7 Cybersecurity Strategies for 2024
7 Cybersecurity Strategies for 2024
The 7 important cybersecurity strategies you can implement TODAY to help protect your network against malicious hackers.
There were 28,775 known vulnerabilities in 2023, which is the highest ever recorded by National Institute of Standards and Technology in the National Vulnerability Database.
There is a big difference between compliance and security, yet the words used to describe the two concepts are often used interchangeably.
Let’s take a jewelry store for example. If the jeweler was required to only protect the valuables for compliance, they would only put a lock on the door when they are not at the store. Technically, they meet the requirement of securing the diamonds but aren’t fully protecting their assets from threats.
A jewelry store is full of ways to protect its business if a lock is picked, or the door is mistakenly left unlocked. They use security cameras, locked cases, only removing one piece at a time for viewing, staffing at least two people, and so on.
The jewelry store is protected by layers of security, not just one lock for after business hour threats.
Here are a few layers of cybersecurity a business can use to focus its resources on, to go beyond compliance standards.
1. Use a password manager
One place organizations can begin to improve security is requiring UNIQUE, strong passwords, and one of the easiest ways to do this is by using a password manager. Basically, a password manager securely keeps all passwords to all accounts in one “vault” and then autofill the passwords from the manager when needed. This allows users to create really strong passwords and have complex passwords for all of their accounts.
Password Managers on the market are: Dashlane, Lastpass, Bitwarden, Keeper, and so many more.
2. Implement two-factor authentication
If your password is compromised and you don’t realize it, someone can log into your account. With 2FA, such as a time sensitive text code, email, or authenticator app enabled, it’s a little harder for hackers. 2FA is the second layer of protection for passwords and account log-ins. This strategy is inexpensive and doesn’t really take much time. Keep in mind, there are phishing attacks that can trick users into sharing the code on their phone. It isn’t 100% fool-proof, but nothing in security is.
3. Verify links and potential illegitimate emails
Ransomware attacks are the preferred attack by cyber criminals since it’s the best way for them to make money. Every business has email. Every business needs their computers to do business. And many businesses have cyber insurance to cover the cost of ransomware attacks. There are criminal syndicates who develop software and sell it to criminals on the darknet, referred to as RaaS (Ransomware as a Service).
Therefore, you should look at every email with a side-eye. Consider it guilty of malicious intent until proven otherwise.
Here are few email tips to consider:
- Don’t be afraid to call the sender before you open an attachment. But don’t use the number provided. Find the phone number from a primary source.
- You do not have to open all of your emails. Remember, no one will die if you do not open an email!
- Think before you click – when you feel rushed – you are an easier target. Don’t click on links in messages. For example, if you see a webinar you would like to attend: Close out your email… Use a search engine (Duck Duck Go, Google, Bing and/or others). Locate the legitimate site, and sign-up from the from there.
- Use a free domain lookup tool to verify the web address. This is an online tool to verify the domain name of a website to see where it originates from, who owns it, and how long it has been a website. If it was established recently or looks suspicious or malicious you will want to stay away from it. Use your best judgement – every time!
4. Evaluate risk transference
Let’s explore the concept of risk transference.
If insurance companies handed out auto insurance, but didn’t require people to have a driver’s license or any type of safety course, what would the highway look like? Would you trust someone who doesn’t have a license, but has insurance? Well, this is exactly what happens in the cyber liability insurance industry right now.
The liability or responsibility of risks is transferred to another organization, typically accomplished by buying cyber liability insurance. However, if organizations aren’t holding up their end of the deal, the insurance could be a useless defense.
It is only a “good start” because if your business is supposed to offer formal, interactive, cyber-security awareness training to your employees twice per year, but you only provide improvised, voluntary training, it could be difficult to file a claim after a security breach. The insurance company could deny your claim, reduce your coverage, adjust the premium, or void your policy.
The last 3 strategies are for those who are really cracking down on cybersecurity. They require more time and resources but are vital assets to an organization’s security.
5. Start security awareness training
98% of data breaches involved social engineering in 2023.
Humans are the weakest link for cyber-attacks since phishing is so widely used by cybercriminals. But you can practice how to identify phishing emails and foil attacks. You can practice your security awareness skills, and you can learn how to identify new attacks before they happen. Zelvin Security offers cyber security awareness training. We hope you will consider reaching out to us for an interactive program that provides practical tips to protect yourself at work, home or wherever you are online.
6. Use security assessments to your advantage
Let’s explore the types of security assessments and the goals for each.
- Risk Assessment – a non-technical high-level overview of the security posture of the organization, measured by the author. It is subjective. It is not measuring the effectiveness of the security controls; it is simply describing the assets and controls within the organization. This is a compliance checklist. It is not a security assessment.
- Vulnerability Assessment – a technical security assessment provided by Zelvin Security. The goal of the engagement is to identify well-known vulnerabilities within the tested environment which could potentially be exploited by a threat actor or make a system perform in an unintended manner. In 2019 over 20,000 new, unique computer vulnerabilities were discovered. This type of test identifies if these vulnerabilities are on a network/system and whether or not, the business is at risk for these vulnerabilities. At Zelvin Security, we take the test one step further and provide businesses with a step-by-step guide to mitigate the vulnerabilities in the least expensive, most effective way possible.
- Penetration Test – a simulated cyber-attack. A penetration test is when Ethical Hackers are paid to identify security issues within a business emulating a malicious actor to see if PII, PHI, sensitive data, credentials, and access to unauthorized areas can be discovered and exploited. With this type of test Zelvin Security sends phishing emails to try to trick users into providing access, but the testers also try to trick the computer systems and security controls into allowing access. This is the type of test to see how the network, application, or cloud environment tolerates a real-world attack, the likely level of sophistication an attacker needs to successfully compromise the system and identifies if the countermeasures in place (like 2FA, endpoint detection software, antivirus, and more) are effective at mitigating threats against the system.
If your business is not routinely performing 3rd-party cybersecurity assessments to identify technical security threats, you are an easier target than businesses who are measuring their success against attacks.
7. Know your assets
Today, if you don’t have a comprehensive understanding of all your digital assets, take a moment to complete an audit.
How many computers, printers, cameras, machines, servers, IoT, timeclocks, and other digital devices are on your network?
This is the most important pillar to security. Why is it the most important element? Because if you don’t know what you are trying to protect, you can’t protect it! And, if you experience an attack, you need to know your digital assets.
This list is just 7 of the most important cybersecurity strategies you can implement today to help protect your network against malicious actors.
If you have additional security related questions, please don’t hesitate to reach out to Zelvin Security. Our goal is to help you secure your business assets and improve your computer security posture BEFORE an attack.
So, let’s figure out what you need to do to protect your business!
In the diverse landscape of cybersecurity, two distinct yet collaborative providers play pivotal roles in defending your digital space: IT Providers and Ethical Hackers. While their ultimate goal is to enhance the security posture of organizations, they approach the task…
More digital tools = more cyber risks. Does your organization use technology? Do you store client, employee, and confidential data? Few can say no, as business are efficiently scaled using digital tools to automate operations, store data, and communicate internally…
The 7 important cybersecurity strategies you can implement TODAY to help protect your network against malicious hackers. There were 28,775 known vulnerabilities in 2023, which is the highest ever recorded by National Institute of Standards and Technology in the National…
39 Cybersecurity experts, including Zelvin Security’s President, Jeff Atkinson, took to LinkedIn to address the effectiveness of vulnerability scanners to proactively protect your network. What is a vulnerability scanner? These are software applications that scan a network for known vulnerabilities….
K-12 Education Cybersecurity is increasingly more important for school district officials. Security is worth the investment.
As a proud supporter of the East Tennessee Economic Council (ETEC) community, Zelvin Security presents the following information as a guide to improve the cybersecurity programs of ETEC member organizations. One of the challenges all business leaders face is finding…
These are the core values that guide the daily work of Zelvin Security, a cybersecurity consulting firm.
Because securing digital assets is as important as locking an office door. Cybersecurity isn’t just a “nice-to-have" - It’s a must to keep your financial health and reputation intact.
Strengthen the cybersecurity of third-party vendors to enhance your organizations security posture. Use the resources in this article as a starting point to implement proactive measures.
How to Efficiently Allocate Cybersecurity Funds The economy has become more reliant on digital assets than ever before. Cybercrime is at its highest. The cost and consequences of data breaches are on the rise. This means we have to…