Cyber security: Best Practices
Is your business following cyber security best practices for employees?
Research conducted by Kaspersky Lab revealed 35% of businesses are unsure if corporate information is stored on company servers or cloud providers. This makes the safeguarding and accountability of data extremely hard to achieve. It also puts its integrity at risk and paving the way for potentially severe security and cost implications.
Cloud services are enabling companies to take advantage of key technologies to support day-to-day operations and growth plans. And, now, it can be done without worrying about maintenance or the hefty price tag. So, it’s no surprise that 78% of businesses are already using at least one Software-as-a-Service (SaaS) platform. The same number (75%) are also planning to move more applications to the cloud in the future. Nearly half (49%) of enterprises and 45% of SMBs are looking to outsource IT infrastructure and processes to third parties.
Cyber Security Plans
However, for many organizations, the speed of adoption and cost and operational savings has been to the detriment of security. Many use cloud services with no strategy in place for the security of their information. It’s often because of uncertainty around who is responsible for the security of data in the cloud. Indeed, our research found that 7 out of 10 (70 percent) businesses using SaaS and cloud service providers have no clear plan in place to deal with security incidents. This could also affect their partners. A quarter of businesses admit to not even checking the compliance credentials of their service provider. This suggests an assumption that they will pick up the pieces if something goes wrong.
There are 42% of businesses not feeling adequately protected from incidents affecting their cloud service provider. A quarter (24%) of businesses having experienced a security incident affecting the IT infrastructure hosted by a 3rd party, over the last 12 months. So, a reliance on cloud providers alone to provide complete protection could be a risky strategy.
This lack of planning and accountability by cloud adopters for the security of their information could have serious consequences for companies. Enterprises suffer an average $1.2m financial impact as the result of a cloud-related security incident, compared to $100k for SMBs. Where data has been compromised as the result of a 3rd party incident, the top 3 types of data to be affected were:
- highly sensitive customer information (experienced by 49 percent of SMBs and 40 percent of enterprises)
- basic employee information (35 percent for SMBs, 36 percent for enterprises);
- emails and internal communication (31 percent for SMBs, 35 percent for enterprises).
Taming The Cloud
Therefore, businesses have to find ways to get the cloud zoo under control. Every package of data needs to be protected wherever it happens to be at any one time. To do so, companies need spotting anomalies within their cloud infrastructures. That can only be achieved through a combination of techniques including machine learning and behavioral analytics. This ability to identify and defend against unknown threats is absolutely fundamental to cloud infrastructure security. Besides that, enabling visibility of the cloud ecosystem and its cybersecurity layer will give businesses two advantages. These advantages include a clear view on where data resides and if its current protection status meets corporate security policies. Only this way business will be able to tame the cloud zoo and have complete control by following cyber security best practices for employees – no matter how much and where data is stored.
Cyber security: Best Practices For Employees
Avoiding malware and online scams takes a lot of work. You have to treat every email with suspicion, manage a long list of convoluted passwords, and avoid public WiFi networks. Ideally, you follow several other cyber security best practices for employees. But many users don’t believe they’re worth the time. If you’re one of those people, here are five ways to stay safe that won’t eat up all your time:
1. Multi-factor authentication (MFA)
This tool can keep you safe even after a hacker has stolen one of your passwords. That’s because MFA requires more than one form of identification to grant access to an account.
The most common example is a temporary code that is sent to your mobile device. Only someone with both the password and access to your smartphone will be able to log in. Almost any online account provider offers this service. Some even let you require additional types of verification, such as a fingerprint or facial scan.
2. Password managers
Every online account linked to your name should have a unique password. This password should be at least 12 characters. And the password shouldn’t contain facts about you (avoid anniversary dates, pet names, etc.). Hackers have tools to guess thousands of passwords per second based on your personal details. Then, the first thing they do after cracking a password is to try it on other accounts.
Password manager apps create random strings of characters and let you save them in an encrypted list. You only need one complex password to log into the manager. Then, you’ll have easy access to all your credentials. No more memorizing long phrases, or reusing passwords!
3. Software updates
Software developers and hackers are constantly searching for vulnerabilities that can be exploited. Sometimes, a developer will find one before hackers and release a proactive update to fix it. Other times, hackers find the vulnerability first and release malware to exploit it. This forces the developer to issue a reactive update as quickly as possible.
Either way, you must update all your applications as often as possible. If you are too busy, check the software settings for an automatic update option. The inconvenience of updating when you aren’t prepared to is nothing compared to the pain of a data breach.
4. Disable flash player
Adobe Flash Player is one of the most popular ways to stream media on the web. However, it has such a poor security record that most experts recommend users block the plugin on all their devices. Flash Player has been hacked thousands of times. Products from companies like Microsoft, Apple, and Google regularly display reminders to turn it off. Open your web browser’s settings and look for the Plugins or Content Settings menu, then disable Adobe Flash Player.
5. HTTPS Everywhere
Just a few years ago, most websites used unencrypted connections. This meant anything you typed into a form on that site would be sent in plain text and could be intercepted with little effort. HTTPS was created to facilitate safer connections, but many sites were slow to adopt it or didn’t make it the default option.
HTTPS Everywhere is a browser extension that ensures you use an encrypted connection whenever possible. You’ll be alerted when one isn’t available on a page that requests sensitive information. It takes less than one minute and a few clicks to install it.
If you run a business with 10 or more employees, these cyber security best practices for employees won’t be enough to keep you safe. You’ll need a team of certified professionals that can install and manage several security solutions that work in unison.