Best Practices
Arctic Wolf Networks

Steps to Improve Cyber Awareness in Your Organization

Better cybersecurity starts with exemplary security hygiene. Plain and simple. Here are a few important tips:

1. Use the Latest Versions of Software

Whether it’s an on-premises software deployment or a software-as-a-service (SaaS) app, always run the latest version to ensure you’re protected against the newest cyberthreats, and that you aren’t vulnerable to old code deficiencies (e.g., zero-day attacks).

2. Encrypt Data

Always do this for sensitive data such as payment cards, account passwords, and personally identifiable information. Should a hacker somehow manage to access a secure database, they won’t actually be able to do anything with the stolen data if that information is properly encrypted. Presuming you have a backup (which you absolutely should), ransomware or malicious deletions are non-issues.

3. Avoid Connecting to Public Wi-Fi

Man-in-the-middle attacks and “evil twin” schemes—whereby a hacker creates a fake network for a legitimate business (e.g., “Starbucks Wi-Fi 2”)—are common tactics for packet sniffing and data theft. Avoid using public Wi-Fi. And if you must, set up a virtual private network (VPN) and secure your sensitive accounts with two-factor authentication.

Public Wi-Fi is a data breach waiting to happen.Public Wi-Fi is a data breach waiting to happen.

4. Change Passwords Often; Make Them Complex

Every business should have a formal password management strategy. Specifically, they should require that all employees change passwords of their SaaS applications and other software at a minimum of every few months. Passwords should be complex, using creative arrangements of numbers, letters and special characters (e.g., “$h@/0m” as opposed to “shalom”). This can help avoid falling victim to brute-force attacks that systematically guess pass phrases. Do not use the same password for all of your SaaS applications. Use a password manager if you must.

5. Revoke Old Privileges

When employees leave, on good terms or bad, make sure you revoke access to all of their existing SaaS applications. This is vital to adhering to a policy of “least access,” which is exactly what it sounds like—granting access only when and where it’s needed.

6.  Monitor Network Activity

Even with all of these steps, phishing scams and other advanced intrusion tactics are increasingly sophisticated. Leverage a security operations center (SOC)-as-a-service to protect your network. Under this predictable subscription model, security analysts provide 24/7/365 threat detection and incident response. They also supply regular vulnerability assessments to help businesses harden their data loss prevention (DLP) plans and perimeter defenses.

Learn more about SOC-as-a-service by clicking on the banner below: