The Top 6 Cybersecurity Practices to Kick Off the New Year
January 2022. A fresh start on a new year. While many employees took time off during the holidays, hackers continued working diligently to attempt a break-in.
In fact, recent research indicates attempted ransomware attacks increase 70 percent in the months of November and December, compared to January and February. Other research found that, during the holidays, 33 percent of employees are likely to click links in phishing emails, and 13 percent are likely to share information requested in a phishing email. If hackers haven’t succeeded yet, they’ll just keep trying.
As many employees return to work after the holidays, no time is better than right now to review and enhance cybersecurity across the organization. Follow our top six cybersecurity practices to start the year and protect your organization from hackers.
Why you need to be cyber-aware all year long
Cybercriminals never take a break. Whether you’re working at the office or from home, traveling to meetings and events, or on holiday, cybercriminals stay focused on their mission. They’re constantly at the ready with new phishing emails, ransomware, distributed denial of service attacks, or other devious methods to gain unauthorized access to your network and data. All they need is to catch one employee off guard or to detect a vulnerability in your infrastructure.
To stay ahead of cybercriminals, with each new year, review your cybersecurity practices and provide continuous cybersecurity awareness education opportunities to your employees.
The top 6 cybersecurity practices to kick off the new year
Start 2022 off by turning these cybersecurity best practices into action.
1. Review your cybersecurity strategy
As hackers come up with new, more devious tricks, your cybersecurity strategy must keep up with it. Review your existing strategy and documentation to look for vulnerabilities and weaknesses in securing your assets, information, data, and systems that may be at risk for new types of attacks. Factor in processes and procedures from protection to detection and response, as well as compliance requirements. Also, consider the role your employees play in upholding your practices.
2. Remind employees of security best practices
Once-a-year security education doesn’t cut it these days. Prepare your organization and employees for a cybersecurity attack by providing continuous cybersecurity training at regular intervals and in small bites. This training is the perfect opportunity to remind employees of the following basic practices, whether working from home or at the office:
- Protect your organization’s data.
- Recognize phishing attempts in pop-ups, unknown emails, and links.
- Practice strong password protection and authentication.
- Connect to a secure Wi-Fi and ensure you have malware protection.
- Keep all software updated.
- Back up files often.
3. Practice good password hygiene
Nothing opens the door to hackers as easily as weak, guessable passwords. Enforce long, strong, and complex passwords to deter hackers from breaking into your computers, systems, and networks. Have employees create passwords of at least 10 characters based on a complex mix of uppercase and lowercase letters, numbers, and symbols. Use password managers to eliminate password reuse. And reinforce passwords with two-factor authentication or an identity access management platform.
4. Install all software and hardware updates
Nothing feels more disruptive to the workflow than pausing for a software or hardware update. Who has the time? It’s not about “having time” for the updates but taking time for them. These updates are critical to:
- Repairing security holes or removing bugs in an application.
- Patching security flaws.
- Adding new features and removing outdated ones from your applications.
- Protecting your data and devices to prevent any viruses from spreading.
Therefore, make sure employees and the IT team keep up with software and hardware updates as they come available.
5. Conduct a risk analysis
As your organization grows from year to year, take time to identify, manage, and protect your data, information, and assets that might be vulnerable to cyber threats. These threats can affect the integrity, confidentiality, and availability of your systems, applications, sensitive data, and intellectual property. Assess them for probable risks of financial loss, disruption, or damage to your organization’s reputation should your IT systems fail to thwart a cyber attack. Include such risks as non-technical or inadequately trained staff, backup personnel, technicians, hackers, third-party providers, natural disasters, or other environmental dangers.
Make sure your risk analysis covers the following areas at a minimum:
- Takes inventory of systems and resources.
- Identifies potential weaknesses and threats.
- Determines the risk impact.
- Develops and sets cybersecurity controls.
- Continuously evaluates effectiveness.
6. Have an incident response plan ready
The problem with cyberattacks isn’t if they’ll happen but when they’ll happen. And when they do, you need to be prepared by having an incident response plan ready to go. Review your incident response plan to help your organization prepare for, detect, analyze, respond to, and recover from a security incident.
Incident response plans aren’t a one-and-done practice. You continually update them to drive recurring detection and response activities, improving your organization’s IT and safeguarding your assets, data, and employees.
Start the new year with peace of mind
To start off 2022 on solid footing, follow the six cybersecurity practices described in this post. Doing so gives your organization the opportunity to:
- Review your current security plan.
- Evaluate changes and vulnerabilities in your overall security landscape.
- Remind employees of their role in keeping themselves and your organization safe from cyber threats.
As a result, your organization will be better prepared to prevent, adjust to, and respond to cybersecurity threats. Make your cybersecurity strategy a top priority as you start the new year.
Marcum Technology provides a full cybersecurity service offering. If you need any help, from beginning a review of your security posture to investigating a cybersecurity incident, or even if you just want to ask for advice on a situation you are facing, please contact us at [email protected]. #AskMarcumTechnology