Cyber crimes have been rising at an incremental rate in the last few years. According to The World Economic Forum’s “The Global Risks Report 2022,” cybercriminals are starting to outpace businesses, governments and their cybersecurity measures.
And yet, even as cybercrimes become increasingly sophisticated, hackers and cyber thieves still use widely known methods like phishing and injecting malware into computer systems and succeed.
Basic cybersecurity strategies can protect secure networks as effectively as expensive software. This article discusses those strategies and provides cybersecurity tips for businesses and organizations in 2023.
Educate Employees About Cybersecurity
You can invest in robust and powerful cybersecurity solutions and technology, but hackers can still bypass your strongest firewalls if someone in your network inadvertently lets them in.
People are often the weak links in cybersecurity. According to researchers from Stanford University, 88% of data breaches are due to employee errors. Moreover, 43% of employees committed mistakes that compromised their cybersecurity. Ensuring that employees know and practice cybersecurity tips is crucial for security.
Hold an Annual Cybersafety Training
There is value in investing time and resources in educating employees about cybersecurity and training them so that security best practices will become second nature to them. One slip can lead to a multi-million dollar loss or set back a company for many years.
Here are the top cybersecurity tips for employees that must be included in every new hire orientation and refresher training for current employees:
- Practicing Password Hygiene: Prohibit personalized passwords that are easy to crack, like a birthday or middle name. To ensure your employees follow this rule, consider requiring email and network access passwords to contain special characters, numbers, capitalizations and a minimum character count.
- Recognizing Social Engineering: Social engineering is obtaining sensitive information like usernames and passwords through manipulation. For example, an employee receives an email asking for sensitive business information. Thinking the urgent email is from their boss, the employee complies, only to learn that their boss never emailed them and they received a deceptive email. The hacker will have gained access to the network, obtaining information without tripping security alarms. Employees must learn to recognize this tactic as early as possible and know how to act accordingly.
- Spam Awareness: Sometimes unsolicited emails get past spam filters and reach people’s inboxes. Employees must know how to identify spam red flags and not click any link or file in those emails.
- Separating Work and Personal Correspondence: Prohibiting the use of work assets for personal matters is one of the often-overlooked cybersecurity tips for employees. If an employee is deceived by a phishing email pretending to be their bank or mobile services provider, they can put their workplace at risk if they click suspicious links while using the office Internet. Stress the importance of separating personal correspondence from work. If they must check on private messages while at work, they can do so using their personal device and data.
- Not Leaving Devices Unattended: A lost work laptop or any work-issued device is a cybersecurity risk that must be addressed immediately. Even if there’s a chance of recovering the device, it might be safer to wipe its contents remotely or restrict it from reaccessing the company’s network. For organizations created on Cisco Meraki technology, remotely locking a lost device and deleting its contents is possible through Meraki MDM (mobile device management).
- Avoiding Indiscriminately Plugging Devices into Work-issued Devices: Warn employees against plugging random flash drives and external hard drives into a company-issued laptop. Those external devices might contain viruses and malware that can spread when the infected laptop connects to the network. Robust firewalls will keep malware in check, but that’s never an excuse for carelessness with security.
Additional cybersecurity tips for employees to prevent data breaches, ransomware and other cyber crimes in 2023:
- Do not click on suspicious-looking domains.
- Download files with caution. Similarly, avoid useless downloads.
- Be cautious when discussing work matters and uploading pictures and videos taken in the office on social media.
- Avoid using public WiFi. When unavoidable, you must use VPN.
- Do not save work login credentials on social messaging apps. Use reliable password management tools instead.
- Set up two-factor authentication for personal devices that are sometimes used for work.
Backup Data Regularly
Even with robust firewalls and security measures, it never hurts to back up your data in case a hardware or software failure occurs and your primary data becomes corrupted thanks to viruses and malware. Losing operations-critical data, applications and programs can cripple a business and ultimately lead to bankruptcy.
If you have reliable backups, you can keep your business running even if cybercriminals hold your systems hostage in exchange for ransom (ransomware attack). Therefore, backing up data should become standard practice and part of your company’s SOPs for emergency preparedness for a cyber attack.
Update data backups regularly. You can automate the process every couple of days, weeks, or months, depending on the nature and volume of data you handle.
Backup Network/Organization Security Configurations
Cloud networks and organizations are launched with preset security configurations that can change to accommodate evolving threats and business requirements. There might be a time, however, when you’ll need to restore network security configurations from several weeks or months earlier.
Backtracking configuration updates across networks can be time-consuming, especially if there have been many device- and user-level changes. It would be easier and faster to restore a network’s original configurations if it is recorded on the cloud.
A few things to remember:
- Cloning copies all existing network or organization configurations except local device and Netflow configurations.
- Cloning helps an organization that keeps adding new networks. For example, by copying the clone, IT administrators can save time setting up the MX (security) and MR (wireless) configurations for a new network.
Here’s how network and organization cloning helps maintain cybersafety:
- IT personnel can ensure that security configurations are uniformly implemented across all networks in the organization.
- IT personnel can quickly finish server security checks and reconfigurations, keeping downtime to a minimum. Hackers often take advantage of network downtimes during routine checks because IT technicians become preoccupied and potentially less alert to breach signals.
Make the Company’s Incident Response (IR) for Security Breaches Known
An organization’s response immediately after a breach determines its emergency preparedness for a cyber attack. Once it is known that a hacker has made their way into the network, all users must know what to do to secure vital data, minimize damage and contain the situation before it escalates.
An IR provides the roadmap all active users must follow in case of a security breach. All organizations must have one to ensure emergency preparedness for a cyber attack. There’s no telling what could happen after a security breach, but you know your priorities and which information you need to protect at all costs.
Build your IR around these priorities and prepare procedures for quick containment and eradication of malware, vulnerabilities and network intruders. Consult cybersecurity experts and assemble an IR response team in your company whom you can trust to act quickly and level-headedly during a crisis.
Invest in Enterprise Firewall and Antivirus Software
This cybersecurity tips list will only be complete with enterprise firewalls and antivirus software. They are often used interchangeably because both are necessary for security. However, their functions are different.
Firewalls are hardware and software technologies that protect a network and everything in it – connected devices, cloud services, programs and applications – from external threats, specifically hackers and cybercriminals. Antiviruses, meanwhile, protect a network from internal threats such as malware, spyware and trojans.
Functions of a Firewall
Functions of Antivirus
Cyber threats are getting increasingly sophisticated, but thankfully, companies that provide enterprise firewalls are keeping up well. Getting the latest iterations of firewalls and antiviruses will give your networks enough protection to stop harmful intrusions.
Keep Devices and Software Updated
Rounding out our list of cybersecurity tips is the reminder to keep all security hardware and software up to date. Firmware upgrades introduce the latest features and security enhancements manufacturers develop for their products. Installing the updates will “level up” your devices and make them less vulnerable to the fast-evolving threats on the Internet.
Companies whose networks are built on Cisco Meraki can easily manage firmware updates through the Meraki Systems Manager dashboard. Organization administrators with full access can initiate upgrades, schedule them for later, or cancel an upcoming update. They can also roll back to an older firmware version and view the change log notes for every device.
Stay on Top of Network Security With Cisco Talos
Cisco Meraki is a globally trusted name in secure, scalable IT infrastructure. Since its products are managed entirely through the cloud, the company is well aware of the threats that persist beyond the secure walls of a secure network. After all, Cisco has the world’s largest threat database and a global threat intelligence team – the Cisco Talos Intelligence Group – devoted to unearthing emerging online security threats and protecting Cisco customers and the wider public.
Cisco Meraki develops robust security devices and software (the Meraki MX series) that keep up with the evolving nature of cybersecurity threats. Coupled with Talos intelligence and backup support, networks that use Meraki technology will be well-equipped to detect, contain, fight off threats, and reinforce network-wide and organization-wide security.
If you need more cybersecurity tips, we are here to help. Stratus Information Systems is a Cisco Meraki channel partner. Our cloud network specialists can help you set up and deploy cloud networks with robust protection against today’s most challenging cybersecurity threats. We can show you more through a demo or a free trial. Contact us to get started.