Cybersecurity has never been more critical -and cybercrime has never been a bigger threat. In 2021 alone, the US Identity Theft Research Center (ITRC) reported an increase of 17% in US business data breaches in the first three quarters compared to the same period in 2020. Ransomware increased by 148%, which brings it up to a record-breaking figure that has led experts to dub 2021 as the Year of Ransomware. The average cost of a data breach? $4.24 million. And, according to a report by Veriff, there was an overall increase in fraudulent activity of 61% in 2021, with identity fraud being the most prevalent type. That’s why we compiled a list of 10 tips to improve your cybersecurity.
Yet despite these staggering statistics, most organizations aren’t prepared. IDG revealed in its Cybersecurity at a Crossroads: The Insight 2021 Report that 78% of senior IT and IT security leaders believe their organizations lack sufficient protection against cyberattacks.
With a large portion of the workforce continuing to work remotely, and with increased adoption of mobility and BYOD policies in the workplace, IT teams must be proactive in their fight against cybercrime by implementing technology and procedures that minimize risk and protect their organizations against a possible attack.
Here are 10 useful tips for strengthening your cybersecurity posture.
1. Create a baseline IT asset inventory
If you don’t know what IT assets you have, you can’t protect them. But keeping track of all the assets connected to the network at any given time is becoming more challenging, given the highly mobile and distributed nature of today’s workforce. Gartner reports that 30% of hardware assets are stolen, missing, lost, or have otherwise «ghosted.» And shadow IT is common in large organizations, as various business units and teams often circumvent IT to quickly deploy hardware and software assets they need. That’s why creating a complete and accurate IT asset inventory is a critical first step to any cybersecurity strategy, and why all major security frameworks — ISO, NIST, and CIS — have IT asset management at their core. However, IT asset tracking has traditionally involved spreadsheets that are error-prone and become outdated quickly. To ensure your IT asset inventory is up-to-date, accurate, and complete, an automated solution for scanning and discovering IT assets, along with in-depth information about those assets, is your best bet.
2. Implement ongoing monitoring of the IT estate
IT assets connect to and disconnect from the network all the time, especially now, with remote working still common for most organizations. It’s crucial that IT tracks such assets the moment they connect – as vulnerabilities can open the door for an attack.
Advanced asset discovery solutions offer credential-free device recognition, to detect and identify rogue and unknown assets, eliminating blind spots across the IT estate. This is particularly important as employees connect work computers to home networks, where a variety of unprotected personal and IoT devices can serve as gateways to malware or fraud.
3. Stay on top of updates and patches
Outdated software or operating systems can be vulnerable to various types of cybersecurity threats, so it’s critical to make sure your systems receive all necessary updates and patches to keep your network safe. A comprehensive ITAM solution will provide information about software versions and vulnerabilities, enabling you to quickly identify machines and devices in need of an update or patch.
4. Secure employee devices against malware and ransomware
In the Financial and Insurance sector alone, Verizon found that 44% of the breaches in 2021 were caused by internal actors, with the majority of the actions being accidental, like sending emails to the wrong people. But external actions like phishing emails remained the biggest cause of network breaches. Even in the healthcare sector, Verizon noticed a shift from primarily internal actors before 2019 to primarily external actors today. This trend shows that phishing e-mails remain an effective way for criminals to spread malware and ransomware and that no sector is safe anymore. That’s why it’s critical to ensure that all employee devices — laptops, mobile phones, tablets — have the most updated malware and antivirus software installed.
5. Keep hardware up to date
Hardware doesn’t last forever, and old devices and services probably don’t have the most recent security upgrades. What’s more, according to a Twitter poll by data security company Apricorn, hardware failures cause more than 50% of all data loss and system downtime. With information about your hardware assets and warranties available in your IT asset inventory, you can take rapid action to repair or replace outdated or damaged hardware, before they pose a risk to the organization.
Join 145,000 IT Pros
Receive the latest Vulnerability Updates, Patch Tuesday Audits, Network Reports, and more.
6. Analyze IT asset data for user insights and reporting
It’s one thing to know what assets you have; it’s another to be able to mine that data for actionable insights. An ITAM solution that offers intuitive dashboards and customized reporting can help you track patch status, vulnerability exposure, security compliance, and more. And the more data the better. Look for solutions that provide granular data about all of your IT assets beyond device type — hardware specs, installed software, user details, and more.
7. Control access to data and applications
Access control is an essential component of cybersecurity that enables IT to dictate who within the organization has access to what resources. An employee who gets hacked can unwittingly be the gateway for a fraudster to get into the corporate network — and if controls aren’t strict enough — access sensitive and confidential data, such as customer data.
As each point of access poses a risk; limiting employee access to only the data they need to do their jobs is an essential best practice. With strict access control policies such as multi-factor authentication in place, organizations can ensure people are who they say they are, and prevent unauthorized access to physical and logical systems. Again, having that IT asset inventory that includes user data can help you ensure all the right controls are in place.
8. Backup data in the cloud
Data loss and corruption can result from a security breach, so it’s critical to perform ongoing backups. A cloud is a great option for data backup because it offers unlimited scalability and eliminates additional infrastructure costs. The cloud offers predictable storage costs and eliminates downtime, as data from the cloud can be instantly accessed and restored, ensuring business continuity.
9. Have a solid incident response plan in place
An incident response (IR) plan is the best way to ensure rapid corrective action following a cybersecurity incident. A good IR defines measures and actions staff should take following an attack or breach, and helps coordinate resources to quickly restore operations.
Your IR plan should define roles and offer step-by-step technical instructions for how to fix the vulnerability, assess the damage, restore any lost or damaged data, and document the incident.
Having everyone aligned on a plan of action — with access to a central data repository so everyone’s working off the same information — will minimize the impact of an incident and protect the business from unnecessary damage and costs.
10. Educate employees
Perhaps the best defense has less to do with technology and more to do with vigilance on the part of people within your organization. But most people don’t know how to identify a threat and don’t recognize a fraud attempt when they see one. For instance, 45% lack the confidence to identify a social engineering attack like a phishing email. By educating them about the dangers of cyber threats, what to look for, and how to report a possible attack, you can mitigate risk and reduce incidents, and ensure everyone in your organization keeps cybersecurity top of mind.
The first step to cybersecurity
Lansweeper is leading the IT asset management software market, helping organizations minimize risk and optimize IT with complete visibility and actionable insights into their IT estate. Learn more about how Lansweeper can help you build and maintain a complete, up-to-date, and accurate IT asset inventory to support your cybersecurity initiatives.