Cyber attacks have become a concern for everyone. During the first half of 2021 alone, hackers compromised a whopping 18.8 billion records. While we only hear about headline-making breaches, it’s the everyday incidents that put money into hackers’ pockets. Understanding and implementing cyber security best practices is now a requirement for any organization.
For those not already in the industry, cyber security can be complex and hard to follow. Many of your small business clients may not know how to defend themselves and may be wondering: What is cyber security? Where do I start?
This blog will establish thirteen cyber security best practices to help your clients defend themselves against a cyber attack.
What are the 13 Steps to Cyber Security?
For your clients to protect themselves from cyber threats, they must plan ahead. Enforcing cyber security best practices means focusing on the prevention and mitigation of a cyber attack. One without the other is better than nothing, but far worse than both.
Part One: Prevention
As cyber criminals become more creative and advanced, it can be challenging to keep up with the many angles they take when manipulating employees. As these attacks are constantly evolving, there’s an increasing number of necessary steps to help prevent an attack from occurring and prepare your clients’ organizations, should they fall victim. Such steps include:
1: Keep Software Up to Date
Yes, these constant pop-ups and reminders on computers, tablets, and phones are annoying, but they are there for a reason. Employees should do software updates as soon as they’re available, so each system is prepared for the latest attack strategies.
2: Create a Culture of Continuing Education
Hackers are talented manipulators who prey on human emotion to get the personal information they want. All employees should have cyber security training on the latest threats and phishing attacks, and how to identify them appropriately. Identifying an attack is the first step toward stopping it.
3: Use a Secure Email Gateway and Domain Keys Identified Mail
A secure email gateway (SEG) is software that monitors the emails that employees send and receive. It checks for spam, malicious attacks, and fraudulent content while letting legitimate emails get through to employees’ inboxes.
To further reinforce a business’s email security, they should use a domain key identified mail and domain-based message authentication, reporting, and conference system (DKIM & DMARC/SPF). Such a system authenticates their email server to provide further protection against compromise.
4: Utilize Strong Passwords
A strong password is a complex password. Utilizing both letters and numbers, and varying capitalization can help thwart hackers. Multiple strong passwords should be used for different portals and web pages. Using the same password for everything could be the universal key a hacker needs to wreak havoc.
A password manager can be a valuable tool to generate and retrieve complex, strong, and unique passwords.
5: Use Multi-Factor Authentication
Multi-factor authentication (MFA) provides an added layer of protection for your clients by requiring users to provide two or more verification methods to gain online access. Instead of only a username and password, MFA requires additional biometric (fingerprint or face scan) or hardware token verification.
We recommend Google Authenticator. MFA options are typically inexpensive and are well worth the investment as a means of critical control to reduce the risk of cyber crime.
6: Use Dual Authorization
Dual authorization requires that two people sign off or input their credentials to approve a submitted transaction. It prevents businesses from paying false invoices and making accidental payments to hackers posing as legitimate entities.
If a business receives a communication that looks suspicious, they should not call the number on the invoice, as they may be calling the hackers directly and get pulled into their scam. In addition, they should not respond to the email to confirm payment details as they may be giving the hacker more sensitive information.
7: Securing Remote Desktop Protocol Ports
Remote desktop protocol (RDP) is a Microsoft proprietary protocol that enables remote connections to other computers. In other words, it lets people control a computer from anywhere in the world. Hackers can easily exploit RDP ports to get into networks, meaning businesses should secure any such open ports.
To secure RDP ports, there are two simple steps that businesses can take. They can:
- Prevent the exposure of their RDP servers to the internet by keeping them behind a firewall.
- Enable Network Level Authentication (NLA) to limit potential attackers to only those who are authenticated.
8: Proactively Back-Up Data
The loss of data can have a significant effect on an organization’s ability to conduct business. When a cyber attack occurs and essential data is lost or inaccessible, the company may also face business interruption costs in addition to those associated with the actual attack. Frequently backing up important data can drastically reduce the time it takes a business to recover from a cyber attack.
9: Form a Breach Response Plan
Are your clients’ organizations prepared for an attack? What role will each party take? What are their duties?
Ironing out these details will allow everyone to confidently and quickly take action. A step-by-step plan should be written out and agreed upon before facing any breach.
10: Secure a Cyber Liability Insurance Policy
The costs associated with a business data breach average $4.24 million and can lead to bankruptcy for the unprepared small business. Such costs come from areas and services such as:
- IT forensic costs
- Credit protection costs
- Crisis management costs
- Breach of contract claims
- Negligent protection of data claims
- PCI fines, penalties, and assessments
So what is the best cyber security precaution? A cyber liability policy.
Part Two: Mitigation
Once a breach occurs, how a business responds to it has an enormous effect on the extent of the damages. A well-thought-out and fast response is one of the most important ways to control the damage.
11: Act Fast with MDR Services
When a cyber attack occurs, a fast response limits the hacker’s power. One of the best ways to minimize your response time is to utilize managed detection and response (MDR) services. MDR services are a cost-effective way to provide 24/7 real-time cyber incident response and security consulting services.
In addition to MDR services, businesses should have a pre-set breach response plan. Have your clients organize a breach plan so that they waste no time in mitigating the damage. A few breach plan meetings could save the business millions in damage.
12: Secure the Breach & Identify Compromised Data
Businesses need an experienced IT forensics team to swiftly identify the problem and to fix and secure the data breach. However, such services are very costly for companies without a cyber insurance policy in place.
13: Be Transparent with Customers
It’s imperative that an organization that has suffered a breach be transparent with its customers and the public about what sensitive information was accessed. This restores trust and avoids additional fines and penalties. Even though it is news that nobody wants to deliver, hiding a data breach can make an already big problem even more significant.
Get Started With ProWriters
As cyber attacks become more and more common, it is not a matter of whether, but of when hackers will attack your clients. A cyber liability policy is now an essential part of all cyber security best practices and provides the necessary protection from these imminent threats.
For more information on protecting your clients, download our FREE eBook, The Six-Step Guide to Becoming Your Clients’ Cyber Expert.
To learn more, contact a ProWriters expert today or call 484-321-2335 with any questions.