Regardless of the size of the business you’re associated with, you probably know cybersecurity must be an integral part of your company’s strategy. Failing to be proactive and account for it could make your enterprise more likely to experience a cyberattack that substantially disrupts your business or even causes it to shut down.
Many business representatives encounter obstacles because they’re aware of the need to make cybersecurity a priority, but don’t know how to get started. If you can relate to that common issue, use these six cybersecurity measures as your starting points.
1. Enforce Best Practices for Passwords
People often have to remember dozens of passwords to access all the platforms they use. Many of them make things as easy as possible on themselves by choosing passwords that are easy to guess or reusing them across many sites. In a recent study, the United Kingdom’s National Cyber Security Centre (NCSC) revealed 23.2 million breached accounts worldwide used 123456 as their password.
The NCSC recommends using three random words when creating a password. Doing so makes it harder for hackers to break into accounts through brute-force attacks, which involve guessing as many passwords as possible at a rapid-fire pace — usually with help from specialized tools — in hopes of eventually coming across the right one.
If your employees balk at the instructions to use unique passwords that are hard for others to guess — and potentially more difficult for the rightful users to remember — a password manager could increase compliance with best practices for passwords at your company.
2. Implement Vulnerability Scanning for Your Company’s Cyber-Infrastructure
Businesses cannot assume they’ll be among the fortunate enterprises hackers don’t threaten. That’s why many forward-thinking entities incorporate services that offer managed vulnerability scanning. This option gives them access to tools that tell users where the weak points exist in their servers, applications and more. Thanks to that knowledge, they have a better chance of fixing the problems before cybercriminals find them.
Ponemon Institute polled owners of small- to medium-sized businesses about their cybersecurity strategies and found that, in both 2016 and 2017, 40% of respondents said they deployed managed vulnerability scanning. If you haven’t considered taking the same approach, researching the solutions that suit your needs could help your company remain more aware of the risks it faces and take steps to address them before it’s too late.
3. Secure Your Website’s HTTP Headers
HTTP headers are primary parts of the HTTP requests and responses that occur when you navigate to a website. They contain details including the server, the browser you’re using and the requested page. HTTP works well for fetching and returning the content you view online, but doesn’t have security in mind.
Considering approximately 40% of data breaches originate from attacks on web apps, it’s in your company’s best interest to do everything possible to make it harder for cybercriminals to orchestrate such compromises.
Get started by applying session-level HTTP protection to secure the HTTP headers. That precaution can help safeguard against known tactics cybercriminals use, including session hijacking and man-in-the-middle attacks. It’s also useful to set up any sites or interfaces your employees interact with, so the sites log them out after designated periods of inactivity or have forced session logouts at designated intervals.
4. Encrypt the Data on Relevant Hard Drives
It’s also smart to apply data encryption to any computers your company uses that have sensitive data on them. You should especially consider doing that if many members of your workforce travel often and bring company-issued laptops with them. After all, cybersecurity does not only extend to risks that come from the online realm. It also involves protecting the devices people use to connect to the internet.
More specifically, a person could steal a laptop by breaking into a person’s car, snatching the laptop and its bag off the seat, then getting to work extracting the data from it. But doing so becomes much more challenging and sometimes impossible when dealing with encrypted information. Or, criminals could break into your company’s physical premises and take computers that way. It’s worth keeping these potential scenarios in mind as you consider encryption.
5. Create a Bring-Your-Own-Device Policy
Many companies embrace the bring-your-own-device (BYOD) option for employees because it potentially saves them money while allowing employees to use devices they know well. Before you decide BYOD suits your business needs, it’s crucial to meet with the IT team at your business and get their input on things to include in a BYOD policy to reduce the possible risks.
For example, you might require people to sign an agreement that allows you to remotely delete data from their device if they lose it, or you may decide workers cannot use devices from home for work purposes unless they keep their operating systems updated and have company-approved antivirus scanners installed.
By setting ground rules like these, you can avoid making your place of business exceptionally vulnerable to threats due to the number of risky or outdated devices connected to the network. It’s also helpful to explain to employees that taking part in a BYOD program may mean they surrender some privacy. For example, when they use their connected devices, you may be able to see their locations, whether they’re at work or not.
6. Help Employees Recognize Suspicious Emails Through Training
Cybercriminals are getting more creative when they send phishing emails, which is one way hackers try to get information they can exploit. Findings from a 2019 PhishLabs report found the volume of phishing attacks grew by nearly 41% in 2019. Also, 98% of the messages that penetrated enterprise email security controls and landed in users’ inboxes did not contain malware.
That’s because an emerging phishing tactic cybercriminals use is called business email compromise (BEC). Instead of urging people to download an attachment, hackers who carry out BEC attacks often use social engineering and pose as people in positions of power, whether within the organization or outside of it.
Moreover, many of the emails are relatively simple in their requests, but written in ways that make recipients respond because they don’t suspect anything strange. For example, a BEC phishing email that seems to come from someone in accounting might read: “Hi, we’re doing a system update and need the password you use to make direct deposit changes. Could you provide that within the hour, please? We need to get this finished as soon as possible.”
In that case, the sender capitalizes on the need for urgency, and the matter involves payroll, which is even more likely to make a person respond without question — no one wants delayed paychecks.
The evolving nature of phishing emails means it’s essential to help employees stay abreast of what they need to know to avoid problems. You can provide that through specialized training programs.
Positive Changes Are Possible
If you were initially feeling overwhelmed about moving forward with cybersecurity measures, this list should show you it’s easier than you may think to get started. Deciding to begin is an excellent first step.