With both governments and enterprises across the globe choosing the path of digital transformation, the intervention of technologies in the day-to-day life of the citizens and businesses have increased like never before. This technology push has improved service delivery and communication both for public sector and enterprises, but this has also amplified the cybersecurity challenges. Now, the vector of attacks are increasing and cybercriminals are using the same advanced technologies to launch their warfare to bypass the enterprise cybersecurity existing infrastructure.
To be honest, nothing can be done – there is nothing called silver bullet for cybersecurity. As technology improves, the capabilities of cybercriminals will also enhance as they would use the same technology to mount their attacks on individuals, businesses and government organization. But you or your organization can thwart these by following some easy-to-do, basic and fundamental principle of managing cybersecurity. You can follow below top 5 tips to improve your enterprise cybersecurity.
Pick tough passwords
It is very hard to define the word ‘tough' – it could be different things to different people. But what I meant is that you should have a password that is not easy to guess – ideally, a combination of different words, letters and special characters. This is key because, with so many online apps and software to manage, a large number of us are using the same password for all our accounts. This is a recipe for disaster. Make all new passwords different and hard to guess today, if you have not. Criminals are now using tools that sniff out passwords reused on other sites to make their work easier and to make the stolen passwords and data more lucrative on the dark web.
Enable two factor authentication
There are people who do not like two factor authentication because it creates different layers of checks and balances leading to either delay or in some cases denial of services. People, especially from banking, financial and mobile wallet industry, have a lot to share on how two factor authentication has increased their payment failure rates. But trust me, two factor authentication is possibly one of the best cybersecurity tools available to individuals and businesses, because you are in the loop – you know what is really happening.
For example, if you have to give remote access to your computer to someone else for something that you are unable to fix. You may trust your PC but what do you know about other PC, perhaps, nothing. It may have a malware on it that connects to your network might let cybercriminals in with it. How do you minimize the cyber risk where remote access is necessary. Simply, make it mandatory for remote users to have two factor authentication. It costs a little more and it is slightly less convenient when you come to log in. But it helps to prevent egregious attacks where a criminal steals (or guesses, or buys) one of your user's passwords today and then uses it at their leisure to raid your whole network.
Patrol entry and exit points of digital assets
The details of your digital assets like where, how and who access it – can give better visibility leading to better security of digital assets. If something is not in used, simply shut it down. Hacker access to the system and the ability to move around the network and cause more damage. Smaller organizations in particular often forget to close down access points that are not being used and this is an open door for hackers to gain entry and once inside they can move around and place malware onto a network. Today, cybersecurity tools have improved that it can give you full visibility into your digital assets, use any of them but don't bogged-down by them – keep your eyes and ears open – and always pay attention to alarm bells, if it rings.
Read the boring logs
Logs are not at all sexy, nobody like them but they are the best of analyzing cybersecurity threats. Regularly read logs, they give clear trends on the system security. Usually, people follow logs when a cybersecurity breach had occurred to check the length of the damage. Managing access and endpoints and making them hard and fully traceable is a good way of improving cybersecurity. Don't collect logs just so you can look back after a breach. Use them proactively to watch out not only for attacks but also for the otherwise-innocent behaviour you want to improve anyway. If the logs from your patch assessment tool are trying to tell you that your remote sales guy in New Delhi somehow missed out on the last three Microsoft Word updates, do something about it.
Spot the Phish Threat
If one particular type of cybersecurity threat that has seen year-on-year growth, it is phishing. According to various reports, the phishing attacks have shown tremendous growth in recent years. They especially focus on employees as they are the most vulnerable target in any organizations. The good way of addressing this challenge of enterprise cybersecurity would be to have a robust security awareness program in your cyber defense strategy. Organize and educate your end users to recognize phishing and socially engineered attacks, through automated attack simulations, engaging awareness training, and actionable reporting metrics.