Cybersecurity threats are more common than ever and last year’s above-and-beyond security tactics are this year’s must-haves. Businesses are being attacked left and right resulting in significant downtime, lost money, lost customers, and more. Also, many businesses are facing steep increases in their insurance policies, or even worse, having them cancelled because of their lack of a good IT Security Strategy. In fact, IT security is so important that the World Economic Forum ranked “widespread cybercrime and cyber insecurity” as one of the top ten global risks over the next 12 years (see example 1 below).
Example 1: Global risks ranked by severity over the short and long term
Source – World Economic Forum Global Risks Perception Survey 2022-2023
Top 5 Cyber Security Strategies for 2023
Tactic 1: Backup, Disaster Recovery, and Business Continuity Planning
If you have heard about a cyberattack in the news, it is likely because the organization could not restore all of their data and/or they could not recover their network quickly. Backup is the number one thing your organization should do to protect you from a cyberattack. If you are not being notified as to the state of backups on a regular basis, work with your Managed IT Services Professional or IT Department to discuss your backup success rate and strategy.
Tactic 2: Multi-factor Authentication
After having a concrete backup plan, the next most important step to protect your business is to implement Multi-factor Authentication or Two-factor authentication everywhere possible. This used to be something that only organizations in regulated industries had to do. Now, insurance companies are asking their clients to do this and sometimes not renewing policies or charging more money if it is not in place. The most important reason to have it is to avoid costly downtime, lost data, and ransomware. We recommend enabling Multi-factor Authentication on your web apps, your banks, and your desktops. Enable it wherever possible.
Tactic 3: Security Awareness Training
Tactic three is to address your biggest vulnerability, your employees. Nearly 88% of ransom starts with the human element. Mode5 recommends two types of training. The first is computer-based security training videos. The classes can educate your team on how to avoid inviting hackers onto your network. Many tools will show you which classes your team has completed and give your organization a score based on security competency.
The second type of training is email security training with simulated phishing attacks. This type of training involves your Managed IT Services Professional or IT department sending fake emails to your team to lure them in to clicking on malicious content. If your team member clicks on this, you are notified so they can be trained on how to avoid that in the future. Training is often the most overlooked cybersecurity tactic and is a low-cost, high impact tactic.
Tactic 4: End-Point Detection and Response Is the New Anti-virus
If your business is still using outdated anti-virus technology, you could be at a big risk. Modern endpoint security leverages traditional definition-based anti-virus technology but also artificial intelligence to identify malicious behavior that could lead to ransomware attacks and more. These tools can also be used to help recover your business from a ransomware attack and identify where the breach occurred. If your business does not currently have an EDR tool, contact your Managed IT Services Professional or IT department.
Tactic 5: Periodic Vulnerability Scanning
To make sure your network is secure and stays secure, Mode5 recommends periodic vulnerability scanning. This identifies potential ways that hackers can breach your network so they can be fixed in advance. This is a critical step in protecting your network.
How at risk is your business? Have you had a network security assessment?