skip to Main Content
10 Best Practices for a Strong Cybersecurity Posture

The numerous high-profile data breaches that took place in 2018 illustrate that no organization, irrespective of size, scale or scope is immune from cyberattacks. 2018 witnessed a 350% increase in ransomware attacks, and a 70% increase in spear-phishing attacks.

We are looking at a state-of-affairs wherein it is very easy for cybercriminals to exploit security vulnerabilities and target weaknesses with malware or ransomware. The worrisome fact is that malware-as-a-service is a reality.

The time to initiate sustained and concrete efforts to protect mission-critical network and data is now. It is imperative to think beyond conventional security and deploy strategies that enable real-time intelligence to expose hidden risks, detect unknown threats and isolate infected systems.

Here are ten cybersecurity best practices that can help guard against the sophisticated threats that your IT infrastructure faces today. While there is no silver bullet for cybersecurity, adopting these practices will ensure better preparedness to address advanced threats and allow prompt remedial action.

  1. Get complete visibility into your network vulnerabilities

The first item that must be ticked off the list is identifying potential vulnerabilities in your network. Vulnerability assessment helps identify every device on the network and lets you assign a risk value to each. Devices may include printers, USB thumb drives, security cameras, smartphones, laptops, desktops, wireless access points, etc. As the number of potentially exploitable devices on your network keeps growing, conducting vulnerability assessment should be an ongoing process.

  1. Understand cybersecurity risk and establish a pain threshold

All businesses are different and face diverse cyber risks. The complexity of threats demands identifying the primary and secondary cyber-attacks and acceptable levels of risk. Your threshold to the pain that is a result of your risk baseline governs your investment in cybersecurity. It is critical to understand the risks in the form of financial losses, reputational damage or more. List risks in order of importance and work out a plan to address them.

  1. Plan for the weakest link – your people

When you plan to overhaul your cybersecurity infrastructure, it’s important to keep the weakest link in mind – the people in your organization. Yes, invest in the right technology that takes your network and endpoint security to the next level, but make sure your organization’s workforce is aware of the cyber threats they face and how they must address these threats. Conduct security awareness training programs that establish a culture of cybersecurity awareness.

  1. Assign importance to patch management

Equifax suffered a massive data breach (approximately 143 million compromised records) reportedly because of a vulnerability in its open source server framework. The patch for this vulnerability was available but the companyapparently did not apply it. This explains the importance of implementing a patch management strategy. Don’t be slow to applying patches when available; and it will be a good idea to usepatch management tools that can simplify and seamlessly manage the whole process for you.

  1. Get to the root of it

When it comes to cyberattacks, it is not about if they will happen, but when they will happen. Prevention is definitely better than cure, but if your organization does experience an attack, it is important to understand how it happened, how it unfolded, and the vulnerabilities it was able to exploit. Root Cause Analysis (RCA) helps you find the cause and plug key vulnerabilities.

  1. Apply real-time automated protection

 What if an attacker manages to fly under the radar and your resource-constrained IT team fails to identify a data breach in progress? Such disastrous consequences can be avoided if the threat gets identified proactively. The use of Machine Learning now allows deploying automated protection that proactively detects threats and takes real-time remedial action without manual intervention. 

  1. Maximize the potential of your security tools

Deploying the best available cybersecurity solution alone isn’t enough. You need to be able to optimize its use. Before you deploy the solution, make sure you are fully aware of the feature set and how you can use these features to harden cybersecurity controls.

  1. Devise and implement a well-defined strategy for incident response

 How do you go about responding to a cybersecurity incident? The answer lies in a comprehensive incident response plan.  Remember, data breach costs go much beyond the regulatory fines and the ransom paid to cyber baddies. An effective response plan is necessary in limiting the damage, and immediately taking a series of actions that prevent the spread of risk.

  1. Entrench the ‘security thought’ across the organization

Make sure that your organization emphasizes the importance of a secure organization to all stakeholders and makes all of them responsible for upholding security best practices. Cybersecurity is not just the responsibility of the CISO or the IT security department. It must be ingrained into all the processes that make up the organization.

  1. Get third parties vetted for security

 As a business you work with third parties and vendors who have access to company data; not all of it, but data that is essential to their working relationship with you. How are these parties managing their cybersecurity policies? Do they have the necessary controls in place to ensure your company data is protected at all times? Make sure you have a policy in place that ensures your partners are evaluated regularly from the information security perspective.

Best practices are as good or bad as the seriousness with which you deploy them. In a world where cybersecurity is extremely critical for your organization’s success, give it the importance it deserves.

Michelle DroletMichelle Drolet

Michelle Drolet

Michelle Drolet is founder of Towerwall, a woman-owned cybersecurity and cannabis compliance services provider in Framingham, Mass., with clients such as CannaCare, Smith & Wesson, Covenant Healthcare and many mid-size organizations. She can be reached at [email protected].



This Post Has 0 Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

Recent Stories

Pot is making people sick. Congress is playing catch-up.

Now that a growing body of evidence says marijuana is bad for you, more regulation is in the offing. When Gallup asked about legalizing weed last year, two-thirds of Americans supported it…

Navigating Your Options to Achieve Clean Cannabis

Improving Your Post-Harvest Remediation Strategy is The Best Way to Ensure Product Passes ​​Microbial Testing Dangers of Microbial Growth: Cannabis operations of all sizes risk exposure to biological contaminants, like…

Washington LCB Updates DIA Map for Social Equity Cannabis Licensees

By Jack Scranton, Attorney at Harris Bricken On February 2, 2023, the Washington State Liquor and Cannabis Board (“LCB”) released an update regarding the interactive mapping tool for determining whether…

Germany Seeing Sense, High Tide Strikes Deal With Major German Player, European Expansion For Bedrocan, Danish Buy-Out, Greek First, £2m UK Hemp Boost

THE German Government’s refreshingly honest approach to drugs and addiction is being demonstrated with a focus on the harms of gambling, alcohol and tobacco. On coming into office it signalled its intent…

More Categories

Back To Top
×Close search