7 cybersecurity tips to start the year off right
By Juta Gurinaviciute, Chief Technology Officer, NordVPN Teams
A study by PwC shows that 50% of business leaders plan to integrate cybersecurity and privacy into every business decision they make in 2021. With the lessons already learned from remote working during the pandemic and the growing reliance on digital tools, cyber resilience is a key goal every industry will pursue this year.
However, a study by Ponemon found that 82% of cybersecurity expenditures go toward post-hoc measures, such as detection, containment, and recovery. Only 18% of budgets, a fourth of the previous sum, are invested in cyber-attack prevention, and few companies take the precautions needed. On the other hand, budget figures may not be the most important factor: a company’s digital resilience depends on its security culture, and some provisions cost virtually nothing.
To have a flying start this year, enterprises should check the grey zones that are often neglected or forgotten. Consider, for example, obsolete devices, vulnerable software, or outdated security policies: all of those can be leveraged by criminals and used in potential data breaches.
7 cybersecurity checkboxes to tick in 2021
1. Check your employees’ knowledge. Human error accounts for 88% of data breaches, and even if employees are aware of the precautions they should take, they are not always willing to do so. Cyber resilience is no longer in the hands of the IT and security professionals only: increasing remote workloads and reliance on digital tools make cybersecurity everyone’s concern. CISOs should come up with alternative training methods: cybersecurity check-ups should be entertaining, rewarding, and inclusive.
2. “Check Your Password” day. One in four workers admit they use the same password for every account. IT security officers should strongly discourage this.
Regular prompts to change passwords are not always taken seriously by employees, and these prompts can pose an additional risk to a company’s cyber protection. However, if the same password is used across platforms and websites, your company’s security could be seriously compromised. Ask your employees to think of new and separate passwords for work, or consider switching to password manager apps or biometric authentication.
3. Do a spring cleaning. Most Android devices are supported for just three years, and while some devices might receive security updates for longer, unused or neglected computers, phones, and user accounts are vulnerable to attack. Consider all the tools your employees use and have access to. For example, employees may have accounts on platforms they have never accessed. Deleting unnecessary accounts reduces the surface area for cyber criminals to attack. Organizations should make a list of such redundant accounts and outdated infrastructure and get rid of them.
4. Test your backups. In 2020, the average damage done by ransomware was $1.45 million, whereas ransom demands totaled $1.4 billion. The usual way to mitigate this risk is to regularly back up an organization’s data. However, when the day comes, some enterprises find their backups are inaccessible. It is wise to constantly test backups and verify that everything is in order. Don’t forget to keep offline copies on devices that are physically disconnected from the internet, as hackers look for network-attached storage devices.
5. Review your policies. A survey by the Cyber Readiness Institute has shown that only 40% of small enterprises have implemented a cybersecurity policy – and small and medium businesses (SMBs) make up over 99% of the market. Some companies review their cybersecurity regulations to comply with official requirements, such as the GDPR, but each industry has its own legislation concerning data breaches and safety. Apply the lessons from the pandemic year, check the cybersecurity trends, and review your policies to stay resilient in 2021.
6. Look out for upgrades. Nearly half of organizations (45%) have adopted a new technology or contracted a new vendor to enable remote work due to COVID-19. However, extreme events shouldn’t be the only impetus for modernization. Businesses should evaluate their current infrastructure and software and keep an eye out for the most up-to-date cyber resilience tools on the market. Those include, but are not limited to, cloud services, various software-as-a-service (SaaS) solutions, and Zero Trust Network Access (ZTNA) technologies.
7. Patch up. According to Gartner, 99% of the vulnerabilities exploited by the end of 2020 were known to security and IT professionals at the time of the incident. Cybercriminals constantly look for the weak spots in popular software and security teams do not always manage to keep up with the 12,174 new vulnerabilities popping up every year. Enterprises shouldn’t be discouraged, however: the first step is to make sure employees work with the most up-to-date software. If they’re reluctant to update, encourage them with a day-off, as a heavy workload is the usual excuse given for keeping software out-of-date.
Resilience to digital threats lies not only in the most advanced security technologies, but also in the cybersecurity culture of a company. Cybersecurity depends on the examples set by senior executives, security policies in place, and security awareness of every employee. Efforts to stay protected shouldn’t be limited to occasional check-ups: perform them several times per year and integrate cyber and privacy matters into every business decision to make security everyone’s interest.
Juta Gurinaviciute is an IT professional with over 20 years of experience in cybersecurity and systems engineering. Currently, she is Chief Technology Officer at NordVPN Teams. Prior to NordVPN Teams she held senior UNIX System Administration positions at Telia Company and Barclays. Juta is also a certified RedHat Systems Engineer.