In my last post, I described people-focused cybersecurity best practices to share with your clients. This time, I’m adding some key cybersecurity best practices basics as well as three essential cybersecurity strategies.
First, the basics
Chances are you and your clients have heard these before, but they bear repeating now more than ever:
- Layer security to achieve defense in depth
Important layers include up-to-date antivirus software at all endpoints ; fending off zero-day assaults requires firewalls , heuristics, intrusion prevention/detection systems (IPS/IDS), behavioral-based threat prevention, data leak and anomaly detection, real-time security intelligence and event management (SIEM) , and unified threat management on edge devices.
- Back up data
For the most thorough protection, tell your clients to back up data daily both locally and to an off-site cloud – and make sure to detach (airgap) external storage devices once a backup is done to protect it from cyberattack.
- Encrypt your data
- Patch your software
- Build sandboxes
Opening files (email attachments, web downloads, etc.) in a sandboxed virtual environment will help your clients spot malicious behavior before it can spread.
- Segment your network
This prevents malware from replicating itself across systems and networks.
- Continuously Monitor DNS Traffic
Your clients will be better able to discover cyberattacks before they launch.
- Use counter-deception techniques
This forces attackers to continuously search for targets, boosting chances of discovery and making cyberattacks more costly and less feasible.
- Review the cybersecurity stances and policies of all your service providers
Your clients’ cybersecurity is only as strong as its weakest online link.
Behind the bottom-up basics – 3 top-down strategies
Cybersecurity is a business essential requiring strategic consideration. To that end, advise your clients to…
- Make information security a corporate-wide concern
Your clients need to conduct integrated, coordinated, all-encompassing information security reviews that include…
- A comprehensive, regularly-scheduled assessment of technical security controls that builds awareness of details like where business-critical data resides, which users access which files and when, and what permissions and privileges users have.
- Cyberattack simulations, beginning with tabletop exercises that enable your clients to brainstorm step by step how best to address a real cyberattack. While performing these exercises internally can be effective, your clients will likely benefit even more by conducting them with the help of a qualified third-party vendor.
- A regularly-tested incident response plan documenting data recovery requirements and delineating incident response responsibilities so your clients can recover their data and operations ASAP.
- Consider buying cyber insurance
- Prepare for cybersecurity ratings
These determine how prepared an organization is to withstand cyberattack. Recently, some two dozen U.S. companies, including several big banks, teamed up to establish shared principles to boost cybersecurity ratings transparency .
Finally, unless your clients have plenty of cybersecurity professionals in-house, bring in expert help before an incident occurs. You’ll save your clients plenty in the long run.