In modern times, when our professional tasks and personal chores are widely being facilitated by the internet, especially after the pandemic, the risks of cyber incidents on the digital landscape significantly increased. The most significant cyber incidents happened on highly ranked websites, telecom giants, technology firms, and Governments.
As per a recent report, the post-pandemic world saw a rise in businesses’ data security budgets to 51% compared to their overall revenue. In this report, 29% of Chief Executive Officers (CEOs) and 40% of Chief Security Officers (CSOs) also admitted that they were unprepared for the quickly evolving digital threats. Here’s what we can do to boost the overall cybersecurity infrastructure in our organizations:
Bringing a VPN system in place
The first step to maintaining safe and secure data in your servers is to enable access to the World Wide Web (WWW) in your company through a Virtual Private Network, or VPN. This means creating a private and protected connection between computers in your organization and the outside internet.
A VPN secures and masks your connection on the internet by routing the traffic through secured and encrypted servers. This way, your identity and data both remain protected.
Be wary while keeping passwords.
Some interesting surveys show that about 55% of people scammed in phishing incidents haven’t changed their passwords since. In addition, easy-to-guess passwords like “123456” are still used by about 23 million account holders on the internet. As per a credible report on Data Breach Investigations, 81% of cyber incidents occur due to weak passwords.
The premise conveys that passwords chosen for web portals must be a combination of alphanumeric characters with upper and lower cases. When a survey concluded that only 52% of people admitted to resetting their passwords regularly, almost half of the other chunk remains in line with severe vulnerability. Periodic resetting the password once a month and using a unique solid combination of keystrokes is a must.
Implement two-factor authentication on email servers.
This relatively new technology bolsters security in email accounts and other web portals, wherein a two-way login method is introduced. In two-factor authentication, alongside a password, a Time Password (OTP) is generated via phone calls, text messages, or emails to ensure an authentic and even safer login into a designated server.
Therefore, the company’s IT administrators must ensure that all login accounts on their platform are compatible and activated with a two-way authentication method, wherein even if a password is compromised, unauthorized logins can be prevented.
Ensure regular backups
Ransomware is a malware program designed to lock you out of your database. Once this happens, the creators then demand ransom money to allow you to regain access to it. As a proactive step, it is always wise to frequently and constantly back up your company’s critical databases on the cloud or additional storage devices to avert the risk of being caught in a ransomware incident.
A recent case of such an incident in India was at the All India Institute of Medical Sciences (AIIMS) in New Delhi when their databases were compromised. Studies have time and again proved the importance of keeping data backed up. Leverage the 3-2-1 strategy: three (3) copies of data, including your production files; two (2) copies backed up to different media; and one (1) copy stored offsite. Store backups offsite or within a segmented network.
Conduct awareness and sensitization sessions.
A collective effort toward cybersecurity is always better than only a few IT department members assigned roles and responsibilities to protect your company’s entire computing infrastructure. With this, it is crucial to at least quarterly conduct sensitization programs, seminars, and workshops to make people aware how cybersecurity can run the risk of being compromised through unintentional actions.
When people are aware, they will be less prone to phishing cases compromising the IT infrastructure of the business. In addition, through awareness, they will be more in perspective to prevent the unauthorized release of vital business data to outsiders.
The way ahead in cybersecurity
In an age when remote working is becoming more popular, ensuring sound cybersecurity practices on each computer terminal of the business is more important than ever. While centralized, integrated methods such as VPNs, firewalls, and regular backups are necessary, ensuring that people are backed with knowledge and awareness of cybersecurity becomes a topic of utmost importance. Proactively working with a cybersecurity expert in the form of an Incident Response Retainer (IRR) allows you to establish terms and conditions for incident response services before a cybersecurity incident is suspected. With an IRR in place, you have a trusted partner on standby. This proactive approach can significantly reduce the response time, thereby reducing the impact of an incident. Lastly, the entire endeavor is a combined effort, wherein all stakeholders, including the company’s employees and IT managers, are party to creating a safe cyberspace in the organization.
(The author is Mr. Sandeep Peshkar, Senior Vice President, Arete and the views expressed in this article are his own)
