Aug. 16, 2023

This paid piece is sponsored by Eide Bailly LLP.

A version of this article first appeared on EideBailly.com.

A comprehensive security strategy requires consistent managing to ensure systems and data are secure from malicious actors. And while every organization will need to take a unique approach to cybersecurity, some security tactics can benefit every business – no matter its size or industry.

Here are five things every organization can do to improve its cybersecurity:

1. Educate your staff

Education is a crucial component of a solid cybersecurity plan. Knowledge can be a better asset than any tool on the market, especially since 95 percent of cyberattacks are related to human error. It’s impossible to implement technical solutions that can catch every potential threat. Your employees need to know what to watch out for and how to respond in the case of a breach.

Formal cybersecurity training should be conducted yearly at a minimum, though it’s recommended to conduct quarterly training as well as additional training for new hires. Good education includes:

• An overview of common cybersecurity threats.
• Tips on identifying and avoiding these threats.
• A clear way to report incidents.

2. Invest in a cyber insurance policy

Cybersecurity threats are inevitable. Cyber insurance can help your business mitigate the financial impacts of an incident. Cyber insurance can provide coverage for a wide range of expenses, including:

• Data recovery.
• Business interruption.
• Liability and legal fees.
• Crisis management.

When choosing a cyber insurance policy, it’s important to consider the specific needs of your organization. Factors to consider include the size of your business, the type of data you handle and the potential impact of a cyberattack on your organization. It’s also important to review the policy carefully to understand what is covered and what is not.

3. Tighten up your configurations

Tightening up your configurations to eliminate unnecessary access is a simple yet often overlooked way to reduce your organization’s vulnerability.

Harden your system and reduce the potential for compromise by periodically:

• Removing admin rights.
• Closing unused ports.
• Removing inactive user accounts.
• Uninstalling software that is no longer used.
• Ensuring your VPN is required.

Additionally, make sure your organization has enabled and required multifactor authentication. According to Microsoft engineers, 99.9 percent of account compromise attacks could have been prevented with MFA.

MFA is classified as something you have, something you know and something you are — e.g., a biometric like a fingerprint or facial recognition — that creates a second factor to another trusted source. When MFA is enabled, if a user’s password is stolen, there’s still that other authentication method needed.

4. Implement cloud security

There are several benefits of moving your on-premises hardware and applications to the cloud. However, as more and more businesses adopt digital-first models and allow employees to work remotely, it is critically important they work to ensure user and device authentication, resource access control, data privacy protection and regulatory data compliance. That’s where cloud security comes in.

Maintaining a strong cloud security comes with its own perks too – like helping you achieve lower upfront costs, reduced ongoing operational and administrative costs, easier scaling and increased reliability and availability. There are several components of cloud security, and choosing a cloud security provider will be essential to ensuring the protection and safety of your cloud environment.

5. Practice, practice, practice

Effective incident response plans are built, practiced, reviewed and improved on an ongoing basis. Practicing your organization’s plan can help you discover things that may be missed on paper.

In tabletop exercises, for example, cybersecurity professionals meet with business leaders, attorneys, IT professionals and others in the organization to ask “what if” questions. It’s also incredibly helpful to include your insurance policy details and team in these exercises, so you can shed light on what’s covered and what’s not, and so you know the specifics of contacting them when an incident occurs.

Typically, the process of a tabletop exercise involves identifying a scenario, walking through how it could play out and examining any questions or curveballs that may arise. These exercises can help identify gaps and inform recommendations to strengthen your plan against future threats.

Your practice exercises  also should include testing your backups. Backup issues are one of the main reasons businesses end up paying when hit with ransomware. They may think that their backups are safe, complete and ready to use, but that may not be the case when it comes time to reinstate them. It’s also important to understand how long it takes to reinstate your backups: it could be weeks, months or even years before your systems are ready to use again.

Cybersecurity risk is business risk

It may seem impossible to keep up with new technology and new threats, but cybersecurity incidents often are crimes of opportunity. The more you work to prevent those opportunities, the better off you’ll be. A trusted adviser can help you cover the gaps and take the burden off your team.

No matter where you are in your cybersecurity journey, Eide Bailly’s professionals can help ensure the safety and security of your systems, software and data. We take a holistic approach to cybersecurity – including advisory, integration and threat management.

Get started with a free cybersecurity consultation.