In wake of the rising incidences of targeted attacks on enterprises, there is no way organizations can afford to ignore the importance of cyber security. Regardless of the size and type of enterprise, even a small data breach or cyber-attack could mean millions of dollars of loss, crippling the economy of the enterprise.
It is for this reason that as a thumb rule, enterprises should follow these cybersecurity practices, in order to be cyber secure against known and unknown threats.
#1 Invest in Security Solutions – An enterprise may be subjected to various kinds of threats and thus, to ensure enterprise-wide security, it is a good practice to invest in a variety of security solutions that cover the changing needs of an organization.
#2 Use Complex & Unique Password – As a thumb rule, enterprises must encourage employees to use strong and unique passwords and prohibit them from sharing their credentials to anyone.
#3 Invest in Training – Educate and train employees about cybersecurity so that they are absolutely cautious about clicking suspicious links, sharing sensitive data and responding to security alerts.
#4 Back up Your Data – Follow the 3-2-1 rule when it comes to data backup, meaning that maintain 3 varying copies of your crucial data in 2 different formats, where at least 1 of the data storage locations should be offline.
#5 Robust Security Policies – In order to ensure that both employees and third parties follow the security policies, it is important to strictly convey the enterprise security policies and expectations.
#6 Use Updated Software – Using an expired software is as good as counting on a dead security solution. Thus, it is a good practice to keep your software updated to the latest version to safeguard your organization against evolving threats.
#7 Data Encryption – It is advisable to encrypt all the saved and backed up data, while providing access rights to only limited and specific personnel.
#8 Two-Factor Authentication – An additional and reliable login procedure is to use two-factor authentication that uses a secondary device like mobile for access authentication.
#9 Implement MDM Plan – It is important to monitor and regulate the mobile device usage of employees since, they often use it for accessing sensitive data and company emails, while using company’s wireless network. This may serve as a soft vulnerability for attacks.
#10 Change Default Credentials – There are several IoT devices that come with default passwords that make it easy for malware to target such IoT devices. Thus, it is a good practice to replace the default credentials as soon as possible by a strong password.
#11 Secured Wi-Fi – A device can connect to only those Wi-Fi networks that have a known SSID. Thus, to prevent an unknown device from connecting to the Wi-Fi network of your enterprise, a good security mechanism is to use a hidden SSID to prevent it from getting broadcast.
#12 Limited Access Right Grant – The Principle of Least Privilege states that a subject (user/device/application) should be given ONLY "Just In Time" and "Just Enough" access privilege needed for it to complete its task. If a subject does not need the access rights, the subject should not have that right.
#13 Server OS Hardening – In order to address the security of your enterprise adequately, it is advisable to configure and harden the operating system. This typically involves removing all the unnecessary applications, services, and network protocols.