In today’s world, cyber security is more important than ever. With the rise of technology and the internet, our society has become more vulnerable to cyber attacks that could put personal information at risk or even threaten national security. The best way to prevent these threats from becoming a reality is by being proactive in cybersecurity measures. In this blog post we will present 32 ways you can use to improve your cyber defences.
1. Educate yourself on cyber threats and how they work.
Knowledge is an important defence tool, so it’s worth spending time educating yourself to understand the latest developments in cyber security. Follow industry leaders, read up on major news stories that involve your company or organisation, and think about what you can do better for protection.
2. Be proactive when it comes to protecting your data.
Be proactive when it comes to protecting your data from being compromised by hackers with robust defences against phishing attacks like two factor authentication (or code generator apps), strong passwords, firewalls, anti virus software etcetera.
3. Practice good internet hygiene.
Practice good internet hygiene such as not clicking suspicious links sent via email or text message without due diligence first e.g., checking the sender’s name before opening any attachments , and regularly installing software updates.
4. Ensure endpoint protection is enabled.
Ensure endpoint protection is enabled for all workstations, servers and mobile devices. If you are not sure, contact your IT support or cyber security provider.
5. Run regular security audits.
Run regular security audits, and use logs to identify vulnerabilities in the system so that you can address them proactively.
6. Keep documentation about cyber attacks close at hand.
Keep documentation about cyber attacks close at hand – such as copies of emails from people who have reported suspicious activity or changes to policies that need immediate attention.
7. Avoid storing sensitive data on a shared drive.
Avoid storing sensitive data on a shared drive which may not be secure enough should it be hacked into by an external hacker with access rights.
8. Train your staff.
Training should include education about cyber risks, how to identify and respond to incidents, information on current threats. Keep employees educated on what phishing emails look like. Provide them with access only when they need it – too much is often worse than not enough!
9. Control access to your systems.
Create separate accounts for different purposes. Keep privileged credentials to a minimum and avoid storing them on devices that may be compromised, such as desktops or smartphones.
10. Limit access for a period of time.
Limit access for a period of time after remote work has been completed or update policies and procedures so that users have to provide some form of verification before being granted instant access again – this will help keep unauthorised people out while also protecting against inadvertent loss of control over who is accessing what data.
11. Use strong passwords for all accounts
Use strong passwords for all accounts, ensure they are different for each account type but not guessable, and update passwords regularly. Be sure to change your password at least every three months or when prompted for a new one in order to avoid being locked out of an account due to repeated failed login attempts – this is especially important if you use the same username or email address across multiple services as it increases the chances that hackers will find information which can be used against you.
12. Require two-factor authentication.
Require two-factor authentication (or multi-factor) for remote connections and restrict what those credentials are able to see or do so that if compromised the intruder cannot get very far into your network; in fact you may want to consider trying out tools such as Duo Security which offer Multi Factor Authentication services that integrate easily with Office 365 systems or other enterprise resources.
13. Put in place access control policies.
Access control policies should be in place to ensure that the level of access is appropriate for each role.
14. Have control over your environment, including your hardware.
This means only running critical software on approved devices with proper management of data to avoid data being compromised!
15. Review external storage devices periodically.
Review external storage devices periodically before connecting them back up again, and update your OS, antivirus software, etc.
16. Scan your network regularly for vulnerabilities.
Scan your network regularly for vulnerabilities using up-to-date anti-virus software with intrusion detection capabilities running in real time scanning mode!
17. Keep systems patched at all times.
Keep systems patched at all times by keeping current with vendor patches – also make sure to update user applications too (e.g., Adobe Reader). Disable any unnecessary services which can serve as potential attack vectors into the system/network!
18. Use firewalls and IDSs effectively.
Use firewalls and IDSs effectively – run perimeter security defences 24×365 and establish external relationships with other organisations who share information about cyber threats they’ve experienced so that you can learn from their experience.
19. Encryption is another great way of fighting cybercrime.
Encryption is another great way of fighting cybercrime and is the process by which you encode data so that it can only be understood with an encryption key. It’s very important to make sure your organisation uses encrypting methods because they are used for sensitive information such as Social Security numbers, credit card account numbers etc.
20. Encrypt sensitive data on laptops before traveling abroad.
Encrypt sensitive data on laptops before traveling abroad if possible so others can’t steal it if they find out where you’re staying while away. If this is not feasible then consider using full disk encryption solutions which encrypt all files including operating system files like MFT and page file.
21. Put in place data encryption policies.
Data encryption policies are also important and will vary depending on your circumstances, but you might need them if there’s a risk that sensitive data could be hacked into or scanned by an unauthorised third party.
22. Establish a cyber incident response plan.
Establish a cyber incident response plan that outlines response steps to take in the event of an attack or suspected breach.
23. Monitor network activity.
Monitor network activity for anomalous behaviour or newly introduced malware; use security tools such as PGP Web App Filters to prevent unauthorised access from Internet users outside of your organisation’s firewall(s) by blocking web sites with content you don’t want them accessing (e.g., pornography).
24. Timely follow-up in case of incidents.
If there is an incident, follow-up with staff by asking about their activities in detail since last observed following best practices based on threat type (e.g., phishing) and monitor new accounts added/suspended from insider threats due to breaches at third parties.
25. Be alert when using applications via public networks.
Be alert when using applications via public networks such as cyber cafes or accessing public Wi-Fi hotspots.
26. Install and use anti-malware software
Install and use anti-malware software, keep it updated with latest version of malware definitions based on your environment’s threat level.
27. Be vigilant when opening emails from unknown senders.
Be aware that cyber criminals might try to attack the organisation via social engineering techniques (e.g., phishing) as well as other means such as malicious attachments so be vigilant when opening emails from unknown senders; if possible, have a policy in place requiring employees not to open any email attachments without verifying the sender first – this helps avoid inadvertently downloading malware onto systems within organisations which can then spread by infecting other devices/computers on the network.
28. Only download software that has been verified by the developer.
Only download software that has been verified by the developer and always delete emails with attachments from unknown sources; if possible, install anti-virus/anti-malware software on your computer(s) so they can run in the background scanning files for anything suspicious before opening them. This greatly minimises the risk of being hacked or attacked as cyber criminals tend to use email spam campaigns to infect computers and steal information.
29. Keep your operating system up to date at all times.
This includes automatic updates which ensure that you are protected against newly discovered security risks (often called zero day threats). In addition, be sure not to click any links in unsolicited messages such as those purportedly coming from a bank, credit card company, government agency etc .
30. Use both the “soft” factor with training and the “hardware” element of anti-virus software.
In order for your organisation’s cyber security plan to be effective it is important that you use both the “soft” (human) factor with education and awareness training; plus the “hardware” element of anti-virus software. By doing so, this will reduce the risk of a successful attack by an attacker who has managed to bypass all network defences.
31. Keep your cyber security policies updated.
It’s important that you keep your cyber security policies updated too – not just once but regularly throughout the year so new developments in cybercrime are taken into account. This way you’ll have an idea of what kind of steps need to be taken next time in case an incident happens.
32. Backup your data.
One of the best cyber security practices is to backup your data. This means that you have copies of as much information as possible in case something happens and all the originals are lost. If an attack does happen, a backup will be invaluable because it would make it easier for your company’s IT team or outsourced IT support to restore back to normal and continue without interruption.