Cybersecurity Best Practices
With so many balls to juggle in the business world these days, it would be easy to let your cybersecurity posture falter. However, it is prudent to maintain cybersecurity best practices as much as possible considering a breach of any size could not only take down your organization for an extended period, but it could also put you out of business.
Here are a handful of cybersecurity best practices every industry should follow:
- Require passphrases, not passwords – The term strong password is a misnomer – anything resembling a password with just letters and even a few numbers can easily get hacked within minutes. Your best bet is to make sure your employees are using full passphrases that include upper and lowercase letters, numerals, and a special character like dollar sign or exclamation point. For example, a nine-character passphrase could take just five days to crack, but a 12-character passphrase could take as long as 200 years.
- Multi-factor authentication – This is one of the easiest ways to boost your cybersecurity position. Multi-factor authentication forces users to use multiple methods of verifying that they are who they say they are. For example, if you are logging into your email for the first time on a new device, you would be prompted for your password as well as a security code, most likely sent to you via text message.
- Regular training – The National Institute of Standards and Technology 800-171 already specifies training for key employees. But even without a mandate, you ought to keep your personnel up to speed on the latest effort cybercriminals are making to get into your network. For example, you can load the latest and greatest antivirus software onto your network, but if your employees aren’t aware of social engineering schemes that are going around, you could be dealing with the end results of phishing or vishing attacks for weeks or months.
- Physical security and virtual security – Oftentimes, physical drives like USB sticks or thumb drives can be lost or stolen. Or an unwitting employee can plug one of these devices into their workstation without knowing what malicious software is on them. It’s good practice to ban the use of these devices on company workstations, or to have the IT department properly vet them before they can be accessed by employees.
- Monitor for threats – NIST standards require monitoring incoming and outgoing data to detect attacks and potential indicators of attacks. Potential attacks include malicious code, communications with external systems, unusual traffic patterns, etc. Also, records of data crossing a network are necessary to identify attackers and weak points after a security breach.
Cybercriminals can hide from you, but they can’t hide from 2W Tech. 2W Tech is a technology service provider that specializes in solutions for manufacturing. We have IT consultants on staff that are experts in security solutions. Give us a call today to learn more about cybersecurity best practices and ensuring your business is protected.