Written by Austin Baker, Senior Account Executive at Avasek
Let’s face it. Cyber security threats aren’t going away anytime soon. Social engineering and phishing continue to be a top-threat to organizations across the globe, as well as weak or compromised employee credentials, and we can’t forget about the ever-evolving vulnerabilities in every company’s infrastructure. So how can you increase security at your organization? Here’s our security checklist for 2024.
1. Get Serious About Passwords
We all know that reusing the same username and password for everything is a big no-no, but sadly still widely practiced. And so is using passwords like ‘Password’ or ‘12345’. Adding a credential manager to your organization helps cut down on those bad habits and decreases the chances of an employee’s credentials being compromised.
2. Always Authenticate!
What happens if an employee’s credentials are compromised? Without an added layer of security, a threat actor could easily ‘walk-in’ to your organization. By adding multifactor authentication to your security arsenal, you can cut down on your company’s chances of getting hacked by 99%, according to Microsoft. Fairly easy to deploy and set-up multi-factor authentication (MFA) is a no-brainer when it comes to securing your company.
3. Create a Human Firewall
Phishing attacks and social engineering increase, on-average, 85% year-after-year. Human error is hands-down one of the leading causes of breaches today. It’s one of the top ways our Incident Response (IR) team sees companies get compromised. With simulated phishing attacks and continuous education, you’re not only creating a human-firewall at your organization but decreasing a threat actor’s chances of getting in substantially.
4. Patch Critical Vulnerabilities
Do you know the top five CVEs (common vulnerabilities and exposures) of 2023? If you do, good for you! But let’s be honest, most don’t. Knowing and patching system and application vulnerabilities is a top priority in keeping your company safe. And again, one of the top reasons our IR team gets called out. Staying on top of and patching the critical or most exploitable vulnerabilities is a must in keeping your organization safe. And becoming a requirement by many compliance frameworks and insurance companies. Want to know the top five? Here they are (link).
5. Test for Weaknesses
Knowing your company’s vulnerabilities and patching them is one thing. Knowing how threat actors use them to exploit your systems is another. Penetration testing isn’t the newest and greatest thing in cyber security, it’s just becoming more mainstream. And again, a critical part of any organization’s security plan. Also worth noting, becoming a requirement for many security frameworks and insurance plans. Whether you test annually, semi-annually, quarterly, or regularly…pen testing is an important part of any company’s security checklist so you can proactively help shut down a bad guy’s access to your infrastructure.
6. Back It Up
Having good backup is a critical piece in keeping your company secure. If there’s a breach at your organization, having the ability to quickly and easily restore is a must. Being able to manage that back-up from anywhere is a game-changer! By drastically decreasing down-time and getting your company back-up and going as quickly as possible is an integral part of any company’s security strategy.
7. Out with the Old
We get it. There are a lot of reasons companies hang on to systems that are EOL. ‘EOL’ or end-of-life refers to hardware and/or software that has reached the end of its operational life, becoming outdated and no longer able to meet the needs and requirements of modern systems. But an honest conversation has to take place within your organization. What security risk does that create? Is that an acceptable risk? Does the cost of mitigating out-weigh the threat? Does this go on the roadmap for future mitigation? Are there any alternatives? But discussing doesn’t change the one thing that’s an absolute certainty…EOL is a threat to your company’s security. So, it’s time to access, discuss, decide, and plan.
Need help with anything on this list? Reach out and let us know. With Avasek’s managed services and other solutions we can help you reach your security goals in 2024.