Times Of Swaziland: 7 BEST PRACTICES TO GET CYBER SECURITY BASICS RIGHT

7 BEST PRACTICES TO GET CYBER SECURITY BASICS RIGHT
================================================================================
. on 21/11/2020 23:21:00


When it comes to cyber security, getting the basics right is vital. Don’t
assume you need to completely reconfigure your company’s IT network or
purchase multiple pieces of software to be fully protected. Less can sometimes
be more, and it all starts with following best practices.
1. Know your network
Start by understanding what your company’s network looks like - what software
you use, how many devices are connected to your network, what devices are
exposed to the internet, what type of data you collect and who has access to it.
Not knowing your network is like wearing a blindfold. A cyber attack could
happen at any point and continue undetected for months, compromising your
valuable data, because you missed it. Learn your IT network and where
vulnerabilities may exist, and you’ll be in a much better position to defend
against a cyber attack.
2. Train your employees
Studies show that many data breaches are due to employee negligence and, due to
COVID-19 normalising remote work, the risk has only grown. Anyone in your
company who uses the company’s IT network, applications, or email server must
undergo cyber security training. At a minimum, teach employees the cyber
security basics and a few best practices for safe computing. They should know:
w what constitutes a strong password,
w how to use a password manager,
w telltale signs of a suspicious web link or attachment, and
w what to do if they receive an illegitimate email.
Remember that the level of training should match the job’s level of risk.
Employees who handle financial transactions, for example, should receive
additional education. Additionally, make sure training is not a check-the-box
activity. Conduct regular workshops, either as a refresher or to raise awareness
as you learn of new threats. Small and mid-size enterprises (SMEs) often benefit
from using a dedicated training solution or services instead of creating their
own. A qualified service will not only provide expert tips on safe computing,
but also foster a sense of shared accountability for keeping the company secure.
3. Patch and update software regularly
Keeping your software up-to-date is one of the easiest ways to find and fix
vulnerabilities before a cyber criminal gains access. According to a study
conducted by Ponemon Institute, 60 per cent of data breaches were linked to an
available, but unapplied, software patch. When a software patch becomes
available, it’s usually because the vendor identified a glitch, bug, or some
other risk and the patch resolves the issue. If you choose not to install the
patch, you’re leaving vulnerabilities open for cyber criminals to exploit. A
patch management tool is a great option that enables you to automate scheduling
and patching software, as long as you choose one that fits your unique needs.
4. Require strong passwords
Password attacks are remarkably successful because many people still rely on
easily guessed passwords. Reduce that threat by requiring your employees to use
strong passwords for all devices. Use unique and complex passwords for every
account, composed of upper and lowercase letters, numbers, and symbols.
Investing in a password manager tool is a wise choice as it automates the
process of creating, using, updating, and securing passwords.