Cybersecurity is all about prevention and layers of defense. Since there is no one magic software that can protect an entity, the layered approach is best defense we have now.
Let’s look at some of these recommended practices from the Cybersecurity & Infrastructure Security Agency (CISA):
Update and patch Ensure your applications and operating systems (OSs) have been updated with the latest patches. Vulnerable applications and OSs are the target of most ransomware attacks.
Use and maintain preventative software programs Install antivirus software, firewalls, and e-mail spam filters—and keep them updated—to reduce malicious network traffic.
Encryption Encrypt all the hard drives in your company, not just your laptop
2-factor authentication Use this on your e-mail and all other cloud-based solutions; also a good idea to apply it to your desktop computer
Offsite backups These backups should be isolated from your network so hackers cannot gain access to them. Be sure to test them, even if the report says they are successful! Your offsite backup is key to restoring your data if you are faced with ransomware.
Remote access/VPN security Lock those down with 2-factor authentication and strong passwords! IP locking is another great layer to include.
Risk assessment Risk assessments are performed by an IT professional and are used to identify vulnerabilities in your IT infrastructure. For some industries, such as medical and financial, risk assessments are a regulatory requirement.
Cyber awareness training Keeping your staff up on the latest phishing attacks, e-mail scams and phone scams is critical. Employees are the weakest link in cyber security! With cyber awareness training, staff is far less likely to click on bad links or fall for scams over the phone.
E-mails are the number one way for hackers to deliver ransomware and get access to critical data files.
Use caution with links Be careful when clicking directly on links in e-mails, even if the sender appears to be someone you know. Attempt to independently verify website addresses (e.g., contact your organization’s helpdesk, search the internet for the sender organization’s website or the topic mentioned in the email). Pay attention to the website addresses you click on, as well as those you enter yourself. Malicious website addresses often appear almost identical to legitimate sites, often using a slight variation in spelling or a different domain (e.g., .com instead of .net)
E-mail attachments Be wary of opening e-mail attachments, even from senders you think you know, particularly when attachments are compressed files or ZIP files.
Verify email senders If you are unsure whether or not an e-mail is legitimate, try to verify the e-mail’s legitimacy by contacting the sender directly. Do not click on any links in the e-mail. If possible, use a previous (legitimate) e-mail to ensure the contact information you have for the sender is authentic before you contact them.
