Top 5 Security Best Practices
October 28, 2021
When you look at your IT landscape, you’ll see data, endpoints and users, but what about security risks? As a modern business, you must be aware that a cyberattack could occur at any time and from any location, but that doesn’t mean you can’t protect yourself. With these top 5 best practices, you can improve your security posture and sleep a little easier at night.
- Multi-Factor Authentication. With stollen identities being a keystone for most cyber-attacks, it’s highly recommended that companies implement multi-factor authentication to prevent unwanted access to critical data. With multi-factor authentication, when a user attempts to access information with their credentials, they are sent a token usually via their mobile phone. This token is an extra layer of protection in a scenario where a user’s credentials are stolen in a phishing attack. Although their password may have been compromised, the thieves wouldn’t have the ability to authenticate the user without the needed token.
- Phishing Tests and Simulations. In this new remote workforce era, delivering action-based learning to staff can be challenging, but leveraging phishing tests and simulations helps create learning beyond annual security awareness training. When creating a test, think about the regular communications within your organization and model your test after them. Make sure that you have a header or footer that identifies if the email came from an outside source – implying that the user needs to perform some additional due diligence before they interact with anything in the email. Once the test is distributed, monitor the engagement with the email’s attachments, links, etc., and send a follow-up communication informing users of the test. Simple tests and simulations can have a great impact on your company, and they can keep users aware of the best security practices to use in everyday occurrences.
- Defense in Depth. One of the best ways to ensure the security of your data is by understanding the potential attack surface and attack vectors of your business and making smarter decisions of how to protect your data. A defense in depth strategy seeks to implement multiple layers of security technology and security controls throughout your entire IT system and business processes. The key to the success of defense in depth is if one of your security measures fails, another layer exists to protect your data. To give a quick example: a business may have data physically protected by walls, cameras, and fingerprint scanners, but it also has administrative protection through company policies, and finally, it has logical protection through hardware and software that prevents unapproved users from accessing data.
- Endpoint Detection and Response. Even though many businesses have recently opened their offices, many employees are exercising the option to continue working from home and remotely accessing company data. This trend is increasing the importance of endpoint detection and response. No matter where your users are or what they use to access data, their devices can be susceptible at any moment to a cyberattack. Endpoint detection and response allows you to monitor all of your endpoints and correct suspicious activity when you find it – protecting your users and corporate assets.
- Don’t Stay Static – The world is constantly changing. When most security professionals talk about security incidents, they say “when” they could happen, not “if” they could happen. That’s why it’s extremely important that you don’t stay in a static state of mind. Don’t build your castle walls and believe that once they’re complete, nothing will ever come over them. The reality is, once your walls are built, the world will have already changed, and the enemy could be behind the walls. So, aim for total threat resilience as well as, threat protection.Don’t get rid of your traditional security measures, but think about a resilience strategy and the ability to overcome security incidents relatively unscathed or with the minimum amount of harm caused. Use the NIST Cybersecurity Framework and develop a roadmap of the domains of expertise and capabilities that need to be considered for total threat resilience and total threat protection.
Utilizing these 5 best practices will improve security adoption across every level of your company, while enhancing your overall security posture. If you’re interested in NTT’s Security and Compliance services, reach out to us at [email protected], or give us a call at 1.800.332.0076, and we’d be happy to talk to you.
By Jaclyn Miller, SVP, Managed Network and Collaboration Services Strategy, NTT