The Brave River Guide to Cybersecurity

cybersec1

In a world with constantly changing technological demands and cultural norms, businesses are now being tasked with protecting their company tech more than ever before.

The Brave River Guide to Cybersecurity includes the 9 best security practices for small to medium-sized business to keep your company free of harm.

What acts are you taking to protect your business against this daunting, ever-changing struggle?

The best security practices for small to medium-sized businesses include:

  1. Establish Account Security
  2. Use Strong End Point Protection
  3. Conduct System Updates
  4. Security Awareness Training
  5. Strengthen Mobile Device Security Policies
  6. Follow Industry Standards for Compliance
  7. Implement Physical Methods for Securing Assets
  8. Perform Regular System Updates, IT Maintenance, and Backups
  9. Use Perimeter Protection

Account Security

Ensure that your business is not threatened from the inside out by verifying that every user is in fact who they say they are. This can be done by focusing on three main points: something you know, something you have, and something about you. Something you know includes things like your password or designated security questions – i.e., where you went to high school. Something you have refers to a physical device you own, such as your cell phone. And something about you refers to physical means of verifying your identity, such as a thumbprint or facial recognition. The rule of thumb is to have at least two of these in play for your organization.

Another important element of account security is having multiple layers of authentication. Multifactor Authentication (MFA) – also known as Two-Factor Authentication (TFA) – can be set up multiple ways, with a verification code being sent to your employees via SMS, in-app messages, or email. At Brave River, we suggest our clients utilize in-app or SMS verification for MFA. The reason for this is that your email account isn’t actually “something you have” and, as a result, can itself be compromised.

Use Strong End Point Protection

Strong end point protection goes well beyond strong password policies and MFA. Companies now use next gen protection to defend against next gen threats. One of the key ways this can be done is utilizing behavioral trends to establish boundaries for access. For example, you can use time geolocation to determine that a login attempt in the middle of the night from across the globe likely means an account has been compromised.

Conduct System Updates

Don’t put off system updates. Be sure to check for updates and complete them when released. New updates will allow your servers, computers, and devices to continue functioning properly and securely—allowing for your business applications to do so as well.

Start an In-House Security Education Program

A one-day PowerPoint presentation just isn’t enough anymore. Hackers are getting smarter and more savvy. Therefore, we need to get together to combat this growing threat. Educating your employees on the security policies and procedures will set your business one step ahead of cybercriminals. Stress the importance of these practices and get everyone on the same page about how to keep the business safe.

Through security awareness training, your business can begin to minimize human error and avoid social engineering. Social Engineering, also called phishing, is the most common method hackers use to trick people into revealing things they shouldn’t, like usernames and passwords. Checking in regularly with your employees to make sure they are conducting the best security practices and not creating vulnerabilities is the first step. From not accessing company files on a public network, to not clicking on suspicious links—creating a culture that places value upon the confidentiality of business resources will help reduce security slip-ups in the workplace.

Strengthen Mobile Device Security Policies

With the rise in mobile devices and work-from-home (WFH) business models, it is critical to determine a policy that extends beyond the four-walls of your company. Creating a standard for mobile cybersecurity can help protect your business, should something happen on or to an employee’s device. Simple rules such as having a passcode, utilizing the encryption on your device in case of theft, and installing malware on your phone can go a long way. Depending on your business, there are various options to implement into your daily practices.

Follow Industry Standards for Compliance

Industry compliance is another aspect to consider when strengthening your security methods. Monitoring any changes and adhering to the regulations set in place by industries, from finance to healthcare, will help keep in compliance with the proper security practices for your field.  Depending on your business, compliance with specific standards may be a legal requirement, especially for financial and healthcare related businesses. Most standards these days are based on the NIST 800-53 compliance framework, which offers various levels of compliance depending on your industry. Brave River conducts thorough security audits that show you exactly where you’re falling short of compliance standards, and what policies you need to catch up.

Such “top to bottom” security audits examine your business IT infrastructure and devices used to protect it (top), as well as remote or outsourced associate working behaviors and adherence to security protocols (bottom). The audit may also include an inspection of automated AI or IoT devices. This process is also known as an edge-to-edge audit, where you inspect the wide range of environments in which security is a factor within your business.

Implement Physical Methods for Securing Assets

It takes more than a virtual machine to keep your servers protected. Keeping your servers or other important devices in a protected room with password protection, thumbprint, or lock and key will help protect devices from damage or theft.  Be conscious of the location on your computer systems as well. A leaky water pipe, fire or failed air conditioner unit can destroy your critical business systems as surely as any hacker or intruder. Having guests sign is also a simple but effective way of tracking who has access to your building on a given day should a problem arise.

Perform Regular IT Maintenance and Backups

Regularly checking on the health of your business infrastructure can protect against a potential downfall. If you didn’t bring your car to the mechanic for 10-years, you could be in serious trouble down the road. In addition to maintenance, backing up your data regularly is a positive business practice. By using the Cloud or another personal preference for backups, having an alternative storage space for your information that is up-to-date will benefit you eventually.

But make sure you test your backup methods. What’s the sense in having a backup if your backup doesn’t actually work? Run tests to confirm the functionality of your method of backup. Annual backup testing is essential for businesses to have peace of mind that their data will be saved if disaster strikes.

Perimeter Protection

Gone are the days when a traditional firewall is all it takes to protect your network from cyberattacks. The gold standard for perimeter protection now is Zero Trust Network Access (ZTNA). As the name implies, ZTNA is the practice of treating all users as untrusted, until they are authenticated and authorized. Once this happens, a virtual perimeter is established that allows the user to only access the portion of your network that they need to complete their job.

But firewalls still have their place in your cybersecurity defense strategy. Your first level for securing your business should be with a strong firewall. A firewall creates a barrier between your business and hackers — keeping your confidential information far out of their reach. A firewall will also monitor both inbound and outbound exchanges of information online, detecting any potential intrusions.

Give us a call today at 401-828-6611 to speak with someone on our IT team and learn about our many IT services.

Download the free Brave River Cyber Security Guide

Recent Posts

Browse by Category

Want to keep up with latest? Subscribe today!