Better cybersecurity starts with exemplary security hygiene. Plain and simple. Here are a few important tips to improve cyber awareness:
1. Use the Latest Versions of Software
Whether it’s an on-premises software deployment or a software-as-a-service (SaaS) app, always run the latest version to ensure you’re protected against the newest cyberthreats, and that you aren’t vulnerable to old code deficiencies (e.g., zero-day attacks).
2. Encrypt Data
Always do this for sensitive data such as payment cards, account passwords, and personally identifiable information. Should a hacker somehow manage to access a secure database, they won’t actually be able to do anything with the stolen data if that information is properly encrypted. Presuming you have a backup (which you absolutely should), ransomware or malicious deletions are non-issues.
3. Avoid Connecting to Public Wi-Fi
Man-in-the-middle attacks and “evil twin” schemes—whereby a hacker creates a fake network for a legitimate business (e.g., “Starbucks Wi-Fi 2”)—are common tactics for packet sniffing and data theft. Avoid using public Wi-Fi. And if you must, set up a virtual private network (VPN) and secure your sensitive accounts with two-factor authentication.
4. Change Passwords Often; Make Them Complex
Every business should have a formal password management strategy. Specifically, they should require that all employees change passwords of their SaaS applications and other software at a minimum of every few months. Passwords should be complex, using creative arrangements of numbers, letters and special characters (e.g., “$h@/0m” as opposed to “shalom”). This can help avoid falling victim to brute-force attacks that systematically guess pass phrases. Do not use the same password for all of your SaaS applications. Use a password manager if you must.
5. Revoke Old Privileges
When employees leave, on good terms or bad, make sure you revoke access to all of their existing SaaS applications. This is vital to adhering to a policy of “least access,” which is exactly what it sounds like—granting access only when and where it’s needed.
6. Monitor Network Activity
Even with all of these steps, phishing scams and other advanced intrusion tactics are increasingly sophisticated. Leverage a security operations center (SOC)-as-a-service to protect your network. Under this predictable subscription model, security analysts provide 24/7/365 threat detection and incident response. They also supply regular vulnerability assessments to help businesses harden their data loss prevention (DLP) plans and perimeter defenses.
Learn more about SOC-as-a-service by clicking on the banner below: