Three Small Cybersecurity Tips That Make A Big Difference

Written by Max Emelianov, CEO HostForWeb
 

Protecting your business doesn't always require you to spent six figures on security infrastructure or perform hundreds of penetration tests. As with many things in life, it's the little things that really count. Here are a few things you can do right now to enhance your business's security posture - and they won't cost a thing.

There's a lot of doom and gloom in the cybersecurity space. It seems like you can't even read the news without hearing about some terrifying new black hat organization, or some highly-sophisticated malware that's bringing businesses to their knees across the world. It's hard not to adopt something of a fatalist outlook amidst all that chaos.

After all, if these large enterprises with their million and billion dollar security budgets can't fend off hackers, what chance do the rest of us have?

A pretty good one, actually. See, while it's certainly true that there are a ton of well-funded, extremely advanced hacking groups out there, the chances that one of them will directly target your business are extremely slim. Likely as not, anyone who goes after you is simply taking a shotgun approach to their hacking - throw a bunch of attempts at the wall and see which ones work.

And while a cybersecurity budget is definitely required to stymie all of these attempts, a surprising number of them can be blocked through simple due diligence. See, where cybersecurity is concerned, the little things are what really matters - the stuff you do outside of paying for a firewall and investing in network monitoring and antimalware tools.

Maintain Your Hardware & Software

Let's start with some statistics. In 2017, 60% of successful hacks targeted a vulnerability that was ten or more years old. 90% of successful hacks targeted a vulnerability that was more than three years old. 

I'm sure everyone here remembers WannaCry, right? You know, the ransomware that crippled thousands of organizations, including much of the UK's National Health Service? The vulnerability it targeted, codenamed EternalBlue, had actually been addressed through a patch from Microsoft several months before it hit. 

Yet today, more than a year after WannaCry struck, EternalBlue is still a threat, simply because many businesses still haven't applied Microsoft's patch. 

The lesson here is an obvious one. Be diligent in ensuring your business uses the latest version of applications, platforms, and systems. That includes firmware updates on connected devices, security patches for SaaS apps, and updates for desktop Operating Systems. 

Beyond that, it's also important to pay attention to your user accounts. Delete any that are no longer in use, and make sure you don't have any accounts floating around with permissions they shouldn't.

Require Better Usernames and Passwords

It's still a little baffling to me how many routers and other connected devices still use their default credentials. You may as well send a signed invitation to hackers that your business is fair game. The good news is that this is a fairly easy issue to address: 

  1. Require that employees avoid usernames or passwords they use for their personal lives.

  2. Incorporate policies that mandate strong passwords. Note that these do not have to be overly complex or difficult to remember - a long string of random words with no association to one another can actually be quite difficult to crack.

  3. Provide employees with a password manager tool like LastPass, Sticky Password, or DashLane

  4. Utilize two-factor authentication to add an extra layer of security

  5. Institute a password change every six to eight months (optional).

Promote Mindfulness

I'd like you to picture two separate homeowners. The first has invested in a top of the line security system, but frequently forgets to enable it, never locks his door, and always leaves the windows open when he's on vacation. It's occurred to him that someone might want to burglarize his home, but he's fairly lackadaisical when it comes to preventing that. 

The second doesn't have any security system but always makes sure everything is closed and locked. She asks her friends and neighbors to keep an eye on the place whenever she knows she won't be there for a while. She's also careful to make sure she doesn't leave any valuables in plain sight. 

Which of the two is likelier to be robbed? Easy - the first one. He's got all the tools he needs to keep his home safe from even the most determined intruders, but he's also incredibly careless.

This analogy can be easily applied to cybersecurity - to the fact that, no matter what you do, your users will always be the weak link in your security posture.

Thing is, how weak they are is entirely up to you. While you probably aren't going to get anywhere by trying to force boring facts, figures, and statistics down their collective throat, what you can do is teach staff to be more conscientious. To be more careful and thoughtful not just in their work, but in their personal lives.

It's a technique known as mindfulness, and it's probably the best weapon in your arsenal when it comes to preventing data leaks and social engineering attacks.

Closing Thoughts

You don't need a multimillion-dollar security system to protect your business from hackers, and you don't need a massive cybersecurity team to prevent a data breach. At the end of the day, what really matters isn't the tools in your arsenal, but how they use them. By taking a few small steps, you can vastly improve your security posture - and once you do, you'll be free to focus on how much you should spend.

##

About the Author

Max Emelianov started HostForWeb in 2001. In his role as HostForWeb’s CEO, he focuses on teamwork and providing the best support for his customers while delivering cutting-edge web hosting services.