5 New Year’s Resolutions to Improve Your Cybersecurity
Happy New Year! Start the year off by making a New Year’s resolution to improve your cybersecurity. Here is LuxSci’s list of what your organization needs to do to prepare for the new year.
1) Perfect Your Password Policy
Taking a look at your password policies is a perfect cybersecurity New Year’s resolution. There is a lot of outdated information concerning password policies. These days, the National Institute of Standards and Technology (NIST) no longer recommends periodic password changes. While forcing frequent password changes sounds like a good policy, the reality is that users often create simple passwords that contain only slight modifications from their previous passwords. This results in poorer security than if users retain strong and unique passwords for each account, even if the passwords are changed relatively infrequently.
So what’s the lesson? Scrap any policy that enforces frequent and unnecessary password changes. Instead, only enforce password changes when there is suspicion that passwords may be compromised. Focus your attention on promoting the use of long, strong, and unique passwords by using password managers. Top it off with the security measure in our next resolution.
2) Enforce Multi-factor Authentication (MFA)
While strong and unique passwords go a long way toward preventing attacks, they aren’t foolproof. Make the attacker’s job much harder by enforcing multi-factor authentication (MFA) on user accounts. App or token-based MFA methods are best, because SMS authentication is vulnerable to sim-swapping. When all of your users have strong passwords and MFA in place, attackers have to figure out their passwords and obtain their devices in order to circumvent these security controls. Multi-factor authentication adds another layer of security to your sensitive accounts.
3) Remove Old Users From Your Systems
This cybersecurity New Year’s resolution is critical, because active user logins enable access to your systems. Having a large number of old users with valid credentials increases the number of weak points in your organization. An attacker only needs to figure out one set of login details to breach your systems. Unnecessary user accounts give hackers more opportunities to infiltrate your network.
While removing these old accounts is certainly a good move, it is even more important for you to change your policies going forward. Following the principle of least privilege, users should only be given access to the resources they need to complete their work, and access should be revoked when they no longer require it.
This means that when employees switch roles, quit, or get fired, their access should be updated immediately. It is particularly important to follow this practice in the case of disgruntled employees. They could abuse their access to destroy or steal critical data, implant malware, or commit a range of other actions that could devastate your organization.
4) Conduct A Risk Assessment
The threat landscape is constantly changing. Most organizations are also in a state of flux, with changes to their systems, structural arrangements, technology and more. A yearly risk assessment is an important cybersecurity New Year’s resolution. It gives your company a chance to take stock of all of these changes and analyze the threats to your data security.
Once your organization has an updated view of the challenges it faces, it can plan for the future. This may include augmenting security plans and policies to stay safe in the coming year.
5) Quarterly Employee Training
Your employees have a lot of responsibility and it is easy to forget about critical cyberthreats. This is why it is important to have quarterly employee training. Not only do these sessions provide a good opportunity to remind them of policies, but they also allow you to update them on the latest threats. Your employees are often the first line of defense in a cyberattack. Reviewing your organization’s cybersecurity policies may give your employees the information they need to prevent a serious breach in the future.
Secure The Year Ahead With LuxSci
The new year brings a world of possibilities, but also a range of novel threats. Prepare your organization against them by implementing the appropriate security solutions. Tools like LuxSci’s Secure Email or Secure Forms can streamline business workflows while protecting sensitive data. Contact us now to find out which LuxSci services are right for your business.