landscape and changes your allocation of cybersecurity funds. Antivirus and firewalls aren’t enough because they can’t tell you what’s happening in your network. Think of it this way: You can dig a moat, but if someone successfully swims across you won’t realize they’re in your castle.
Instead of focusing only on antivirus and firewalls, work with your IT expert to maximize your security ROI based on your risk tolerance.
2. Double Up On Security – Enable 2-Factor Authentication
Make two-factor authentication mandatory across the board. It’s free on almost every system and protects against one of the most common reasons people are breached: compromised credentials. After you enter your login details, you’re asked to provide a second layer of verification – like a code sent only to your phone. Even if a cybercriminal has your password, they still need the second factor before they can do anything.
3. Answer this Question: When Was the Last Time You Changed Your Wireless Password?
You and your team may grumble about it but, by now (hopefully), you regularly change your passwords as a security best practice. There’s one password, though, you probably haven’t thought about in years: the one for your WiFi.
This poses a couple of threats. First, given enough time the security of any password goes to zero. It doesn’t matter how long it is or how many special characters you add – it goes to zero. Second, any former employee can still access your entire corporate network. Even if they left years ago.
Updating passwords is a start, but you can implement more advanced wireless security techniques too. When we secure our clients’ WiFi, we make access dependent on user credentials. Then, when someone leaves, we deactivate their user account and they’re cut off from the network.
4. Encrypt Your Hard Drives
On a trip to New Mexico, my backpack and laptop were stolen from my car and, honestly, I wasn’t too concerned. Why? My hard drive was encrypted so I wasn’t worried about any of the data. The incident became a simple matter of replacing a piece of property.
Hard drive encryption is built into modern operating systems. It’s free and, like two-factor authentication, is a simple, effective tool. When you decide to turn the feature on, contact your IT provider. They’ll create an intentional rollout, and the centralized control gives you a point person if something goes wrong and you need to unencrypt the system.
5. Follow the Sandwich Analogy
We’re inundated with emails and it can be tricky to correctly identify spam, so Microsoft came up with the “sandwich analogy.”
Imagine if a stranger walked up to you on the street and offered you a sandwich. You’d say no way and tell them to get lost. Now, say someone you haven’t talked to in 10 or 20 years did the same thing. You’d still be suspicious and respond along the lines of “This is weird. We haven’t talked in years. What are you doing here? Why are you offering me a sandwich?” But, if you went on a picnic with a friend who said, “I brought an extra sandwich. Do you want it?” You’d say, “Yeah, sure. Thanks!”
Apply this analogy to analyzing things in technology. If you don’t know the person sending the email and aren’t expecting it, be extremely suspicious. When you know the sender but don’t expect it, keep your high level of suspicion. When you know the person and are expecting it, it’s probably okay.
Looking for more guidance? Sign up for training and discover the advanced techniques cybercriminals use to create sophisticated phishing attacks. Once you know what to look for, you won’t fall for their tricks.
Risk Assessments Prioritize Action Items for Your IT Strategy
Most businesses won’t have the capacity to simultaneously act on each of the 5 factors we outlined. You want to start with the action item that will provide the biggest ROI. An IT risk assessment, like the one we developed, will point you in the right direction. Our rigorous, well-documented process