Cybercrime as an industry is constantly developing. There are approximately 350,000 new malware strains released every day. To protect your business, it’s important to follow certain cybersecurity best practices.
Using Multi-Factor Authentication, using centrally monitored anti-malware, anti-virus, and anti-ransomware tools with Artificial Intelligence, securing cloud programs, and using secure business software will all help enhance cybersecurity for an organization. Read on to learn more.
1. Use Multi-Factor Authentication (MFA) – with an Authenticator App
Multi-Factor Authentication (MFA) is a process that helps verify your identity upon login by requiring a random passcode or push notification. It protects against identity-based attacks. Even if a malicious actor knows your username and password, MFA prevents login.
When deployed correctly, MFA blocks 99.9% of identity-based attacks. A random code or prompt (push notification) is sent to your mobile device to confirm your identity. It takes seconds to complete and is highly effective. Microsoft wrote an article on the effectiveness of MFA – check it out here.
MFA is designed primarily to protect user accounts against weak passwords or exposed login credentials. As a result of phishing attacks and modern tactics, compromised login credentials are published to the internet and/or used almost every day to gain access to services.
A phishing scam is “the fraudulent practice of sending emails purporting to be from reputable companies to induce individuals to reveal personal information, such as passwords and credit card numbers (Oxford Languages).” There are now 11 times as many phishing complaints in 2020 as there were in 2016 (tessian.com).
A phishing email will typically ask a user to log in to something by clicking on a link. It may also ask a user to submit personal or confidential information. For more information on phishing emails, check out our article here. The ultimate goal of these 3rd party actors is to gain access to your account for malicious purposes. When MFA is used correctly, phishing attacks are easily thwarted.
Using the correct type of MFA is important. For example, using text messages (SMS-based authentication) or e-mail to receive your random code is not recommended. Hackers have been able to gain access to these systems, allowing them to see your MFA passcodes.
While any type of MFA is essential, it’s better to use authenticator apps (such as Google Authenticator or Microsoft Authenticator). These applications are free and easy to use on your mobile device.
Here are a few tips:
- Ensure that your mobile devices (and any staff devices if applicable) are protected by passwords, facial recognition, or fingerprints. This will ensure that the authenticator app cannot be seen should your phone be stolen.
- Make sure your phone can be remotely wiped if it is lost or stolen (e.g. Find My iPhone or MDM)
- Do not use cloud services that do not offer safe MFA.
- Do not use the same password across multiple accounts.
- Use a push notification instead of a random code where supported. It’s quick, convenient, and lets you know when someone is trying to log in to your services.
2. Use Centrally Monitored Security Tools that Adopt Artificial Intelligence
Advanced artificial intelligence and machine learning are leading advanced threat protection.
Centrally monitored anti-virus, anti-malware, and anti-ransomware apps provide visibility by providing notifications and alerts if an issue occurs on any of the systems. Some infections can not be automatically cleaned by the security tools. Manual intervention may need to take place.
Centrally monitored security tools will also ensure that each system is receiving regular updates. Keeping your systems up-to-date is one of the best ways to prevent security vulnerabilities, as new vulnerabilities are being patched all the time. With 350,000 malware threats released daily, it’s important to stay up-to-date in real-time.
Truth be told, AI and machine learning are the only way to keep up with the number of threats being released. Whatever vendor you choose should use these technologies to get ahead of the curve. SIRKit recommends products like Sophos Endpoint Protection with EDR (endpoint detection and response) or MTR (managed threat response) because they use behavioural analysis to identify emerging threats. In other words, the program doesn’t require new patterns to be downloaded before it can identify an active threat. This is critical for ransomware protection scenarios.
3. Securing Your Cloud Platforms
Increased cloud adoption is not only recommended but also expected as technology continues to advance. Unfortunately, many businesses do not set up cloud services correctly or securely. This leads to many critics citing a lack of security as a concern for cloud-based services. Like any critical platform, use a seasoned consultant and ensure security is the number one priority.
Certain platforms like Office 365 offer security compliance tools like SecureScore to provide ongoing recommendations to keep yourself safe. Office 365 also allows the choice of where data is housed. For example, during sign-up, you can opt-in for housing data on Canadian soil. The reality is, trying to align on-premise servers and infrastructure to match the same level of security Microsoft’s cloud offers would be an extremely difficult and expensive task.
Research each cloud vendor thoroughly; not all are highly focused on security.
4. Use Secure Business Software
Microsoft is highly recommended as secure business software. Other major software platforms are also highly supported and constantly advancing their tools- including those offered by Google and Amazon. If something from a major vendor does not suit your needs, it is best to consult with an IT professional who will thoroughly vet a platform before your purchase.
What makes business software secure?
- MFA (Multi-Factor Authentication).
- Vendors that adhere to security best practices and do not require built-in security features to be disabled or reduced to run their software. For example, having to disable firewalls, requiring all staff to run with administrative privileges, or not requiring encryption are all bad news.
- Robust threat detection, investigation, and remediation across endpoints, email, documents (Word, etc.), identity, and infrastructure.
- Intelligent compliance protocol that assists in assessing and managing compliance risks.
- Leveraging of artificial intelligence and machine learning.
- Offers access to enhanced IT support.
The industry of cybercrime is rapidly and consistently developing. With hundreds of thousands of new malware strains released every day, cybersecurity is more important than ever. To keep your business safe, it’s important to have strong cybersecurity that can adapt to advanced threats.
Thankfully, there are a few common cybersecurity measures that help reduce risk. Using Multi-Factor Authentication, employing centrally monitored anti-malware, anti-virus, and anti-ransomware tools with AI, securing cloud programs, and using secure business software will lead to a safe and secure business.