How to Find the Middle Ground

cyber wise guy cybersecurity consultants risk management

Cybersecurity is increasingly important for people and organizations. As we do more online, cyber threats are a bigger concern. Reasonable cybersecurity means protecting data and systems without being too hard or limiting. It’s about finding the right balance between security, usability, and cost. There’s no one-size-fits-all approach, and what you need depends on things like how sensitive your information is. But there are some basic things most people and organizations can do to stay safe.

In this article, we’ll talk about key things to think about for a good cybersecurity plan. We’ll cover: passwords, multi-factor authentication, software updates, backups, endpoint protection, network security, email security, incident response planning, and employee training. Understanding these basics can help people and organizations make smart choices about cybersecurity. We want to help readers see what a strong yet practical cybersecurity plan looks like. With some planning, most people can protect themselves from common threats.

Passwords

Passwords are really important for keeping your online accounts safe. Having a good set of rules for creating passwords is crucial to stop unauthorized people from getting into your accounts and seeing your information. When you’re making these rules, there are a few important things to think about:

  • Length – Longer passwords are harder to crack. The commonly recommended minimum length is 8 characters, but 12-14 characters or longer is ideal for accounts containing sensitive information.
  • Complexity – Good passwords use a combination of upper and lower case letters, numbers, and symbols. Avoid common words and personal information that could be easy to guess.
  • Management – Requires users to change passwords regularly, such as every 90 days. Don’t allow password reuse, and use a password manager to generate and securely store strong, unique passwords.
  • Multi-factor authentication – Passwords alone can be compromised, so enabling two-factor authentication provides an extra layer of protection.
  • Employee education – Train staff on creating strong passwords and password hygiene. Emphasize never reusing passwords across accounts or sharing passwords with others.

Setting strong password rules and educating staff about their responsibility in safeguarding accounts will greatly enhance an organization’s online security. Although passwords seem simple, when treated seriously, they offer essential and powerful protection.

Multi-factor Authentication

Multi-factor authentication (MFA) makes it harder for unauthorized people to access an account by asking for two different forms of identification, not just a password. The three main types of identification used in MFA are:

  • Something you know – This is typically a password or PIN.
  • Something you have – This could be a physical device like a security token, or a digital item like an authenticator app on your phone.
  • Something you are – This uses biometrics like fingerprint, facial recognition, or iris scan.

The biggest advantage of MFA is that it makes it a lot more difficult for someone who shouldn’t be able to access an account to do so, even if they somehow get their hands on or guess a password. MFA guarantees that the person logging in has a physical item or a biometric scan, not just the password.

Some of the most common methods for the second factor in MFA include:

  • One-time passcodes sent via SMS text message
  • Authenticator apps like Google Authenticator that generate time-based codes
  • Hardware tokens that display changing passcodes
  • Biometrics like fingerprint or face scan

One downside of MFA is that it can make the login process longer, which some users might not like. But most security experts think the extra security is much more important than the small hassle. Organizations using MFA might need to train and give information to users so they understand how to use MFA properly.

In general, MFA really improves login security and stops many cyber attacks like phishing or credential stuffing. The little bit of extra work during login is a small price to pay for much better account security.

Software Updates

Keeping your software up-to-date with the latest patches and fixes is crucial for cybersecurity. New software vulnerabilities are constantly found, and updates are regularly released to fix them. It’s important to have a process to automatically install updates on all your devices. Don’t rely on users to do this manually, as it can lead to some devices being missed. Use centralized solutions to automate patching across your organization.

Enable auto-updates for productivity applications, web browsers, smartphone apps, operating systems, and important network components like routers and firewalls whenever possible. For software without auto-updates, establish policies to check, test, and deploy updates regularly, like on a monthly basis. Prioritize updating high-risk applications like Java, Flash, web frameworks, VPNs, and database platforms that are often targeted by cyber threats.

Using unsupported, end-of-life software poses significant risks. Make plans to upgrade older platforms before they reach their end-of-life to stay secure. While updating requires some effort, it’s essential for maintaining security. Work with your software vendors and managed service providers to have continuous, automated security updates across your environment.

Backups

Backups are really important for any good cybersecurity plan. They help restore data if it gets lost because of malware, the computer breaking, deleting something by mistake, or other reasons. There are a few important things to think about when it comes to backups.

Types of backups

  • Full backups – These copy everything each time and provide the most complete protection. However, they take more time and storage space.
  • Incremental backups – Only copy files changed since the last backup. Faster but you need the full backup and all incremental ones for restoration.
  • Differential backups – Copy all changes since the last full backup. Provides a balance of speed and needing fewer backups to restore.

Frequency of backups

  • For most small businesses, daily backups are recommended at a minimum for critical data. Higher frequency like hourly provides more granular restore points.
  • Backups should be taken at least weekly for all data. The 3-2-1 rule is a good guideline – have at least 3 copies of data, on 2 different media, with 1 offsite.

Testing restores

  • It’s important to regularly test restoring from backups to verify they work correctly. This can reveal issues before you actually need the backups.
  • Test restoring to a separate isolated environment, not overwriting current data.
  • Ideally test restoring various points in time as well as full restores.
  • Address any issues and re-test after fixing.

Backups provide an insurance policy against data loss. Following best practices for different backup types, frequency, and testing can ensure you can restore when needed.

Endpoint Security

Endpoint security is about keeping all devices that can connect to a company’s network, like computers and mobile devices, safe. A good endpoint security solution is very important for a company’s cybersecurity. It has three main parts.

Antivirus Software

Antivirus software finds and deletes harmful software like viruses, trojans, spyware, and ransomware from devices. It looks for known threats by comparing files to a database of known harmful software. Antivirus should be on all devices and set to do scans regularly. It’s crucial to update antivirus software with the latest known harmful software.

Firewalls

Firewalls keep an eye on the traffic coming in and going out of a network and stop harmful traffic using rules. There are two main types: network firewalls, which guard the network border, and host-based firewalls, which are set up on individual devices. Host firewalls add extra protection by managing traffic on each device separately.

Host Intrusion Detection

Host intrusion detection systems (HIDS) keep an eye on what devices are doing to spot unusual activity that could mean an attack. They use behavioral analysis to flag strange activity that’s different from normal. For instance, a HIDS might find odd connections to the internet made by a device, which could mean it’s infected with malware or someone is trying to take data out.

Good device security needs a mix of antivirus, firewalls, HIDS, and other controls to keep devices safe and stop threats from spreading to the whole network. It’s also important to keep devices up to date and set up properly. With more people using their own devices for work, organizations have to secure and control lots of different devices while still making sure people can get their work done.

Network Security

Network security is really important for any cybersecurity plan. Using VLANs helps to separate traffic, and configuring ACLs controls access to the network.

VLANs let you separate devices on the same physical network. For example, you can put all your servers in one VLAN and all user workstations in another. ACLs allow you to say what traffic is allowed to go where. For instance, you can block internet access from the server VLAN or prevent workstations from communicating directly with each other.

It’s not just about setting up VLANs and ACLs though. You also need to keep an eye on what’s happening on your network. Systems like intrusion detection and network behavior analysis can help you spot anything unusual.

If you have the right network setup, control the access to it, and keep an eye on things, you can make your network security a lot stronger. Networks are really important for your business, so making sure they’re secure should be a top priority.

Email Security

Email remains one of the top ways for cyber attacks and data breaches to happen. Having a strong email security system is really important for any cybersecurity program.

Spam Filtering

A spam filter helps stop unwanted junk email and phishing attacks from getting to users’ inboxes. Find a solution that checks the content of emails, not just the sender. The filter should hold back suspicious messages for review so real emails don’t get blocked by mistake. Ensure the spam detection rules are regularly updated as new threats come up.

Attachment Scanning

Attachments are often used by bad actors to send harmful software. A good email security system will check all attachments for bad stuff. The system should compare attachments to regularly updated lists of known threats to find the newest harmful software types. Setting up the system to stop dangerous file types can also stop infections.

User Training

With the rise of tricky fake emails and scams, just using technology is not sufficient. People need to keep learning to spot signs of harmful emails. Teach staff to notice warning signs like emails from unknown people, generic greetings, strange attachments, and links within emails. Tell them to report anything suspicious without clicking on links or downloading files. Stress the risks of opening attachments from sources they don’t recognize. Teaching people to be cautious along with using the right tools can really boost email security.

Incident Response

Having a good incident response plan is very important for dealing with cybersecurity issues. The plan should clearly explain who does what, how to communicate, steps for controlling an incident, ways to get rid of threats, and procedures for fixing systems.

  • Define roles and responsibilities – The IR plan should designate who will lead response efforts, who will communicate with leadership and authorities, who will work with IT to isolate affected systems, etc.
  • Have reporting procedures – Employees and vendors should know how to quickly report suspicious activity or potential incidents. Clear communication channels and points of contact should be established.
  • Contain incidents rapidly – The plan should enable security teams to quickly isolate affected systems to prevent threats from spreading. Access should be restricted, malware quarantined, etc.
  • Eradicate threats – Steps should be outlined for removing malware, reimaging compromised devices, revoking access credentials, etc. to eliminate footholds gained by attackers.
  • Recover systems – Plans for gradually and safely restoring operations, validating system integrity, and hardening defenses during recovery should be included.
  • Consider cyber insurance – Cyber insurance can offset costs of incident response and recovery. Policies should be evaluated to understand coverage and limits.

Having a good plan for when things go wrong helps a lot. It lets companies limit the damage and fix things quickly.

Employee Training

A company’s own employees can often be the weakest link in cybersecurity. That’s why ongoing security awareness training is essential. Employees should be regularly trained on best practices such as strong password hygiene, identifying phishing attempts, and avoiding malicious sites or downloads.

Simulated phishing attacks should also be conducted to test employee responses. These fake phishing emails help identify who may require additional training. When users fail the simulated phishing tests, it’s important to provide further education rather than punishment.

Additionally, every company needs clear and enforced cybersecurity policies. Rules should cover password requirements, approved software and devices, remote work security, physical security, and incident reporting. Employees must understand their obligations in protecting company data and systems. Policies help establish standards and accountability.

Training gives employees the knowledge they need while policies provide the guidelines to follow. Together, ongoing education and enforced cybersecurity policies greatly strengthen a company’s defenses from the inside. Employees who are security-aware and policy-compliant become an asset rather than a liability.