The 7 important cybersecurity strategies you can implement TODAY to help protect your network against malicious hackers. 

There were 28,775 known vulnerabilities in 2023, which is the highest ever recorded by National Institute of Standards and Technology in the National Vulnerability Database.

There is a big difference between compliance and security, yet the words used to describe the two concepts are often used interchangeably.  

Let’s take a jewelry store for example. If the jeweler was required to only protect the valuables for compliance, they would only put a lock on the door when they are not at the store. Technically, they meet the requirement of securing the diamonds but aren’t fully protecting their assets from threats.  

A jewelry store is full of ways to protect its business if a lock is picked, or the door is mistakenly left unlocked. They use security cameras, locked cases, only removing one piece at a time for viewing, staffing at least two people, and so on.  

The jewelry store is protected by layers of security, not just one lock for after business hour threats. 

Here are a few layers of cybersecurity a business can use to focus its resources on, to go beyond compliance standards. 

1. Use a password manager

One place organizations can begin to improve security is requiring UNIQUE, strong passwords, and one of the easiest ways to do this is by using a password manager. Basically, a password manager securely keeps all passwords to all accounts in one “vault” and then autofill the passwords from the manager when needed. This allows users to create really strong passwords and have complex passwords for all of their accounts. 

Password Managers on the market are: Dashlane, Lastpass, Bitwarden, Keeper, and so many more. 

2. Implement two-factor authentication

If your password is compromised and you don’t realize it, someone can log into your account. With 2FA, such as a time sensitive text code, email, or authenticator app enabled, it’s a little harder for hackers. 2FA is the second layer of protection for passwords and account log-ins. This strategy is inexpensive and doesn’t really take much time. Keep in mind, there are phishing attacks that can trick users into sharing the code on their phone. It isn’t 100% fool-proof, but nothing in security is. 

3. Verify links and potential illegitimate emails

Ransomware attacks are the preferred attack by cyber criminals since it’s the best way for them to make money. Every business has email. Every business needs their computers to do business. And many businesses have cyber insurance to cover the cost of ransomware attacks. There are criminal syndicates who develop software and sell it to criminals on the darknet, referred to as RaaS (Ransomware as a Service).  

Therefore, you should look at every email with a side-eye. Consider it guilty of malicious intent until proven otherwise.

Here are few email tips to consider: 

• Don’t be afraid to call the sender before you open an attachment. But don’t use the number provided. Find the phone number from a primary source. 
• You do not have to open all of your emails. Remember, no one will die if you do not open an email! 
• Think before you click – when you feel rushed – you are an easier target. Don’t click on links in messages. For example, if you see a webinar you would like to attend: Close out your email… Use a search engine (Duck Duck Go, Google, Bing and/or others). Locate the legitimate site, and sign-up from the from there.  
• Use a free domain lookup tool to verify the web address. This is an online tool to verify the domain name of a website to see where it originates from, who owns it, and how long it has been a website. If it was established recently or looks suspicious or malicious you will want to stay away from it. Use your best judgement – every time! 

4. Evaluate risk transference

Let’s explore the concept of risk transference.

If insurance companies handed out auto insurance, but didn’t require people to have a driver’s license or any type of safety course, what would the highway look like? Would you trust someone who doesn’t have a license, but has insurance? Well, this is exactly what happens in the cyber liability insurance industry right now. 

The liability or responsibility of risks is transferred to another organization, typically accomplished by buying cyber liability insurance. However, if organizations aren’t holding up their end of the deal, the insurance could be a useless defense.

It is only a “good start” because if your business is supposed to offer formal, interactive, cyber-security awareness training to your employees twice per year, but you only provide improvised, voluntary training, it could be difficult to file a claim after a security breach. The insurance company could deny your claim, reduce your coverage, adjust the premium, or void your policy. 

The last 3 strategies are for those who are really cracking down on cybersecurity. They require more time and resources but are vital assets to an organization’s security.  

5. Start security awareness training

98% of data breaches involved social engineering in 2023.  

Humans are the weakest link for cyber-attacks since phishing is so widely used by cybercriminals. But you can practice how to identify phishing emails and foil attacks. You can practice your security awareness skills, and you can learn how to identify new attacks before they happen. Zelvin Security offers cyber security awareness training. We hope you will consider reaching out to us for an interactive program that provides practical tips to protect yourself at work, home or wherever you are online. 

6. Use security assessments to your advantage

Let’s explore the types of security assessments and the goals for each.  

1. Risk Assessment – a non-technical high-level overview of the security posture of the organization, measured by the author. It is subjective. It is not measuring the effectiveness of the security controls; it is simply describing the assets and controls within the organization. This is a compliance checklist. It is not a security assessment. 

2. Vulnerability Assessment – a technical security assessment provided by Zelvin Security. The goal of the engagement is to identify well-known vulnerabilities within the tested environment which could potentially be exploited by a threat actor or make a system perform in an unintended manner. In 2019 over 20,000 new, unique computer vulnerabilities were discovered. This type of test identifies if these vulnerabilities are on a network/system and whether or not, the business is at risk for these vulnerabilities. At Zelvin Security, we take the test one step further and provide businesses with a step-by-step guide to mitigate the vulnerabilities in the least expensive, most effective way possible. 

3. Penetration Test – a simulated cyber-attack. A penetration test is when Ethical Hackers are paid to identify security issues within a business emulating a malicious actor to see if PII, PHI, sensitive data, credentials, and access to unauthorized areas can be discovered and exploited. With this type of test Zelvin Security sends phishing emails to try to trick users into providing access, but the testers also try to trick the computer systems and security controls into allowing access. This is the type of test to see how the network, application, or cloud environment tolerates a real-world attack, the likely level of sophistication an attacker needs to successfully compromise the system and identifies if the countermeasures in place (like 2FA, endpoint detection software, antivirus, and more) are effective at mitigating threats against the system. 

If your business is not routinely performing 3rd-party cybersecurity assessments to identify technical security threats, you are an easier target than businesses who are measuring their success against attacks. 

7. Know your assets

Today, if you don’t have a comprehensive understanding of all your digital assets, take a moment to complete an audit.  

How many computers, printers, cameras, machines, servers, IoT, timeclocks, and other digital devices are on your network? 

This is the most important pillar to security. Why is it the most important element? Because if you don’t know what you are trying to protect, you can’t protect it! And, if you experience an attack, you need to know your digital assets. 

This list is just 7 of the most important cybersecurity strategies you can implement today to help protect your network against malicious actors.

If you have additional security related questions, please don’t hesitate to reach out to Zelvin Security. Our goal is to help you secure your business assets and improve your computer security posture BEFORE an attack.

So, let’s figure out what you need to do to protect your business!