Remote working, growing big data volumes, and increasingly advanced cyber criminals are all factors that have contributed to today’s cyber threat landscape. In 2022, 39% of UK businesses reported suffering a cyber security breach or attack within the last 12 months — and this number is only set to increase in 2023.1
As cyber security becomes an increasing priority, many businesses are looking for new and innovative ways to reduce the risk of breaches. In order to achieve a holistic approach, organisations should ensure that they establish preparative, protective, and responsive measures:
- Prepare – Preparation is the easiest step companies can take before the threat actually occurs.
- Protect – Establishing cyber security techniques by utilising penetration tests and other insight-gaining processes.
- Respond – React to cyber attacks proactively in order to halt the breach in its earliest stages and prevent further damage.
In this article, we’ll explore 10 ways to improve cyber security within an organisation. Let’s get started.
Ensuring sufficient preparation
Cyber threats remain an inevitable consequence of operating in cyberspace. No matter how good a company’s defences are, they always have the potential to be the target of malware, ransomware attacks, or data exposure caused by human error.
Wondering how to improve your cyber security? Start simple. Preparation is a key tool that companies should employ to ensure they can stand their ground against cyber attacks. Conveniently, it is also the most cost effective security method, and has the ability to deter the vast majority of cyber attacks before they are actualised.
1. Password management
It’s a well-known fact that weak passwords increase the risk of security breaches. Mobile devices are a growing target of password spraying tactics since they are commonly used, often easy to corrupt, and can come with compromising misconfigurations.2
Establishing good password hygiene policies within an organisation is an easy way to improve cyber security measures. This could involve:
- Mandatory password updates: prevent employees from using one password for a significant amount of time, improving long-term security.
- No repeated passwords: it is easy to automate your system to reject repeat passwords. If one account is breached, your system will be in a better place to prevent further damage.
- Required amounts of letters, numbers, and symbols: simple, but powerful. Adding extra numbers and symbols makes for strong passwords that ensure password spraying is unsuccessful.
2. Effective training
Like password management policies, effective training is a straightforward way to implement good security from the ground up — and it’s not as expensive as it might sound. According to Verizon, 85% of breaches involve a human element; employees are, therefore, the first line of defence in preventing a cyber attack.3
Some key training processes that can transform a company’s cyber security are:
- Teaching good internet and social media practices: from clearing your cache regularly to using secure browsers, establishing internet safety from the outset helps with building a culture of security.
- Recognising phishing schemes: there are plenty of free resources available to help you teach your employees how to avoid phishing scams.4 Even as IT professionals, it can be easy to get negligent about security, so make sure to remind yourself of best practices too.
- Securing personal devices: securing a personal device starts with setting a strong, unpredictable password, and continues into day-to-day browsing practices. It could also be worth developing internal security policies if you have the budget to do so.
3. Gaining insight
By gaining insight into your company’s networks, you can learn what components are most susceptible to attack, where improvements are needed, and ensure your employees are cyber aware. Again, this is a subtle but powerful way to prepare yourself for potential security threats.
Gaining insight into your data can take various forms:
- Passive insights – explore company data to check for abnormalities, exposed data, and historic information security trends within your organisation. This is an easy way to gain information based on data that is already within your system.
- Active insights – gaining active insights means seeing how your system would respond in the case of a cyber attack or data breach. The most common way to do this is through penetration testing, which is especially important for high-value data.
- Industry Observation – Data may have exposed companies to greater threats, but it has also given them more power to tackle these threats. Whether by joining an industry group or manually assessing security trends, there are plenty of ways to improve your security posture by looking outwards.
A company that has insight into its own systems will be far more competent in making decisions regarding its cyber security than those that don’t. Unlike many protective and reactive cyber security methods, gaining insight is a low-cost and highly effective way to prepare for a breach.
Establishing protective barriers
Once a company has gained clear internal and external insights, they will be in a better position to begin implementing their data protection solutions. Alarmingly, surveys have found that 25% of critical flaws were not fixed after a penetration test, offering cyber criminals an easy route into company databases.5
4. Multi-Factor Authentication
With the number of employees accessing and working on company networks increasing, the scope for attacks is also growing. MFA is an authentication method that requires user identification through multiple factors such as security questions, location, token, or biometric data and is widely used as a straightforward method for preventing unauthorised access.
Despite the many benefits of MFA, only 87% of businesses and 77% of charities in 2022 reported having used it (or a similar identity and access management tool).6 Moving into 2023 and with an increasingly harsh cyber security landscape, businesses are being encouraged to use MFA as an extra layer of security.
5. Regular updates
Regular updates to a company’s network are vital for keeping systems secure and working effectively. A good rule of thumb is to restart your computer at least once a week (or more regularly if possible), so that general and patch updates can be installed. It is imperative that, as well as central network security updates, companies update their Operating systems, web browsers and third party apps.
Bulletproof’s 2022 report suggests that the likelihood of outdated websites or libraries being exploited is as high as 16.6%.7
This indicates that:
- Cyber criminals will often perform cyber attacks through the most basic vulnerabilities: outdated systems, poor access controls, and easy-to-guess passwords.
- Many companies still aren’t using basic methods of cyber security, exposing themselves to unnecessary risks.
6. Install antivirus software
Antivirus software remains one of the most popular methods for increasing cyber security, perhaps by virtue of its simplicity. It is easy to install and maintain, and can even prevent ransomware attacks by initially deterring criminals.
- Antivirus software works in the background, scanning files before your computer opens them. If the file seems suspicious it will be logged and the user notified.
- Installing antivirus software is not the solve-all solution to cyber threats, but should be seen as an enhancement to other securities.
7. Implementing a DMZ
A DMZ, or demilitarised zone, provides an extra layer of protective security for companies storing high-value or personal data. It acts as a subnetwork that sits between public and private networks, protecting the latter from infiltration via the former.
DMZs can stop breaches at the source by preventing bad actors from probing private networks. Benefits of DMZs include:
- They can prevent network reconnaissance, meaning that cyberattackers can’t gain access to any information about a system.
- They help protect high-value company data.
- They are a well-used, widely understood method of cyber security, meaning that there will be many provider options to choose from.
Though some might argue that DMZs are no longer useful in the age of cloud technology, others might say that they are more important than ever before.8 One of the biggest reported challenges to cloud systems are their data privacy and security, which can be bolstered through the use of non-traditional, cloud-compatible DMZs.9
Responding appropriately to attacks
Responding appropriately to an attack can make the difference between a minor breach and system downtime. Costing between $10K to $5M per hour, system downtime can reduce customer satisfaction, increase vulnerability, and impact stakeholder interest.10
8. Evaluate storage systems
Big data challenges, including the need to store, analyse, and manage large quantities of data, have forced companies to think carefully about their storage solutions. Some popular systems to consider are:
- Cloud-based storage: although poor security is the most commonly touted issue with cloud-based data storage, its popularity is a testament to the increasing number of security solutions available to cloud users. Use public cloud-based storage alongside a cloud DMZ and VPC storage for better protection.
- Hybrid: a combination of flash-based, solid-state and HDDs that utilises the security benefits of on-prem storage and the flexibility and accessibility of the cloud.
- On-premise: on-premise storage can be well-suited to highly sensitive data. However, it’s worth keeping in mind that on-premise storage is also at greater risk of accidental damage, whether as a result of natural disaster, human error, or corruption.
9. Develop a disaster recovery plan
A disaster recovery plan (DRP) establishes resilience against potential cyber attacks. A well-made disaster recovery plan enables a company to get back on its feet quickly, reducing financial loss and further damage to compromised components.11
The key stages of a disaster plan are:
- Data triage
For 70% of businesses, recovering from cyber security breaches can take less than a day. For those who don’t have the right response processes in place, it can take up to a week (8%), or even over a month (1%).12
Similarly to more general cyber security measures, DRPs can help organisations to learn more about their own internal data and data processes, improving both long and short-term security. Developing a DRP might involve the establishment of a disaster recovery software tool, creating plans for staff response, and outlining RPO and RTO guidelines.
10. Managed IT service providers
Companies working within complex security environments may benefit from expert support. Managed IT service providers typically offer clients security advice, implementation support, and ongoing maintenance, depending on their specific needs and aims.
A managed IT service provider can be especially helpful to companies working within tight security budgets, who need to ensure their security systems are as cost-effective as possible.
How to improve your cyber security in 2023
With cyber crime on the rise, 2023 is the perfect time to implement a comprehensive cyber security strategy.
Nexstor is a managed IT service provider backed by two decades of experience in data storage, IT systems, and long-term cyber security solutions. We provide far-reaching, state-of-the-art cyber security support, working with multiple vendors to ensure our clients find the solutions that are right for them.
Enhance your existing security or to implement a new cyber security strategy with the support of Nexstor’s team.