As a new year begins, it's important to review your cybersecurity habits and make sure that you’re doing everything possible to keep your company data and IT systems safe and secure. After all, cyberattacks keep growing in number and sophistication, so you also need to keep improving your cyber defenses.
Here are six good security habits to practice in 2023.
1. Improve password security
Use a unique and strong password for each device or account. According to the National Institute of Standards and Technology (NIST), longer passwords with at least eight characters are ideal.
NIST also no longer advises the use of passwords with a combination of upper- and lowercase letters, numbers, and special characters, because this makes it difficult for users to remember passwords. Instead, NIST now recommends the use of a passphrase, which is composed of a sentence or combination of words.
Read also: NIST password guidelines
To further boost password security, enable multifactor authentication (MFA). MFA grants users account access only after they’ve supplied two or more pieces of evidence, such as:
- A one-time password sent via SMS or an authentication app
- A fingerprint or facial scan
- A hardware token
With MFA enabled, hackers would need to input the login credentials and fulfill the other authentication requirements. This makes it harder for them to gain unauthorized access.
2. Regularly review user access and privileges
To minimize the risk of data loss or theft, users should have access only to the files and IT resources necessary for their roles. This means you should regularly review who has access to certain data and revoke access when it's no longer necessary. Doing so can prevent data breaches caused by malicious insiders or careless employees with too much access.
3. Encrypt sensitive and confidential data
Using data encryption helps protect sensitive and confidential company information from being stolen or tampered with. Data should be encrypted both at rest (i.e., when stored in the system or device) and in transit (i.e., when sent over the internet).
If you store third-party data, make sure to comply with industry regulations and encrypt confidential information, such as credit card numbers, Social Security numbers, and healthcare data.
4. Keep all software up to date
Apply software updates as soon as they become available since they usually include patches for known security holes. This reduces the risk of software vulnerabilities that cybercriminals can exploit to breach systems.
If possible, enable automatic updates to ensure that all programs stay up to date.
5. Monitor the company network
Monitoring network activity can help detect suspicious behavior that may indicate a security breach. For example, if you notice an increase in data traffic or unexpected hardware being connected to the network, it could mean that someone is trying to steal your data. By conducting network monitoring, you can respond swiftly to potential threats before these can cause any damage.
6. Back up important company data regularly
Maintain multiple up-to-date copies of your critical company data. This way, if your primary copy becomes inaccessible for whatever reason — due to hardware failure, natural disaster, or cyberattack — you can simply restore other copies of it.
When backing up data, it’s best to follow the 3-2-1 rule:
- 3 – You should have at least three copies of your data, including the primary and two backups.
- 2 – These copies should be stored on two different types of media, such as an external hard drive, cloud storage, or a USB stick.
- 1 – One copy of your data should be stored off site to protect it against natural disasters or other physical threats.
Adopting these six security habits is a great first step to improving your company’s security posture. For better cyber protection, leverage SpectrumWise’s seven-layered security solution. Schedule a FREE consultation with us today.