With the fear of being the next victim of a cybersecurity breach, organizations may be tempted to purchase any “next best thing” solution before first meeting basic cybersecurity requirements. Quieting out the noise, we are often reminded by peers in the cybersecurity industry to go “back to the basics.” While we endorse many security solutions that provide advanced protection, breaches can often be caused by a lack of the most basic cybersecurity best practices. Use these cybersecurity ABCs as a baseline before investing in more advanced security solutions.
A is for… Assessments. Conducting regular cybersecurity assessments helps evaluate your organization’s cybersecurity posture so that you can address vulnerabilities and remediate gaps.
B is for… Backups. You can never be 100% protected from cybersecurity attacks. In the event of a compromised device, backups can keep your data from being lost.
C is for… Cloud Security. While cloud security used to be a “nice to have”, as more and more organizations are moving their data to the cloud, having solutions that specifically address the cloud are now a requirement.
D is for…Data Loss Prevention (DLP). DLP detects potential data breaches while data is “in use,” “in motion,” or “at rest.”
E is for…Encryption. By converting plaintext to code, encryption makes it more difficult for sensitive data to be deciphered by malicious actors.
F is for…Firewall. By creating a barrier between a trusted network and an untrusted network, a firewall provides a baseline level of security, monitoring traffic moving between networks.
G is for…Gateway. A web gateway or email gateway will isolate information from websites or emails that could be malicious from effecting the attack. This is an effective way of minimizing the effects of phishing.
H is for… HTTPS. Remind the employees in your organization about basic website security best practices. If the website has the S on HTTPS, it is most likely secure and safe to browse.
I is for… IAM. Identity and Access Management (IAM) is an important solution set to ensure that the right person is accessing the right data at the right time.
J is for…Jobs. Depending on the size of your company, having a dedicated cybersecurity expert, or hiring an outsourced cybersecurity consulting firm, can help your organization achieve compliance and be best prepared against an attack.
K is for… Knowledge of Industry Standards. Being compliant and having knowledge of updates to industry standards is essential to continue conducting business in many industries.
L is for…Logs. Monitoring and recording events that occur within your organization’s network using logs can detect and determine the cause for potential breaches.
M is for… MFA. Multi-Factor Authentication is one of the most recommended security tools to prevent an unauthorized user from gaining access to a network through credential theft.
N is for…Network Security. Having network security solutions provides your organization with the tools to prevent and detect unauthorized access or misuse of your network.
O is for…Optimize. If you do have cybersecurity solutions in your environment, ensure that they are updated and tested so that you know they are working correctly.
P is for… Passwords. Using strong passwords and updating them frequently are the most basic cybersecurity best practices.
Q is for… Question everything! Never trusting and always verifying is an essential framework. The idea of zero trust is to question every user before letting them access anything in an organization’s environment.
R is for…Ransomware prevention. Solutions such as endpoint detection and response in addition to basic security tools can be used to minimize the threat of ransomware.
S is for…SaaS. Many organizations have sensitive data stored in SaaS applications. Take steps to secure this data as traditional cybersecurity may not already be applied to these SaaS applications.
T is for…Teamwork. Cybersecurity is not just the job of the information security team. Everyone should play a role in spreading awareness and preventing cybersecurity attacks.
U is for…URL. Always check URLs for legitimacy before clicking on any link. Clicking on malicious URLs is a common vector for attacks like malware and ransomware.
V is for… VPN. A VPN provides an extra layer of security for all of your online activities.
W is for… Web Security. Basic web security solutions are becoming a requirement as a majority of organizations access the web regularly to conduct business.
X is for…XDR. While XDR is an advanced technology solution, its core functions of protecting data across the endpoint, cloud, network, email and, server, is a key solution to prevent cyber-attacks and maintain compliance.
Y is for…Yearly Security Audits. Conducting cybersecurity assessments and audits yearly is a good rule of thumb for any organization. For fast-growing companies that are constantly adding new employees and new technologies, assessments should be conducted more frequently.
Z is for… Zero Trust. The idea to never trust and always verify is an essential framework to maintain. Adopting zero-trust solutions and creating zero-trust policies is key to any organization.