Five Ways to Protect Your Business Against an Evolving Threat Landscape

This blog was provided by Max Shier, Vice President, Chief Information Security Officer, Optiv.

Securing your business against rapidly advancing cyber threats is more important than ever – and it starts with reinforcing basic cyber hygiene. Most data breaches are still due to insider threats, caused by individuals with the best of intentions who still inadvertently fall for phishing and social engineering tactics, costing their organizations substantial fees and losses.

Let’s get back to basics and continue to reinforce behaviors that will help protect your business from the inside.

Use Strong Passwords and Password Managers

It may seem glaringly obvious, however, strong passwords are fundamental to securing online activity. Update passwords regularly and use a strong, unique password for every professional and personal account. For larger organizations, consider holding a training workshop on password development with features to implement and avoid.

Here are some password best practices:

• Use complex passwords with a minimum of 12 characters that require lowercase and uppercase characters, numbers and special symbols
• Incorporate password blacklisting and audits
• Implement password vaulting for privileged accounts
• Consider using password managers for personal accounts

Enable Multi-Factor Authentication

Build on your strong password with multi-factor authentication (MFA) for enhanced security. MFA requires users to present at least two pieces of evidence to prove their identity, making it much harder for cybercriminals to gain unauthorized access to accounts even if they have compromised a password.

Popular MFA methods include one-time SMS passcodes, hard tokens, security questions and push-to-accept notifications with number matching or other user inputs.

Update Software

Threat actors will always go the route of least resistance, and it does not get much easier than vulnerabilities in software and applications. Turn on automatic updates when possible or update software and security patches as soon as they are available. As technology evolves, so do hacking techniques, making outdated software more susceptible to exploitation.

Additionally, compliance with industry standards and regulations often mandates up-to-date software, safeguarding not only sensitive data but also your company’s reputation.

Recognize and Report Phishing

Phishing scams continue to be a worldwide threat to organizations. More than a third of surveyed respondents took at least one action in 2022 that put themselves or their organization at risk.

Companies can empower their employees to recognize and report phishing scams by providing comprehensive cybersecurity training, similar to the password workshop mentioned earlier. Encouraging a culture of skepticism can be beneficial, prompting employees to verify unexpected emails or links before taking any action. Thus, it is also important to establish a clear and user-friendly reporting system that encourages teams to promptly report any suspicious emails or activities they encounter.

Limit Your Digital Footprint

Anywhere you go online, you leave a digital footprint. Cybercriminals can use this footprint to create more effective social engineering schemes. Employees should be encouraged to regularly review and adjust their privacy settings on social platforms, like LinkedIn, to control visibility of any personal details.

When traveling for work or working remotely in a public setting, urge the use of an enterprise Virtual Private Network (VPN) solution to protect any sensitive information on the device/devices.

These five tactics are all part of a greater strategy that can foster a security-first culture. By investing in a comprehensive cybersecurity plan, organizations not only protect their sensitive data and operations, but also fortify their reputation and resilience.