Good cybersecurity is an evolving process and is something that needs to be reviewed and maintained on a regular basis. With attacks on an exponential rise and attackers getting ever more sophisticated, there are many different areas of cybersecurity that demand your attention, so where do you start?
We believe that the best place to start is with the basics:
• Use Multi-Factor Authentication (MFA)
• Mitigate Social Engineering
• Practice Good Password Hygiene
Multi-Factor Authentication (MFA)
The security landscape of today has changed from a world where multi-factor authentication (MFA) was nice to have, to a world where MFA is a must-have. More and more applications now support MFA, from banking to enterprise high-security applications. We are currently seeing Cyber Insurance companies now demanding MFA is used and Cyber Essentials compliance now requires MFA to be enabled.
Using MFA will help protect your accounts from unauthorised access by adding another layer of security to the login process. Just relying on a username and password combination is a breach waiting to happen, especially for the likes of Office 365 where the username is an e-mail address, which may already be in the public domain or can easily be worked out. All that is required to be able to use MFA is a smartphone or a token and the level of protection on your accounts is increased significantly.
Mitigate Social Engineering
Social engineering is the act of manipulating humans into providing confidential information or performing harmful actions. According to the Verizon 2021 Data Breach Investigations Report, nearly one-third of all data breaches occurred because of social engineering.
The single best thing that an organisation can do to defeat social engineering is to train its users to be able to spot and treat potential social engineering threats. Providing good security awareness training and doing simulated phishing tests should be done by every organisation to help its users become familiar with how to recognise the various types of social engineering scams and create a culture of healthy scepticism.
Technology can only go so far in the battle against cybercrime, at some point, the human element will always enter the equation. Humans are the most target-rich environment for attackers because all humans are vulnerable to deception, influence, and disinformation. Phishing e-mails, the lack of training and weak passwords are some of the top causes of ransomware attacks.
Kick can help make sure your employees understand the mechanisms of spam, phishing, spear phishing, malware, ransomware and social engineering and can apply this knowledge in their day-to-day job. The ultimate goal of security awareness is an individual that can make smarter security decisions.
Practice good password hygiene
With data breaches now happening on a regular basis, tens of billions of compromised usernames and passwords are freely available on the Internet. The single best defence is to use a different password for every account. Since the average person has more online accounts than they can possibly remember, using a password manager is the only way to go. Using a password manager will allow you to create different long, complex and unique passwords for every account.
The UK Government’s National Cyber Security Centre (NCSC) recommend using a Password Manager because “they give you huge advantages in a world where there are far too many passwords for anyone to remember”
Using a password manager offers multiple layers of protection, for example, it will automatically fill in your username and password when you visit the genuine site stored in the password manager. However, if an attacker set up an identical-looking site, using a slightly different domain name for phishing purposes, your password manager would not automatically fill in your credentials, protecting you from falling victim to scam sites.
Kick can help you to support your users better manage their passwords by giving every employee their own personal, encrypted password vault to store all their accounts, passwords, notes and more, all protected with MFA. Unique and secure
passwords can be automatically generated and auto-filled to reduce password fatigue. Centralised security policies enforce password best practices and audit reports of usage to maintain compliance and accountability.
Cybersecurity is not always about the latest buzzwords such as nation-state attacks, advanced persistent threats, zero-days etc. Most attacks are not that sophisticated and can be defended against by just doing the basics well. If your foundations are weak then attackers will be able to exploit them to take advantage but if the basics are done well, attackers are more likely to move on to an easier target. Within our Technical Division, the team at Kick are experts in cybersecurity and cyberattack prevention. If you are looking to enhance your current set-up and boost your businesses' protection, get in touch with us today.
Click here for more information.