At the beginning of each year 1 in 4 people create personal resolutions that they hope to act upon for better self-improvement. This practice can also be useful for organisations as they look to improve their current technological practices. In this article, we’ve listed some New Year’s resolutions that your organisation can make to improve operations and overall cybersecurity.
Resolution 1: Promote Password Security Policies
While keeping your organisations software up to date will boost the security of your organisation, 4 out of 5 security breaches occur due to compromised log in credentials and passwords. An organisation-wide enforced password policy can assist with reducing this risk. Some methods that you can use to increase your organisations security include:
- Linking uncommon words to form passwords, frequently termed “passphrases”
- The use of lengthy passwords, with a minimum of 16 characters advised
- The use of a password manager
- The enforcement of two-factor authentication protocols
- The use of uncommon words in passwords
Additional Benefit: Strong Passwords Assist With Security
By promoting the use of strong passwords your organisation can reduce the likelihood of a data breach by up to 81%.
When it comes to implementing strong password security throughout your organisation, the use of multi-factor authentication (MFA) is highly recommended and can’t be stressed enough as a simple and effective security improvement. The use of MFA will challenge any user to provide additional verification during the security process, such as a PIN or code, before or after a password has been supplied.
Resolution 2: Transition Your Data To The Cloud
Purpose designed Cloud storage offers a safe and viable solution for your data storage needs. Incorporating cloud services into your organisation may increase the security of your data, and it will also improve the flexibility of your organisation.
Additional Benefit: The Use Of Cloud Storage Provides Flexibility
When it comes to the capacity of their on-site data storage, businesses can encounter issues. If your storage unexpectedly reaches capacity, cloud-based services enable you to increase your storage space in minutes.
Also, for organisations that utilise hybrid or remote working situations, cloud storage provides a simple and scalable way for employees to access information remotely. In addition, a survey found that 59% of businesses that use cloud-based services are likely to see an improvement in their productivity.
Resolution 3: Condition staff to be on the lookout for Phishing Attempts
Phishing attempts for private information are one of the most utilised tactics undertaken by cybercriminals. A phishing attempt is when an unauthorised person pretends to be a person or organisation with the intent of stealing a user’s identification or information for their own illegal purposes.
Phishing attempts are commonly delivered via an email or SMS message, and while the email or message may appear to be legitimate, they will often contain a malicious action or a fraudulent request for a payment of some type.
Further Action: Training For Phishing Attempts
Phishing awareness training will help staff to recognise and avoid phishing attempts that they may be subjected to. Training is available which will introduce staff to harmless, yet dubious email messages. Staff are asked to review the emails for authenticity, and the administrator of the test is notified if the staff interact with the test content that is contained within that message. This type of testing helps to identify individuals who could benefit from additional phishing attempt training.
Resolution 4: Keep your Technology up to date
Technology updates are released on a regular basis, and they typically include enhancements to software, systems, and security. We recommend that you install manufacturer recommended updates you receive as soon as possible (particularly security updates), as your devices unpatched may be vulnerable to a cyberattack, putting your personal and organisational data at risk if you delay these updates.
Additional Benefit: Updating Software Vulnerabilities
In 2021 approximately 18,500 vulnerabilities in software were discovered by researchers, with some researchers discovering 50 vulnerabilities a day on average. As a result, these discoveries, and the warnings that they create, are taken very seriously, and updates for these vulnerabilities are created and announced as soon as possible. By keeping your applications, programs, software, and systems up to date, your organisation will achieve an enhanced level of overall security.
Resolution 5: Securely Backup Your Data Regularly
There is no way to foresee when you or your organisation may experience human, software, or hardware failure. It can occur at any time, and the effects can range from inconvenient to disastrous. To avoid these types of unfortunate consequences, we strongly recommend that you have a regularly planned backup strategy in place.
Additional Benefit: Regular Backups Avoid Costly Expenses
A defined backup policy will provide your organisation with a safety net, and it can also assist you to avoid costly expenses in the future. Attempting to recover lost files can take an excessive amount of time, and the price to do so can range dramatically, which is another reason proactive backup practices are recommended before disaster strikes.
Resolution 6: Use A Secure VPN When Working Remotely
We recommended any person who needs to access organisational resources remotely does so with the use of a secure virtual private network, otherwise known as a VPN.
Additional Benefit: Using A VPN Boost’s Network Security
VPNs reduce the risk of third-party individuals with malicious intent accessing sensitive information. A VPN will also hide a remote user’s IP address, adding an additional layer of security.
Resolution 7: Create A Guide To Staff Departures
When a staff member departs from an organisation they not only leave behind a record of their online and internal system activities, but they also depart with security-related information such as passwords and log in credentials, which in turn creates the potential for unauthorised user access or a security breach.
By creating a guide to staff departures, an organisation can ensure that any staff departure does not lead to a vulnerability in online and system security.
Further Action: Create A Staff Departure Guide For Security-Safe Offboarding
A staff departure guide should address three key access areas: cloud data, subscriptions, and email accounts.
An organisation’s cloud storage policy should encourage staff to store company-owned assets in a centralised location. This will ensure that when a staff member leaves, their access to this data is removed and their access rights are revoked, while retaining the ability of other users to access this data in the centralised location.
Next, an employee departure guide must include a method to identify which user login credentials are associated with different group accounts. By doing this you ensure that existing staff members aren’t locked out of an account due to a staff departure.
To preserve the flow of previous communication that has existed due to a departed staff member, management must decide what to do with the former staff members’ email accounts and online and system identities. These include what actions to take regarding email forwarding, email inbox history, virtual identities, and whether any accounts need to be removed or deleted altogether.
We have created a checklist for the Digital Offboarding of Employees which you can read here.
A New Year Brings New Opportunities
A New Year brings new opportunities for organisations to learn from the past and to grow into the future. If you would like assistance with any of the subject matter that we have mentioned here please get in contact with us, as we are happy to assist you and your organisation with your system and security needs.