Common Cybersecurity Measures to Protect Your Company

For many small to mid-range enterprises, cybersecurity resources are limited. But that doesn’t mean cyber incidents have to be a foregone conclusion. Taking proactive, common cybersecurity measures can go a long way toward preventing cyber attacks.

The key word is proactive. Consider Warren Buffet’s famous advice to “save when you can and not when you have to” and apply that logic to your cybersecurity program—prevention begins long before the threat arises.

While every company’s cybersecurity needs are specific and relative to their industry, organizational structure, and product or services, there are a few crucial best practices which are universal and relevant to every kind of business.

A Beginner’s Guide to Proactive Cybersecurity

In this beginner’s guide, part of our Cybersecurity Awareness Month series that includes Business Email Incident Response and Containment and Preventing Third Party Cyber Incidents, we look at the three things every organization should be doing right now for cyber attack mitigation.

• Implement core security programs. Protecting your organization assets, data, and systems from threats begins with foundational programs that protect your environment, limit access, monitor daily activity, and ensure that you can withstand a cyber attack and bounce back quickly. These include:
• Non-Negotiable Identity Access Management
  • Protect user accounts with unique passwords for every account.
  • Implement phishing-resistant multi-factor authentication for remote access.
• Endpoint Detection and Response (EDR), or continuous monitoring of all end user devices

• Have an asset inventory to track your devices.
• Use EDR technology to secure endpoints.

• Email Security
  • Filter malicious emails so they never reach the user.
• Backups and Disaster Recovery
  • Secure all data backups.
  • Ensure business continuity and disaster recovery (BCDR) planning.
  • Conduct regular cybersecurity testing to ensure that all of the above has been properly implemented.

• Develop and document strong cybersecurity policies and procedures—and use them. It’s important that your policies and procedures are not created only for auditors and regulators, but are written to reflect the specifics of your organization and realistically represent what can actually be executed on the ground. Otherwise, they become documentation for noncompliance.
• Develop comprehensive policies to cover all cybersecurity activities.
• Plan and conduct regular cybersecurity awareness training with staff to ensure that they fully understand the threats at hand as well as the roles, responsibilities, and expectations set forth by written policy.
• Hold regular access control reviews to determine whether staff is following the policy and procedures set forth and allow for updates to reflect staff privilege changes.
• Detection and Response. As noted above, EDR is a critical piece of your core security program, but you also need to put in place a system for responding to threats once detected.

• Monitor your network. If you have the capabilities or resources you can do this in-house but many SMEs outsource this practice to managed detection and response (MDR) vendors. You can also use a hybrid approach of in-house and third-party monitoring for full coverage.
• Build, practice, and update your organization’s incident response plan (IRP)—and store it accessibly. Your organization should have a detailed, clear set of policies and procedures that anticipate known potential scenarios. An effective plan gives everyone a road map for action during a chaotic event, reduces investigative costs, and helps companies avoid penalties and fines while ensuring business continuity. Breach Plan Connect® is an online platform that simplifies the process of developing an IRP and hosts it remotely (and via mobile app) so that it is immediately accessible during a crisis.

No two companies will have the same cybersecurity program but these steps are a solid baseline to build from. By following common cybersecurity measures, you add an uncommon level of protection for your business.

Do you need incident response playbooks on the most common types of cyber incidents? Start your 30-day free trial of Breach Plan Connect® today and get critical insights on responding to the most common types of cyber incidents that organizations face today, like business email compromise, malware and ransomware attacks, and more!