For the past few years, cybersecurity has been among the most talked-about subjects across the globe. Enterprises have witnessed a considerable number of data breaches and heinous cyber-attacks that it’s nearly impossible to deny the notion that individuals need to pay greater attention to cybersecurity.
A number of related concerns have become even more relevant as organizations around the world prepare to change their working methods in the wake of the novel coronavirus pandemic. Things like disaster planning, crisis management, and a company’s flexibility and responsiveness in the face of new issues are being brought to light as the global workforce grows more scattered and organizations everywhere move to lean on remote working (some for the first time).
Here’s a compiled list of four measures CISOs can take to improve cyber hygiene and safeguard their company.
The majority of businesses automatically encrypt their equipment. Encrypting a variety of different devices may become crucial as firms transition to a more remote, dispersed workforce and people begin to work remotely for the first time. To retain the same standards of cyber security as earlier, laptops, cellphones, tablets, and external hard drives may now all carry confidential information and must be encrypted.
Make a cyber-response strategy
All organizations, regardless of size, must have an incident response and recovery strategy in place to reduce downtime in the case of cyber-attacks. Businesses should ensure that they and all of their workers are aware of the process so that there are no concerns about what to do in the event of an incident.
This includes prominently displaying a hotline number, so everyone knows who to call if they suspect a data breach. Companies must also ensure that this hotline is monitored 24/7 or that an after-hours number is provided.
Backup and encrypt data
Another critical cybersecurity hygiene practice is ensuring that devices containing sensitive data employ data encryption, whether it’s a laptop, tablet, smartphone, portable drive, backup tapes, or cloud storage. Data encryption is enabled by default in many apps. In addition, enterprises should safeguard their wireless networks. They must utilize WPA2 or WPA3-encrypted routers and change their default username and password.
It’s also a good idea to back up files on an external hard drive or on the cloud. This can protect organizations against loss of data or when hackers encrypt their data and force them to pay a ransom in exchange for the key to unlock it.
Update the system on a regular basis
Businesses frequently receive warnings to upgrade to the newest software version, whether on a laptop or a mobile phone. Many people continue to postpone these updates in order to avoid disrupting their present workflow. It’s critical to act on these changes as soon as they become available. Many companies provide upgraded security fixes in response to emerging vulnerabilities. Firms should verify their settings if they haven’t been requested to update in more than a month and take manual action if necessary.
For example, a 2021 data breach of Microsoft Exchange servers was found in January, but emergency patches to fix the breach were not released until March, allowing malicious actors to successfully access the unpatched systems of tens of thousands of companies until the fixes were deployed.