You can have every piece of security hardware in the books: firewall, backup disaster recovery device, anti-virus; but your employees will still be the biggest vulnerability in your organization when it comes to phishing attacks. How do you mitigate as much risk as possible?
- Create and Strictly Enforce a Password Policy: Passwords should be complex, randomly generated, and replaced regularly. In order to test the strength of your password, go to this site. (This is a perfectly safe service sponsored by a password protection platform that tells you how long it would take a hacker to decode your password.) When creating a password policy, bear in mind that the most prevalent attacks are Dictionary attacks. Most people utilize real words for their passwords. Hackers will typically try all words before attempting a brute force attack. Instead of words, use a combination of letters, numbers, and symbols. The longer the password, the stronger it is. While it’s difficult to remember passwords across different platforms, try not to repeat passwords. This will protect all other accounts in the event of a breach on one of your accounts.
- Train and Test Your Employees Regularly: Educate your employees on how they can spot a phishing attack. Then, utilize penetration testing (a safe phishing attack orchestrated by your IT company to see how employees respond) to see how well they do. If employees fall for phishing attempts, send them through training again. We recommend doing this on a quarterly basis, in conjunction with ongoing cybersecurity awareness education to keep your staff informed of the latest threats.
- Create a "Bring Your Own Device" (BYOD) Policy and Protect all Mobile Phones: You can safeguard your network as much as humanly possible, but at the end of the day your employees are still all walking in with their own cell phone. Are they allowed to get emails on these phones? What about gaining access to the network remotely? Cell phones create a big black hole in your security posture without proper mobile device management.
- Perform Software Updates Regularly: Make sure that your software is up-to-date with all the latest security patches. Holding off on updates means that you’re leaving yourself open to known vulnerabilities.
- Invest in Security: Cybersecurity is essential for businesses in today's interconnected world. Home-based hardware is no longer sufficient; in addition to a quality firewall and backup device, you must equip your employees with ongoing awareness education, security updates, and a comprehensive crisis/breach plan.
There are two things that aren’t going away in any business: employees and security threats. Make sure you’ve taken care of everything you can to avoid falling victim.