What key steps can organizations take to improve their cybersecurity posture in 2023?
With the new year officially underway, many of us have made our new year’s resolutions in hopes of a successful 2023. From reading a new book to hitting the gym, the new year acts as a fresh start to improve a bad trait or accomplish a goal.
With this in mind, we asked our team of cybersecurity professionals to share some achievable resolutions organizations can make to strengthen their cybersecurity posture in the new year.
Understand Your Organization’s Cyber Footprint
The first step to reducing risk within a business environment should be developing a strong outline of every known network and the systems on those networks. Creating a thorough network map will allow you to work towards reducing your attack surface and ultimately enhancing your control infrastructure accordingly:
Identify all networks and systems that can reach the internet.
Ensure networks are segmented correctly and systems are only able to reach the internet if needed for a business function.
Identify any systems that are near their end of life and draft a roadmap for replacement.
Embrace a Password Manager
Password practices are one of the main vulnerabilities targeted by hackers because they remain one of the weakest points in cybersecurity. While solutions such as increasing password complexity can help mitigate the threat, it can also frustrate users and result in lost productivity. Instead, organizations can use password management tools, which work in the following ways to address common problems:
Providing secure storage of accounts behind one very strong master password
Facilitating the use of unique and strong passwords for many accounts
Reducing the risk of password reuse
Allowing important accounts to be shared among team members
Implement and Enforce a Remote/Virtual “Clean Desk” Policy
A typical Clean Desk Policy outlines how employees can maintain a secure work environment by clearing their desks, logging out of their computers and locking away documents and removable storage at the end of the workday.
Organizations can implement a remote/virtual “clean desk” policy to help remote employees remain cognizant of security concerns and encourage the following steps to reduce digital clutter while increasing productivity:
Follow a standard Clean Desk Policy, even in remote workspaces, by ensuring electronic devices, removable media, and printed hard copies are kept secured and locked when not in use and desk areas are left uncluttered at the end of the day.
Purge unnecessary local files to clear up disk space and reduce clutter. Make sure to empty the Recycle Bin after cleaning up so that the deleted items are removed from your system.
Consider expanding this initiative to include shared drives and collaboration platforms.
While shared drives and collaboration platforms are vital tools that allow team members to work together, they may also build up a trove of outdated and unused information. Consider implementing practices to purge data, after a period of 6-12 months and/or transfer it, as appropriate, to an archival system for longer term storage.
Review Your Current Backup Procedure, Disaster Recovery Strategy and Incident Response Plan
It’s essential to perform regular backups of data that would be considered business critical and too important to lose.
A good strategy to follow is the 3-2-1 rule: Keep 3 copies of any important files: 1 primary and 2 backups. Keep the backups on 2 different media types, such as cloud or removable storage. And finally, keep at least one backup file offsite, to allow for recovery due to a disaster.
A good backup procedure is only half of the battle when attempting to respond to a cyberattack or hardware failure. Review or develop an incident response plan that outlines the current backup procedure and how to restore any business-critical systems.
Every employee shares the responsibility of keeping the business safe and reducing cybersecurity risk. Continuous training and open dialog regarding good cybersecurity hygiene can reduce the likelihood that an employee opens a suspicious email, uses weak passwords or unintentionally posts sensitive information online.
Identify and Take Action to Resolve Bad Practices
The presence of risky security practices can leave organizations vulnerable to threats that could potentially have significant impact on critical business functions. The following bad practices, when left unmitigated, are dangerous and significantly elevate an organization’s cybersecurity risk. The risk level of such bad practices can be further exacerbated if they involve the use of technologies that are accessible from the Internet.
Use of unsupported or end-of-life software
Use of default passwords and credentials
The use of single-factor authentication for remote or administrative access
Remember, “new year, new me” can ring true, and a new year’s resolution is simply a goal that can be achieved with the right discipline and planning.
If you have any questions about the resolutions in this article or you want to share yours, please contact our team at [email protected].
About Schneider Downs Cybersecurity
The Schneider Downs cybersecurity practice consists of expert practitioners offering a comprehensive set of information technology security services, including penetration testing, intrusion prevention/detection review, ransomware security, vulnerability assessments and a robust digital forensics and incident response team. In addition, our Digital Forensics and Incident Response teams are available 24x7x365 at 1-800-993-8937 if you suspect or are experiencing a network incident of any kind.
You’ve heard our thoughts… We’d like to hear yours
The Schneider Downs Our Thoughts On blog exists to create a dialogue on issues that are important to organizations and individuals. While we enjoy sharing our ideas and insights, we’re especially interested in what you may have to say. If you have a question or a comment about this article – or any article from the Our Thoughts On blog – we hope you’ll share it with us. After all, a dialogue is an exchange of ideas, and we’d like to hear from you. Email us at [email protected].
Material discussed is meant for informational purposes only, and it is not to be construed as investment, tax, or legal advice. Please note that individual situations can vary. Therefore, this information should be relied upon when coordinated with individual professional advice.