IT Best Practices that Get Missed: Cybersecurity Basics

Thriveon
IT best practices cybersecurity basics man on tablet with cybersecurity features

In this installment of “IT Best Practices that Get Missed,” we’re focusing on cybersecurity basics. Cyber attacks are a growing threat for businesses of all sizes – cyber crime is projected to hit $10.5 trillion by 2025. A single attack can result in devastating financial losses, reputational damage and legal repercussions. Shockingly, 60% of small companies go out of business within six months of a data breach or cyber attack.

When we meet with business leaders, we often see a troubling trend: most are not cybersecure. In fact, a staggering 51% of small businesses have no cybersecurity measures in place at all.

Discover how you can boost your cybersecurity stance and prevent cyber threats with these five security basics.

Read: IT Best Practices that Get Missed: The Cloud

1. Turn on Two-Factor Authentication

Two-factor authentication (2FA) is crucial for securing your company’s network and web portals. When you log in remotely or access services like Microsoft 365, there should be an additional verification step to confirm it’s really you, such as a text message to your phone.

Imagine a scenario: A cyber attacker manages to steal your password through a phishing email. But without the additional 2FA code, they’re locked out. This added layer of security ensures that even if your password is compromised, unauthorized access is prevented, protecting your valuable business data.

2. Enforce a Complex Password Policy

Strong, complex passwords are a fundamental defense against cyber attacks. Unfortunately, many businesses either do not enforce complex passwords or set the bar too low. The longer and more complex the password, the exponentially harder it is for hackers to crack; 9 characters can be cracked in two minutes, 10 characters in two hours, 11 characters in six days and so on. A 19-character password needs to be changed only once a year.

Current security standards recommend at least 19 characters with a combination of upper and lowercase letters, numbers and special characters. Avoid using simple passwords like “password” or “1234,” and don’t use the same password for multiple accounts. If you struggle to create and manage passwords, consider using a password manager.

Adopting this standard not only enhances security but also reduces the frequency of password changes, making it easier to remember passwords. This is especially helpful since the average person has over 100 passwords.

3. Remove Local Admin Rights

Removing local admin rights from employee computers can significantly reduce the risks of malware and phishing attacks. Limit employees access to files they need to complete their jobs. Without admin rights, even if a user clicks on a malicious link or attachment, you limit the ability to execute harmful software and potential damage; the malware won’t have the necessary privileges to spread itself across your network. This practice, coupled with user education, forms a robust defense against cyber threats.

4. Isolate Your Backups

Cyber attacks often target entire networks, including backup systems. By isolating your backups from the network, you ensure your data remains secure. Store files in multiple locations, including offline, on the cloud or on external hard drives, as well as with air gapping measures. This isolation prevents ransomware from erasing backup data, allowing you to restore your system quickly without paying a ransom.

5. Transition from the Microsoft Exchange Server

The Microsoft Exchange Server was the gold standard for email, calendars and task management. However, it has become a major security liability on three fronts:

  1. Multiple cyber criminal groups are exploiting the platform’s vulnerabilities in new and different ways. This allows them to gain access to your Microsoft Exchange Server, giving them a foothold in your entire network.
  2. Microsoft is not keeping up with updates on these vulnerabilities. Instead, they created a replacement from the ground up in Microsoft 365, which doesn’t contain the same security vulnerabilities.
  3. Cyber liability insurers are warning their clients that if they have a Microsoft Exchange Server in their IT environment come policy renewal time, they won’t be allowed to renew their policy.

Read: IT Best Practices that Get Missed: Microsoft Exchange Server

Get Started with Thriveon

Don’t let your business become the next victim of a cyber attack. By prioritizing cybersecurity, you can protect your business from financial losses, operational disruptions and reputational damages.

At Thriveon, we understand the importance of cybersecurity basics. We can help you implement over 500 IT best practices to enhance your cybersecurity posture. Having the right strategic leadership and processes in IT is essential for transforming cybersecurity from a reactive function to a cornerstone of business success.

Schedule a meeting with us to safeguard your company against cyber threats.

Phone and laptop with code for a cybersecurity assessment
STAY UP TO DATE

Subscribe to our email updates
STAY UP TO DATE

Subscribe to our email updates

Thriveon Service Areas

Select the Thriveon location nearest your Minnesota or Florida business and see what a difference holistic IT support can make in your productivity and security.
Minnesota

Duluth

Mankato

Minneapolis

St. Cloud

St. Paul
Florida

Fort Lauderdale

Miami

Orlando

Tampa

Thriveon_logo_IT.svg
© 2024 Thriveon
Home

Knowledge Center

Blog

Schedule A Meeting
About Us

Contact Us

Careers

Privacy Policy

 
FOLLOW US

Client Support