It may come as no surprise to many of us that cyber attacks across the globe are on the rise. As more devices and systems are being connected to the internet, and people are continuing to share, or store personal data on these devices and systems, this creates extra attack surfaces that hackers can use to try and steal this data.
Some common examples of cyber attacks and types of data breaches are:
- Trojan Horses
- Zero Days
- Identity Theft
- Denial-of-Service (DoS)
- Distributed Denial-of-Service (DDoS)
- Stolen hardware/software
- Password sniffing
- Breach of access/access controls
- Website defacement
- Web browser exploits
- IM/Email Spamming
- Intellectual Property theft
- System infiltration
- Cross-Site Scripting (XSS)
- Credential Reuse Attack
- SQL Injection
- IoT Based Attack
- Wi-Fi Cracking
As you can tell from this list, there are tons of ways that hackers can make use of in order to get into our systems and steal our data. In an attempt to try and adequately protect not only ourselves, but also our business or organization from any number of these possible cyber attacks, we must first understand what a cyber attack is.
NISTS Computer Security Resource Center describes a cyber attack as:
An attack, via cyberspace, targeting an enterprise’s use of cyberspace for the purpose of disrupting, disabling, destroying, or maliciously controlling a computing environment/infrastructure; or destroying the integrity of the data or stealing controlled information.
One might ask, “what can I do to protect myself, or my business from a possible cyber attack?”. How can you prevent, or at least make it more difficult for hackers to exploit your systems, and steal your data?
Our goal with this post is to provide a short list of the Top 10 tip that a business can perform in order to increase the security posture of their business or work force.
1. Keep Software and Systems Up-to-Date
Most cyber attacks occur because our software or systems are not up to date or fully patched, which leaves weaknesses in systems, known as vulnerabilities. These vulnerabilities can then be exploited by hackers in order to gain access to the system and eventually to the network; and once they are in, it is often too late.
2. Security Awareness Training for Staff/Employees
Users will always be the weakest link in the security chain, and will almost certainly be the most common way hackers get access to private systems and data. For hackers, phishing and social engineering are still very common entry points into company networks. Employees need to be regularly trained on common security awareness techniques like checking links before clicking them, and checking email addresses from supposed senders.
3. Install and Configure a Firewall
Putting your company’s network behind a firewall can prove to be one of the more effective ways to defend from a cyber attack. A well configured firewall can provide protection against hackers by shielding your company’s computers or network from malicious or unnecessary network traffic. Firewalls can also prevent malicious software from infiltrating a computer or network via the internet.
4. Implementing Endpoint Security
Endpoint security is the practice of securing the entry points of end-user devices such as desktops, laptops, and mobile devices from being exploited. Endpoint security systems secure these entry points on a network or in the cloud from cyber attacks. These paths need to be protected with specific endpoint protection software.
5. Perform, and Maintain Regular Backups
When a cyber attack does occur, it can often lead to disaster in the form of damages, theft of data or intellectual property, and loss of reputation. This is why it is crucial for data to be backed up in order to avoid not only serious downtime, but the loss of data and the potential for serious financial loss.
6. Perform Access Control
This may come as a surprise, but not all of the possible attack surfaces that hackers can use will be remote or from the internet; but can actually be physical as well. Ensuring that only those who should have access to the systems or networks inside of the company is imperative not only to business security but business continuity. Another often overlooked fact is employees leaving unlocked desktops open while they are away from their desks. All it would take is a hacker to insert a USB device containing malware into a system that would allow them access into the machine or the entire network and infect it.
7. Wireless Security
Any device that connects to the internet can be infected, this means that if an infected device is connected to a company network, then the entire network can subsequently become infected as well. Securing networks, and hiding them could potentially be one of the safest actions that a company can take to ensure their wireless systems are secure.
8. Separate Accounts for Each User
Anytime there is more than one user connecting to the same account, this can put not only the credentials for the account, and the account itself at risk; but also the network and the business itself. Having separate accounts for each user, and providing them with their own set of login credentials for every application and program.
Ensuring that every staff member or employee has their own logins can help in reducing the total number of attack surfaces that hackers can take advantage of. Also, businesses will also get the benefit of increased usability, on top of the added layer of security.
9. Account & Access Management
Another often overlooked risk that many businesses face is allowing employees to have the ability to install software, apps, or other programs onto business owned devices. These actions could ultimately compromise the businesses systems/devices and further put the network and business at risk.
Having administrative rights and blocking employees from installing software or even accessing certain data on the network will provide greater overall security to the business.
10. Enforce Strong Passwords
As unfortunate as it is, it’s becoming more and more known that many employees reuse the same password for multiple logins. This habit, as convenient as it may seem, can actually turn out to be very dangerous for a business. Once a hacker has figured an employees password, if the employee has set the same password for multiple accounts, then the hacker may have login access to multiple accounts as well.
Ensuring the employees are not only using different passwords for every login account they may have, but also enforcing a strong password policy can be incredibly beneficial to a businesses security.