Given the steep costs of a data breach — $3.92 million on average per incident — a proactive approach toward cybersecurity is the best business strategy. While no method is completely foolproof, the strongest defense is one that’s multilayered and best in class.
However, even significant amounts of capital invested in cutting-edge technology will not be worth the expense if your strategy is built on a shaky foundation.
Here are five (practically) free practices you can adopt to set your cybersecurity protocols on a sure footing.
1. Push out updates regularly
The infamous 2017 WannaCry ransomware that cost companies millions of dollars exploited a weakness in computers that were running outdated Microsoft operating systems. The tragedy: In many cases, the cyberattack could have been prevented. Microsoft had released a patch prior to the cyberattack, but not all businesses had integrated the update. Ensure your associates are working with the latest software updates to avoid another WannaCry-like breach.
2. Training, training, training
Your associates are an integral part of your cybersecurity defenses. All it takes is one click on a suspicious email for malware to worm its way into your business assets. Train associates on what password strength and email scams look like. Don’t wait for new associates to be trained later on in the cycle. Cybersecurity needs to be integrated into new-hire training so associates start off on the right foot.
3. Require multi-factor authentication
Multi-factor authentication (MFA) requires employees to use a combination of two authentication types for accessing a network remotely or web facing services. The types of authentication are classified as something you know, something you have or something you are. A common way to use MFA is with mobile devices. During the log-in process, two-factor authentication pushes out a unique code to that phone, and the code is then entered into the system to gain access. Because the initial password (something you know) and the associated code texted to the phone (something you have) are both required to log in, it is an effective strategy to prevent hackers from gaining access to your network by simply exploiting a weak or known password. The something you are would be a fingerprint or facial scan, for example.
4. Use a password manager
A password manager stores all of the passwords for each of your accounts, allowing you to remember only one strong passphrase used to access the password manager. These systems are very easy to use, and oftentimes make using the internet not only safer but also easier. You can open your favorite site and press a button, and it will type the credentials for you. Easy, right? Most importantly, this will enable you to create a separate password for each site you visit — especially sites that house sensitive data, like your bank account. You can find a list of password managers on Wikipedia.
5. Restrict Admin Privileges
One of the top risks is having users download malicious or unapproved software on company computers. So, why not restrict them from downloading software (and malware)? An environment where administrative privileges are restricted is more stable, predictable, and easier to administer and support, as fewer users can make changes to the operating environment, either intentionally or unintentionally. Some users will be frustrated that they cannot download programs without administrator assistance, but the benefits likely outweigh the user frustration.
How Wipfli can help
Cybersecurity strategies don’t need to be expensive. Developing a security mindset and following basic hygiene won’t cost much and are an integral part of business cyber defenses. Learn more about our cyber solutions on our web page or learn more about our managed detection and response 24/7 next-gen solution in this video:
Interested in cybersecurity?
You can learn more about fluid and agile solutions in the evolving cyber landscape on our web page.
Or learn more in these articles:
Investing in cybersecurity saves dividends
Multifactor authentication: Why you need it now
Cybersecurity 101: What does it involve?
How to protect your business from ransomware