Cyber-attacks continue to impact businesses across Australia. Ransomware is on the rise and state-based actors and other criminal entities are always sharpening their tools with new and sophisticated ways to compromise critical systems.
By now we hope you understand the importance of following best-practice cyber security for business continuity.
To help better equip your business, here are five simple security solutions/initiatives that you can implement to improve your cyber security posture.
1. Implement multi-factor authentication (MFA) across your business
What is multi-factor authentication (MFA)? Like second-factor authentication (2FA), MFA is just like a password in that it’s another form of proof that a user must enter to be verified before accessing a system, application, computer or website.
Multi-factor authentication can come in several forms – including biometrics asking for fingerprint or facial recognition, and push notifications that deliver a code to your phone.
Because cyber security threats have evolved and will continue to, a simple password with numerals and letters simply doesn’t cut it anymore. Once a password has been compromised it’s on the dark web forever, but with MFA in place, a compromised password won’t bring your business to its knees.
We recommend putting MFA on all your critical devices and systems.
2. Conduct cyber awareness training for all employees
Your employees are both your strongest and weakest links when it comes to cyber security. Therefore, we firmly believe conducting regular cyber awareness training for your employees is one of the best returns on security investment you can make.
Social engineering or ‘phishing attacks’ are on the rise. With such attacks, the actor’s goal is to lock sensitive data and disable passwords, making systems inaccessible until a ransom is paid, typically using cryptocurrency.
They come in the form of legitimate emails or websites asking for someone’s credentials, but once the user enters them the system or computer is compromised. Conducting regular cyber awareness training to educate your employees on how to identify potentially harmful emails and websites is imperative to your overall security strategy.
Additionally, there is a host of other dos and don’ts relating to best-practice internet usage that staff need to be aware of.
3. Regularly backup all data
This is something we simply cannot stress enough; your data must be backed up. The easiest rule to follow is the 3-2-1 rule. Simply put, it’s important that you have 3 versions of your data – your primary production data and then two backup versions.
Your production data can live wherever it lives, whether it be on-premises or in the cloud. And then you have two more versions housed in a different location, ideally one version is off-site somewhere, whether it be a warehouse, the cloud, your garage, or somewhere else.
By following this simple principle, if you were ever compromised you could quickly boot up one of your other two versions and continue to maintain business as usual.
4. Implement a structured patch management regime
When we refer to patching, in a nutshell, we are referring to a software update, and these updates are usually done to address a known vulnerability, bug issue in the software or to introduce new features or improvements. From a customer standpoint, this could relate to a particular performance issue, or to bolster security measures.
The term patch management refers to a structured approach to software patching. What I mean by that is it’s not wise or considered best-practice to simply go in and update everything and hope for the best. Patch management is a structured process that involves the research and testing of any update before it’s rolled out across the customer’s environment.
Here at Area9 for example, our team is always on the lookout for updates and emerging vulnerabilities that may require a product update. We also assess the customer’s existing environments, looking for any gaps or areas for improvement. When we identify a patch is required, we assess the likelihood of an adverse impact to the customer’s environment, test it, and then if everything works fine, develop a staged approach for rollout to avoid any business downtime on the customer’s end.
5. Leverage firewalls
One of your first lines of defence against a cyber attack is a firewall. A firewall is a network security system designed to prevent unauthorised access to or from a private network. They can be implemented in both software and hardware form, or in some instances, a combination of both.
Firewalls monitor and control incoming and outgoing network traffic that is based off predetermined security rules. Think of them as a barrier between something that is trusted and something that is not. They help to prevent unauthorised internet users from accessing private networks connected to the internet. Consider them the moat and wall to your castle.
If you would like to learn mor about how Area9 can help you achieve a more robust and effective security strategy, speak with one of our experts.