Wipfli logo
Insights - Articles, Blogs and on-demand webcasts

Articles & E-Books

 

5 cybersecurity measures to focus on now

Nov 16, 2023

In today’s digital age, the importance of addressing cybersecurity risks cannot be overstated, particularly for businesses. The ever-increasing adoption of technology and the rapid pace of digital transformation have significantly heightened the risk of cyberattacks. Among the various cyberthreats, phishing attacks, malware attacks and other forms of cybercrime stand out as the most significant threats faced by businesses.

In 2023, the global average cost of a data breach was $4.45 million, marking a 15% increase over the past three years. It is no longer a question of if an organization will be attacked but rather how often and how severe the damage will be. In the previous year, 95% of organizations experienced more than one breach, with 82% of those breaches being cloud based.

To effectively address these cybersecurity risks, businesses must be equipped to manage and monitor their cybersecurity systems proactively. Fortunately, the latest security technology and artificial intelligence (AI) offer constant monitoring and protection for business assets. Some organizations opt to outsource their security monitoring to managed service providers, which not only bridges the staffing gap but also helps ensure a proactive approach to cybersecurity. Without a comprehensive cybersecurity strategy, businesses face not only the risk of financial losses but also severe damage to their reputation and future prospects.

Here are some key strategies for strengthening cybersecurity defenses and reducing risks for businesses 24/7:

1. Strengthen your email security

Email has long been a favored attack vector for cybercriminals due to its exposure to the internet and historically weak security. Recognizing and mitigating business email scams is crucial. These scams often involve creating a sense of urgency and impersonating authoritative figures like CEOs or CFOs.

Consider these steps to enhance your email security:

  • Use a cloud-based email system: Consider transitioning to a cloud-based software as a service (SaaS) enterprise email system like Microsoft 365. Cloud providers handle platform maintenance and security patching, reducing your burden.
  • Implement multifactor authentication (MFA): Require multiple verification factors to access online accounts, applications or VPNs to combat credential attacks effectively.
  • Enable email authentication: Use technologies such as Sender Policy Framework (SPF); Domain-based Message Authentication, Reporting and Conformance (DMARC); and DomainKeys Identified Mail (DKIM) to make it harder for cybercriminals to deliver fraudulent emails.
  • Activate external email warnings: Configure your email systems to alert users when emails originate outside the organization, especially on mobile email platforms.
  • Consider higher-level security monitoring: Use behavioral analytics tools to identify indicators of compromise, enabling timely detection of cyberthreats.

2. Follow password best practices:

Weak or reused passwords are a leading cause of data breaches worldwide. Businesses are increasingly moving away from sole reliance on passwords, emphasizing the need for strong password policies and MFA.

Consider these measures to improve password security:

  • Implement password filtering to prevent easily guessed strings in passwords.
  • Encourage the use of passphrases, which are harder to guess or crack than single words.
  • Increase the minimum password length, especially if passphrases become the standard.

3. Assess your hybrid workforce protocols:

With the trend toward permanent hybrid or remote workforces, it's essential to implement the right technology and security controls to protect both your workforce and your organization's data. Here are steps to enhance data security in a hybrid work environment:

  • Maximize MFA usage to secure remote access to your business network.
  • Implement a secure VPN and protect it with MFA to help ensure secure remote access.
  • Migrate legacy file servers and applications to the cloud for universal accessibility and better security.
  • Incorporate business communication technology that enables secure voice, video and text communication along with secure file storage and sharing.
  • Be sure your backup system allows for full recovery, not just file recovery, and regularly test recovery processes.

4. Establish a Bluetooth use policy

Bluetooth access is becoming increasingly important in remote work environments, especially for wireless earbuds and headsets. While some organizations may have concerns about Bluetooth security, the risk is relatively low with certain precautions in place.

Consider these steps for a secure Bluetooth policy:

  • Implement security requirements, including encryption and disabling discoverable mode.
  • Instruct users to pair devices at home or the office to minimize the risk of wireless interception.
  • Communicate acceptable Bluetooth parameters to your employees and include the policy in training materials.
  • Remind employees to turn off Bluetooth when not in use.

5. Leverage AI in your cybersecurity

Organizations are increasingly using AI and machine learning to proactively identify suspicious activities and potential threats. AI not only aids in detecting attacks but also disrupts them before they cause significant damage.

Ways to leverage AI in your cybersecurity strategy:

  • Use AI-driven anti-malware tools that can identify and mitigate malicious activity.
  • Seek cybersecurity specialists well-versed in AI developments or consider outsourcing these skills.
  • Enhance threat hunting using security information and event management (SIEM) solutions that incorporate AI to proactively detect and thwart malicious activity.

Author(s)

Tom Wojcinski
Principal
View Profile