In this installment of “IT Best Practices that Get Missed,” we’re focusing on cybersecurity basics. Cyber attacks are a growing threat for businesses of all sizes – cyber crime is projected to hit $10.5 trillion by 2025. A single attack can result in devastating financial losses, reputational damage and legal repercussions. Shockingly, 60% of small companies go out of business within six months of a data breach or cyber attack.
When we meet with business leaders, we often see a troubling trend: most are not cybersecure. In fact, a staggering 51% of small businesses have no cybersecurity measures in place at all.
Discover how you can boost your cybersecurity stance and prevent cyber threats with these five security basics.
Read: IT Best Practices that Get Missed: The Cloud
Two-factor authentication (2FA) is crucial for securing your company’s network and web portals. When you log in remotely or access services like Microsoft 365, there should be an additional verification step to confirm it’s really you, such as a text message to your phone.
Imagine a scenario: A cyber attacker manages to steal your password through a phishing email. But without the additional 2FA code, they’re locked out. This added layer of security ensures that even if your password is compromised, unauthorized access is prevented, protecting your valuable business data.
Strong, complex passwords are a fundamental defense against cyber attacks. Unfortunately, many businesses either do not enforce complex passwords or set the bar too low. The longer and more complex the password, the exponentially harder it is for hackers to crack; 9 characters can be cracked in two minutes, 10 characters in two hours, 11 characters in six days and so on. A 19-character password needs to be changed only once a year.
Current security standards recommend at least 19 characters with a combination of upper and lowercase letters, numbers and special characters. Avoid using simple passwords like “password” or “1234,” and don’t use the same password for multiple accounts. If you struggle to create and manage passwords, consider using a password manager.
Adopting this standard not only enhances security but also reduces the frequency of password changes, making it easier to remember passwords. This is especially helpful since the average person has over 100 passwords.
Removing local admin rights from employee computers can significantly reduce the risks of malware and phishing attacks. Limit employees access to files they need to complete their jobs. Without admin rights, even if a user clicks on a malicious link or attachment, you limit the ability to execute harmful software and potential damage; the malware won’t have the necessary privileges to spread itself across your network. This practice, coupled with user education, forms a robust defense against cyber threats.
Cyber attacks often target entire networks, including backup systems. By isolating your backups from the network, you ensure your data remains secure. Store files in multiple locations, including offline, on the cloud or on external hard drives, as well as with air gapping measures. This isolation prevents ransomware from erasing backup data, allowing you to restore your system quickly without paying a ransom.
The Microsoft Exchange Server was the gold standard for email, calendars and task management. However, it has become a major security liability on three fronts:
Read: IT Best Practices that Get Missed: Microsoft Exchange Server
Don’t let your business become the next victim of a cyber attack. By prioritizing cybersecurity, you can protect your business from financial losses, operational disruptions and reputational damages.
At Thriveon, we understand the importance of cybersecurity basics. We can help you implement over 500 IT best practices to enhance your cybersecurity posture. Having the right strategic leadership and processes in IT is essential for transforming cybersecurity from a reactive function to a cornerstone of business success.
Schedule a meeting with us to safeguard your company against cyber threats.