The increasing frequency of cyber attacks necessitates a holistic approach that covers multiple aspects, integrated for efficiency.
Here are ten things you can do to increase your organization’s protection against such cyber risks:
- Carefully manage passwords and access rights. Don’t use weak passwords or reuse the same passwords across multiple services. Instead, start using multi-factor authentication (MFA) and ZeroTrust principles to minimize the impact of phishing and brute force attacks.
- Implement a strong data protection regime. Take frequent backups and test that they work.
- Implement programmatic and automated vulnerability scanning and patch management to ensure timely application of patches before attackers can exploit vulnerabilities.
- Implement anti-malware measures that they are able to identify new ransomware by their behavior.
- Increase your visibility across all assets. Create hardware and software inventory and process log files to know which pieces of data are stored in which cloud.
- Minimize the exposure of services that can be accessed from the Internet. For example, restrict access to Exchange and RDP servers.
- Use an email security solution that can filter malicious and phishing emails before they reach a user’s inbox.
- Carry out a training program security awareness so not everyone falls for every phishing email.
- Segment your internal networks to make it difficult for the attacker to move laterally.
- Have an incident response program and train it so it knows what to do during an actual incident.