The ’20s are here — again! Things are a bit different in 2020 than they were in 1920. We don’t have flying cars yet, but they will be driving themselves around soon. Newspapers and radio have given way to mobile apps and podcasts and criminals can now steal sensitive files without ever setting foot in your office.
Here are 5 tips to start the decade off secure.
1. Keep all apps and operating systems up-to-date
Yes, it can be annoying to install what seems to be constant updates, but developers don’t push out updates just for fun. They often include both new features and important security patches, and they should always be installed as soon as possible. It’s just as important to update your operating systems as it is your apps. Millions of computers worldwide remain vulnerable to the EternalBlue Windows exploit, responsible for WannaCry and other major cyber attacks, simply because users haven’t installed the patch that Microsoft issued in 2017.
2. Use role-based access control (RBAC)
Employees should be granted only the network privileges they need to perform their jobs and no more. You should also periodically review user privileges and adjust them as necessary to reflect any changes in employees’ duties and make sure to disable accounts when an employee leaves the company.
3. Train your employees on cybersecurity awareness
Sixty-three percent of companies interviewed for the 2019 Global State of Cybersecurity in Small and Medium-Sized Businesses, reported a data breach in the previous 12 months that was rooted in employee or contractor negligence. Additionally, cyber attacks that take advantage of employee negligence or mistakes ranked among the top attack methods used against SMBs in the past 12 months: phishing/social engineering (57%), compromised or stolen devices (33%), and credential theft (30%). Training your employees on cybersecurity best practices, especially how to avoid falling victim to social engineering, transforms them from security liabilities to security assets.
4. Develop a password security policy and enforce it
Most data breaches begin with a stolen or compromised password. Respondents to the Ponemon survey clearly understood the importance of password security. Their top two pain points were employee passwords being stolen or compromised (70%) and weak passwords (61%). Yet 54% admitted having no visibility into employee password practices, and half admitted to having no password policy. Even worse, only 32% of companies that do have a policy strictly enforce it and require the use of a password manager.
All companies need a robust password security policy that includes the use of strong, unique passwords, two-factor authentication (2FA), and a password manager, and they need to enforce this policy.
5. Require the use of a password manager
Enforcing a password security policy doesn’t require an enormous budget or a large, in-house IT or security team, just a password management and security solution like Keeper Business. Keeper offers enterprise-level protection that is easy to set up and manage, and scales with your business as your needs change.