With cyber security risks on the rise, has your organisation got the basics covered? Taking basic security precautions can help your organisation prepare for and mitigate the overwhelming majority of modern cyber threats and helps to prepare for the evolution of threats as technology advances.
We explain some of the basic areas you should focus on and how they can help keep you protected.
Consider multifactor authentication
Create barriers for cyber criminals by enabling multifactor authentication (MFA). MFA works by stopping an attacker from accessing protected accounts or resources. Thanks to the introduction of passwordless technology and architecture it’s much easier for employees and customers to use and also provides more security than traditional text (SMS) or voice approaches. Always authenticate and authorise based on all available data points, including user identity, location, device health, service or workload, data classification, and anomalies.
Microsoft’s Azure Active Directory (Azure AD) enterprise identity service provides SSO and multi-factor authentication to help protect your users from 99.9 per cent of cybersecurity attacks.
Stop malware attacks
Stop malware attacks by installing and enabling anti-malware solutions on endpoints and devices. Utilise cloud-connected anti-malware services for the most current and accurate detection capabilities.
Anti-malware and detection and response technologies should be deployed across the ecosystem to prevent attacks and provide warning of any anomalies or threats that may be attempting to breach the environment. This includes OT and IoT environments. For cloud systems, workload protection should be deployed across all systems from virtual machines and containers to machine learning (ML) algorithms, databases, and applications.
Apply least privilege access
With least privilege access you can prevent cyber criminals from gaining access to your full network. This will limit user access with just-in-time and just enough-access (JIT/JEA), risk-based adaptive polices, and data protection to help secure both data and productivity.
For example, hackers will look for privileged credentials when attacking an organisation. This is to provide them with access to sensitive information and systems. In addition to using MFA to protect login to an identity and ensuring that they have least privilege to access systems, the credentials that support that identity and provide access must be secured. Among other things, this will help to minimise the impact and breadth of attacks in the event that malicious code is already running on a local machine or network.
Keep on top of your sensitive data
Know where your sensitive data is stored and who has access. Implement information protection best practices such as applying sensitivity labels and data loss prevention policies. If a breach does occur, it’s critical that security teams know where the most sensitive data is stored and accessed.
Cloud backup is a renewed focus in the cyber security field. It is clear that having a completely secure IT infrastructure is becoming increasingly difficult. There are regular stories in the news of organisations with breaches taking weeks and sometimes months to regain control of their IT infrastructure. That is where a good cloud back up strategy is critical.
Ensure your systems are updated
Mitigate the risk of software vulnerabilities by ensuring your organisation’s devices, infrastructure, and applications are kept up to date and correctly configured.
Use endpoint management software to enforce policies that ensure the correct configuration settings are deployed and that systems are running the latest software. Endpoint management solutions allow policies to be pushed to machines for correct configuration and ensure systems are running the latest versions.
Is your organisation covered when it comes to cyber security? If you’d like to know more about how to keep yourself covered contact our team of experts who can help.