[BreachExchange] Top 10 cybersecurity best practices

[Audrey McNeil]

http://businesspress.vegas/columns-blogs/experts-corner/
top-10-cybersecurity-best-practices

More than 4 billion electronic records were stolen in 2016, the result of
more than 4,000 data breaches, according to a new report from Risk Based
Security. That brings the number of records stolen by hackers to an
all-time high.

Today, every business — regardless of size, industry or location — is at
risk for a data breach. But you can help minimize the risk to your business
by taking these 10 specific, proactive steps to bolster your company’s
cybersecurity.

1. Know the risks

Often, businesses don’t prioritize cybersecurity because they don’t fully
understand the risk. But the fallout from even a single breach could
potentially cost an organization millions of dollars. In early 2017, the
U.S. Department of Health &Human Services imposed a $3.2 million penalty on
one health care provider because of data breaches that exposed protected
health information.

The responsibility to protect sensitive information isn’t limited to health
care providers. A new survey from LexisNexis Risk Solutions discovered that
35 percent of Americans store personally identifiable information —
including tax records, bank statements and health records — on popular
email services such as Microsoft Outlook, Gmail and Yahoo Mail.

Consider the sensitive information your company must protect. As criminals
use increasingly sophisticated technology to gain access to protected
information, the risk of a data breach is increasing.

2. Have a backup — and test it

Businesses frequently operate with incomplete or out-of-date backups. When
ransomware or other attacks strike, these businesses don’t realize the
problem until it’s too late. A plain, boring backup is your ultimate
protection; if everything else fails, you can still fall back on that. Not
only must the backup be complete and up-to-date, but it also needs to be
routinely tested to make sure that it’s ready in case you need it.

3. Use anti-spam

Data breaches often begin with an official-looking email that contains
malware or a phishing attack — an attempt by hackers to obtain usernames,
passwords and other sensitive information from unsuspecting employees. The
best defense against these attacks is to use a layer of anti-spam that
blocks a message before it ever reaches the recipient.

4. Maximize your firewall

Most networks already use a firewall, but you can maximize its
effectiveness by making sure it’s up-to-date. A firewall’s intrusion
prevention function conducts a deeper level of inspection on the network
traffic that passes through and can watch for known viruses and other
processes.

5. Don’t rely too heavily on your antivirus

Having antivirus software installed on each workstation is a must, and you
also need up-to-date antivirus installed on your server. But don’t rely on
it as your sole line of defense, because antivirus software isn’t 100
percent effective. That’s because an antivirus program operates using
identifiable information about known viruses. Some viruses are so new, or
so infrequent, that the software doesn’t recognize the threat. That’s why
antivirus software should be only one component of your security plan.

6. Utilize encryption

Any information your company sends through the internet needs to be
encrypted. This is especially true if your employees use any mobile devices
outside the office. A single laptop or phone that doesn’t use encryption
can lead directly to a data breach.

7. Enforce your password policy

Requiring users to change their passwords every 90 days or so can reduce
the risk of cybersecurity breaches. It prevents users from having stagnant
passwords or using the same password across multiple login accounts. Apps
such as LastPass allow users to easily create and use randomly generated
passwords without having to remember them all.

8. Offer frequent user training

Teaching users to be aware of suspicious emails can cut down on the risk of
a breach. Ransomware and other attacks frequently originate from incoming
emails that appear to be completely legitimate. They can be prevented in
part by training users to identify questionable emails, avoid clicking on
hyperlinks and call an IT professional for assistance.

9. Manage security rights

Do your employees have access to everything on the server? If so, a single
infected workstation could put your entire company at risk. Instead, it’s
important to separate security rights according to job function. In some
cases, it may mean that important data becomes less accessible to users,
but it will give you the advantage of increased confidentiality and
security.

10. Use two-factor authentication

When it comes to critical data, a simple password isn’t enough protection.
Consider adding a second factor of authentication, such as a token or
mobile app that provides an ever-changing six digit code. That way, even if
hackers gain access to a username and password, the authentication code
makes it much more difficult to break in.

Preparation is the best defense against data breaches that can expose your
business to lasting liability. Before a breach happens, create a
comprehensive cybersecurity plan that puts multiple layers of protection in
place, thwarts hackers and keeps your data secure.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170411/804c65ee/attachment.html>