If your organization plans to use technology in 2024 (who isn't?!), consider these trends   


1. The advancement of AI creates new avenues for cybercrime if APIs and applications are not thoroughly tested   


2. Increased automation may foster an “out of sight, out of mind” attitude toward cybersecurity  


3. Evidence-based cybersecurity planning reduces your chance of a data breach, reputational damage, financial loss, etc

7 Cybersecurity Strategies for 2024

7 Cybersecurity Strategies for 2024

The 7 important cybersecurity strategies you can implement TODAY to help protect your network against malicious hackers. 

There is a big difference between compliance and security, yet the words used to describe the two concepts are often used interchangeably.  

Let’s take a jewelry store for example. If the jeweler was required to only protect the valuables for compliance, they would only put a lock on the door when they are not at the store. Technically, they meet the requirement of securing the diamonds but aren’t fully protecting their assets from threats.  

A jewelry store is full of ways to protect its business if a lock is picked, or the door is mistakenly left unlocked. They use security cameras, locked cases, only removing one piece at a time for viewing, staffing at least two people, and so on.  

The jewelry store is protected by layers of security, not just one lock for after business hour threats. 

Here are a few layers of cybersecurity a business can use to focus its resources on, to go beyond compliance standards. 

One place organizations can begin to improve security is requiring UNIQUE, strong passwords, and one of the easiest ways to do this is by using a password manager. Basically, a password manager securely keeps all passwords to all accounts in one “vault” and then autofill the passwords from the manager when needed. This allows users to create really strong passwords and have complex passwords for all of their accounts. 

Password Managers on the market are: Dashlane, Lastpass, Bitwarden, Keeper, and so many more. 

If your password is compromised and you don’t realize it, someone can log into your account. With 2FA, such as a time sensitive text code, email, or authenticator app enabled, it’s a little harder for hackers. 2FA is the second layer of protection for passwords and account log-ins. This strategy is inexpensive and doesn’t really take much time. Keep in mind, there are phishing attacks that can trick users into sharing the code on their phone. It isn’t 100% fool-proof, but nothing in security is. 

Ransomware attacks are the preferred attack by cyber criminals since it’s the best way for them to make money. Every business has email. Every business needs their computers to do business. And many businesses have cyber insurance to cover the cost of ransomware attacks. There are criminal syndicates who develop software and sell it to criminals on the darknet, referred to as RaaS (Ransomware as a Service).  

Therefore, you should look at every email with a side-eye. Consider it guilty of malicious intent until proven otherwise.

Here are few email tips to consider: 

  • Don’t be afraid to call the sender before you open an attachment. But don’t use the number provided. Find the phone number from a primary source. 
  • You do not have to open all of your emails. Remember, no one will die if you do not open an email! 
  • Think before you click – when you feel rushed – you are an easier target. Don’t click on links in messages. For example, if you see a webinar you would like to attend: Close out your email… Use a search engine (Duck Duck Go, Google, Bing and/or others). Locate the legitimate site, and sign-up from the from there.  
  • Use a free domain lookup tool to verify the web address. This is an online tool to verify the domain name of a website to see where it originates from, who owns it, and how long it has been a website. If it was established recently or looks suspicious or malicious you will want to stay away from it. Use your best judgement – every time! 

Let’s explore the concept of risk transference.

If insurance companies handed out auto insurance, but didn’t require people to have a driver’s license or any type of safety course, what would the highway look like? Would you trust someone who doesn’t have a license, but has insurance? Well, this is exactly what happens in the cyber liability insurance industry right now. 

The liability or responsibility of risks is transferred to another organization, typically accomplished by buying cyber liability insurance. However, if organizations aren’t holding up their end of the deal, the insurance could be a useless defense.

It is only a “good start” because if your business is supposed to offer formal, interactive, cyber-security awareness training to your employees twice per year, but you only provide improvised, voluntary training, it could be difficult to file a claim after a security breach. The insurance company could deny your claim, reduce your coverage, adjust the premium, or void your policy. 

98% of data breaches involved social engineering in 2023.  

Humans are the weakest link for cyber-attacks since phishing is so widely used by cybercriminals. But you can practice how to identify phishing emails and foil attacks. You can practice your security awareness skills, and you can learn how to identify new attacks before they happen. Zelvin Security offers cyber security awareness training. We hope you will consider reaching out to us for an interactive program that provides practical tips to protect yourself at work, home or wherever you are online. 

Let’s explore the types of security assessments and the goals for each.  

  1. Risk Assessment – a non-technical high-level overview of the security posture of the organization, measured by the author. It is subjective. It is not measuring the effectiveness of the security controls; it is simply describing the assets and controls within the organization. This is a compliance checklist. It is not a security assessment. 
  1. Vulnerability Assessment – a technical security assessment provided by Zelvin Security. The goal of the engagement is to identify well-known vulnerabilities within the tested environment which could potentially be exploited by a threat actor or make a system perform in an unintended manner. In 2019 over 20,000 new, unique computer vulnerabilities were discovered. This type of test identifies if these vulnerabilities are on a network/system and whether or not, the business is at risk for these vulnerabilities. At Zelvin Security, we take the test one step further and provide businesses with a step-by-step guide to mitigate the vulnerabilities in the least expensive, most effective way possible. 
  1. Penetration Test – a simulated cyber-attack. A penetration test is when Ethical Hackers are paid to identify security issues within a business emulating a malicious actor to see if PII, PHI, sensitive data, credentials, and access to unauthorized areas can be discovered and exploited. With this type of test Zelvin Security sends phishing emails to try to trick users into providing access, but the testers also try to trick the computer systems and security controls into allowing access. This is the type of test to see how the network, application, or cloud environment tolerates a real-world attack, the likely level of sophistication an attacker needs to successfully compromise the system and identifies if the countermeasures in place (like 2FA, endpoint detection software, antivirus, and more) are effective at mitigating threats against the system. 

If your business is not routinely performing 3rd-party cybersecurity assessments to identify technical security threats, you are an easier target than businesses who are measuring their success against attacks. 

Today, if you don’t have a comprehensive understanding of all your digital assets, take a moment to complete an audit.  

This is the most important pillar to security. Why is it the most important element? Because if you don’t know what you are trying to protect, you can’t protect it! And, if you experience an attack, you need to know your digital assets. 

Zelvin Security

IT Providers vs. Ethical Hackers  

In the diverse landscape of cybersecurity, two distinct yet collaborative providers play pivotal roles in defending your digital space: IT Providers and Ethical Hackers.   While their ultimate goal is to enhance the security posture of organizations, they approach the task…


Investing Wisely in 2024: Cybersecurity 

More digital tools = more cyber risks.  Does your organization use technology? Do you store client, employee, and confidential data?  Few can say no, as business are efficiently scaled using digital tools to automate operations, store data, and communicate internally…


7 Cybersecurity Strategies for 2024

The 7 important cybersecurity strategies you can implement TODAY to help protect your network against malicious hackers.  There were 28,775 known vulnerabilities in 2023, which is the highest ever recorded by National Institute of Standards and Technology in the National…


Can you proactively secure your network with vulnerability scanners? 

39 Cybersecurity experts, including Zelvin Security’s President, Jeff Atkinson, took to LinkedIn to address the effectiveness of vulnerability scanners to proactively protect your network.   What is a vulnerability scanner?  These are software applications that scan a network for known vulnerabilities….


School District Data = Hacker Paychecks

Students looking at computers

K-12 Education Cybersecurity is increasingly more important for school district officials. Security is worth the investment.


What ETEC Members Need To Know About Cybersecurity 

As a proud supporter of the East Tennessee Economic Council (ETEC) community, Zelvin Security presents the following information as a guide to improve the cybersecurity programs of ETEC member organizations. One of the challenges all business leaders face is finding…


Zelvin Security at the Core

Describing the core values of Zelvin Security, a cybersecurity consulting firm

These are the core values that guide the daily work of Zelvin Security, a cybersecurity consulting firm.


The Cost of Ignoring Cyber Risks

Because securing digital assets is as important as locking an office door. Cybersecurity isn’t just a “nice-to-have" - It’s a must to keep your financial health and reputation intact.


How Much Do You Know About Third-Party Vendor Security?

The importance of third party vendor security

Strengthen the cybersecurity of third-party vendors to enhance your organizations security posture. Use the resources in this article as a starting point to implement proactive measures.


A CISO’s Guide to Cybersecurity Budgeting 

skyline with padlock overlay

How to Efficiently Allocate Cybersecurity Funds   The economy has become more reliant on digital assets than ever before. Cybercrime is at its highest. The cost and consequences of data breaches are on the rise.  This means we have to…