Very often in discussions with our clients, we realize that certain basics of cybersecurity are not necessarily mastered.
It is both common and dangerous.
Cybersecurity is everyone's business and it is important to communicate and educate each employee on the basic rules of personal cybersecurity.
However, the consequences of a cyber attack on a company are often more serious and can impact many more people.
That's why in this article, we will see some best practices to implement in your company to improve its resilience and protect yourself from the risk of cyber threats.
Implement an identification policy
To control who accesses your applications, your network, and your data, you must have an IAM - Identity and Access Management policy.
This is a simple way to ensure the identity of the people who connect and manage their rights: what they are allowed to do, what they have access to or not.
Enforce strong passwords
The most commonly used password is "123456".
In addition, passwords are often reused by their owners from one application to another. This brings a risk of lateral propagation: if an application - even non-professional - on which your employee has an account is compromised and his password is deciphered, it is possible that the attacker can reuse this password to access your network.
Therefore, define a password policy that requires a certain level of complexity and frequent renewal.
Enforce multi-factor authentication (MFA)
For an attacker, passwords can be obtained in different ways: from phishing to the installation of keyloggers - tools that record keystrokes on the keyboard - to shoulder surfing, passwords can be compromised.
To strengthen the identification of your employees, you must enforce multi-factor authentication.
With this type of authentication, in addition to the password, your employees will have to use a second means of identification such as entering a one-time use code that they will obtain on a specialized and isolated tool or using their fingerprint.
For example, an SMS with a one-time use code or a token on Google Authenticator.
Google Authenticator displays a one-time use code that expires after a few seconds.
In case of corruption or obtaining the password by an attacker, their progress will be stopped until they have the other authentication factors (SMS, token, etc.).
Implement Single Sign-On (SSO)
These strong authentication requirements bring a certain level of friction and potentially frustration among your employees.
Frequent password changes, especially if they are different for multiple applications, lead your employees to make choices that simplify their lives, such as reusing passwords with slight variations.
This weakens the security of your access.
By using SSO, you allow your employees to identify themselves only once to access all your applications and your network.
You can also centrally manage their access rights to data and applications since there is only one account per employee for all applications.
Have a system update policy
One of the major causes of intrusion is the failure to update systems or applications. Less widespread than phishing, these security vulnerabilities can nevertheless either compromise systems from the outside or deepen the attack and the level of compromise.
For example, a hacker can access the network of the victim company with the credentials of an employee - obtained through a phishing campaign - who does not have any special privileges.
If they discover a vulnerable application for which the patch has not been applied, they can "escalate" their privileges and potentially perform unauthorized actions, increasing the level of compromise of the target company's network.
To protect yourself from this risk, you must:
- Have a mapping of the applications and systems and their versions present on your network
- Be notified in case of new vulnerabilities on these systems by visiting a site like MITRE
In general, keep your systems up to date and install patches when they are available.
Ideally, you should be able to force the update of your employees' systems and applications using solutions like MDM (Mobile Device Management) that allow you to manage your company's devices.
Implement a backup strategy
Aside from cyber attacks, backups also protect you from the risk of hard drive failure.
This is true for personal use, as we have already written in our article on personal cybersecurity practices, but especially essential in a professional context.
A good backup and restore strategy ensures that if an incident occurs - theft, hacking, fire, etc. - you can restore all or part of your data and reduce the impact of this incident.
Therefore, opt for a 3-2-1 strategy:
- 3 different copies of your data
- 2 locally but on different media, such as a data server and tape archives
- 1 copy in another geographical location
The use of the Cloud is a reliable option, but it raises questions about the sovereignty of your data.
Deploy an antivirus and antimalware solution
An antivirus solution detects and protects you from certain threats. Most of the time, the antivirus compares the programs that run or attempt to run on your computer with a database of known viruses and malware.
Some solutions also protect your workstations against other threats: detection of phishing pages, applications requiring an update, monitoring and protection of network activity, etc.
A professional solution also allows you to manage your entire IT infrastructure and centrally report information.
You will have an overview of the workstations and their "health status", allowing you to intervene if necessary.
Be aware that these solutions are necessary but not sufficient: for example, in the case of access corruption - stolen credentials, for example - you may have a data leak without these solutions alerting you.
Enable network activity logging
A logging system allows you to track activities on your network.
In case of suspicious activity, it is possible to analyze the logs to learn more about the encountered problems.
This can be useful to know the origin of the problem and fix the detected vulnerabilities, but also to understand its extent.
These event logs can be centralized and analyzed by various solutions, including intrusion detection.
Be prepared for an attack
Sooner or later, you will be a victim of an attack. That's why you need to be prepared and know exactly what you will do when it happens.
The first thing to do is to implement and test the Business Recovery Plan (BRP) and the Business Continuity Plan (BCP) covering the cyber risk.
You need to ask yourself the right questions to be prepared in case of an incident:
- What happens during an attack?
- What actions do you take to continue your business?
- How will you restore your systems?
- Who is responsible for what?
These plans must be created, evaluated, and tested in simulations. Depending on the test results, you will improve them to have confidence in their effectiveness and be able to quickly implement them when needed.
Another measure to be prepared for an attack is to take out insurance. Insurance companies are increasingly offering coverage against cyber risks.
Contact your insurer or bank to learn about their offerings.
Install collaborative tools to streamline communication
Applications like Slack or Microsoft Teams are supposed to allow better communication and efficiency among employees.
Today, with partial or full remote work policies and the need to communicate in mobile situations, these applications are extremely useful.
From a security perspective, this also allows for more rapid relay of alerts to employees.
During our phishing test campaigns, we saw employees reporting alerts on Slack before official communications from the IT department were sent.
Continuously promote awareness and education
Cybersecurity is everyone's responsibility.
Indeed, despite all the solutions mentioned above, it is still possible for the human element to be compromised and engage in operations that bypass implemented protections.
Typically, opening an attachment containing a well-hidden malware can bypass traditional antivirus protections.
Similarly, entering confidential access on a fake login page is a classic and often difficult to detect compromise.
That's why it is important to work on the awareness of all employees so that they:
- Can better detect when an attack occurs
- Can report to the competent departments to inform all staff and limit the progress of the attack
- Can behave as an intelligent defense element, a form of the last line of security
Solutions like our phishing protection offering can improve your security against human risk:
- By regularly simulating attacks against your employees
- By training them through micro-learning programs in case of risky actions on their part
- By allowing you to measure the evolution of your security through precise reports that allow you to adjust your security measures
In this article, we have seen best practices in cybersecurity.
From technical elements to human factors, from backups to phishing simulation campaigns, do not hesitate to seek the help of specialized providers.
Indeed, a one-time intervention - for example, implementing a backup and restore strategy - will save you time while offering you the peace of mind of an adapted and reliable strategy.
Lastly, keep in mind that zero risk does not exist and that these measures are the foundations of good security, but continuous work is necessary to protect yourself.