During these tough times of Covid19 and lockdown businesses across the globe have been impacted and the worst hit is Small and Medium size businesses. SMBs have been impacted in every aspect for the business thus it has become difficult for them to manage the business continuity and focus on the security of enterprise assets and cybersecurity.
The world daily sees a lot of cyber-attacks and the global average cost of a data breach is $3.9 million across SMBs. Making it worst if an enterprise is hit by a cyber-attack they can suddenly be Out of business from being a small business so they shouldn’t put themselves on risk just because they are a small business. We at ASPIA being a small startup are equally concerned about the security thus we present a set of best practices for ensuring maximum protection:
1. Common Passwords use should be prohibited:
It is often seen that people tend to use easily memorable passwords for the ease of remembrance and this has become one of the major reasons for security/ data breaches. A few pro tips for secure passwords:
- Such practices should be stopped with immediate effect
- Enterprises should enforce strict and complex password policies.
- Use of commonly used password combinations should be stopped.
- To create complex passwords but easily memorable passwords try to use information that is private to you and not available in the public domain.
- Do not repeat passwords for any account or assets.
2. Protection with Multi-factor authentication:
A very common practice that has been noticed during various security researches is that Small and medium scale enterprises are never bothered about changing default passwords for their assets (Computers, servers, firewalls, VPNs etc.) never apply 2-factor authentication to save the costs. These practices can create a serious loophole in the overall security of an enterprise. Following are the tips:
- Change the default passwords ASAP for all your assets.
- Configure 2 factor or Multi-factor authentication with all assets to ensure security measures are checked.
- Shared Secrets and device communication codes should be complex.
- Multi-factor authentication must have a human component for verification.
3: Network Devices Investment:
Although this is up to the enterprise to choose best for them but we recommend investing a good amount of money into your network infrastructure. Few recommendations from our network teams:
- Purchase quality network devices for the infrastructure such as Firewall, VPN, Switches, routers and Load balancers.
- Good quality devices ensures maximum up time, better support and fluent business continuity.
- Better quality devices also result in enhanced life time, avoiding any replacements for a long time.
- Maintain your network devices like you maintain your car by ensuring regular maintenance and updates patching.
- Segment your network using Firewalls, VPNs and load balancers so that an attacker can never access your enterprise network.
4: Encrypt Everything:
Every data in the organization should be protected through encryption in order to prevent data loss during a cyber-attack. A few tips from our encryption experts:
- Use bit lockers and other encryption software for enterprise assets such as laptops, computers and servers.
- Encrypt your wireless network using WPA2 keys to prevent any unauthorized eavesdropping.
- Buy storage devices with built in encryption.
- Ensure all remote connections are encrypted by VPN protection.
- Protect your Intellectual Property data, Patents and core secrets using HSM level encryption so that your trade secrets remain a secret even when you are under a cyber-attack.
5. Secure and sanitize your emails:
Emails are leading cause of most cyber – attacks thus enterprises need to deploy best practices for being safe from any such attacks. A few suggestions on securing your emails:
- Train and educate employees on how to handle an external email.
- Apply email filters and scanners for emails prior to being delivered to a user’s mailbox.
- Limit the size and type of attachments in the emails.
- Advice employees to not share official email address over the internet until or unless application requesting such details has been approved by enterprise.
6. Cleanse your social media network:
Social media opens a door of opportunities for attackers to orchestrate attacks like phishing, social engineering on a target enterprise. All employees and leadership should be informed of below tips:
- Restrict the use of social media and network websites within the network.
- Employees should be trained and educated about the information to be shared on their social media networks.
- Users should be careful of what they share since cybercriminals could guess security answers (such as your dog’s name) to reset passwords and gain access to accounts.
- If not done already, sanitize your social media accounts periodically reviewing the information shared on the social media platforms to be safe.
6. Backup your data and use good endpoint security software:
Enterprises often tend to miss these two points and end up regretting the investment into these two essential components for their organization. Few pro tips:
- Configure an automatic backup for all your assets such as laptops, servers or storage devices.
- Ensure the backups are compliant with international laws and enterprise policies.
- Employees should be informed to update the security software otherwise done automatically.
- Have physical drive backups if possible.
7. Keep all your systems updated:
Organizations should ensure all their systems are up to date with latest patches and fixes. In order to ensure smooth operation of all your assets and systems enterprises should follow the below guidelines:
- All system updates and patches should be tested for compatibility and then installed on the concerned devices.
- If possible ensure automatic updates are on for all devices.
- Regularly perform Firmware and security updates for the devices.
- BYOD devices should be compliant with organization security and update policies, in order to prevent any data leak.