The cybersecurity headlines aren’t encouraging. The first three quarters of 2023 saw 70 percent more ransomware attacks than the first three quarters of 2022. More than 360 million people were the victims of corporate and institutional data breaches in the first eight months of 2023. That includes one in four people in the U.S. whose health data was exposed.
According to the Cybersecurity and Infrastructure Security Agency (CISA), spear-phishing attacks combined with compromised credentials accounted for almost 90 percent of system intrusions in 2022. More than half (54 percent) involved default administrator credentials and dormant accounts that had not been removed. One-third of attacks were caused by a spear-phishing victim clicking on a malicious link.
More than 99.99 percent of compromised accounts did not have multifactor authentication (MFA) enabled. Microsoft reports that only 28 percent of users have enabled MFA.
Phishing remains the No. 1 vector for initiating a cyberattack. More than 40 percent of incidents analyzed in the IBM Security X-Force Threat Intelligence Index 2023 involved phishing or spear phishing.
There’s no question that cyberattacks are becoming more sophisticated. Nevertheless, the vast majority of cyberattacks involve the same tried-and-true techniques, year after year. Organizations say they are investing more in security to counter these threats. However, many still aren’t making the basics part of their day-to-day operations.
Here are nine security best practices your organizations should be following daily:
- Require strong passwords. Ensure that accounts are protected by long, complex passwords or passphrases that are not reused across multiple accounts. Change default passwords on equipment and administrator accounts. Check passwords against the Have I Been Pwned website, which maintains a database of passwords exposed in data breaches.
- Use multifactor authentication. Multifactor authentication requires two or more authentication methods, such as a password and PIN, dramatically increasing security over a password alone. Implement MFA wherever it’s supported, particularly for remote access.
- Keep antivirus software up-to-date. Implement an antivirus solution that’s updated daily and does real-time scanning. You don’t necessarily have to purchase a third-party product — Windows Defender is good.
- Maintain good patch management. Outdated software remains a common vector for cyberattacks. It’s important to develop a strategy for updating operating systems and software regularly. The patch strategy encompasses more than Windows systems — all software across the IT environment should be kept up-to-date. Effective IT asset management and strong policies controlling what types of software may be installed facilitate patch management.
- Upgrade, retire or replace end-of-life software. Publishers do not release patches or updates for operating systems and applications that have reached end-of-life. As a result, EOL software poses a significant security risk.
- Implement endpoint detection and response. Many of today’s threats target mobile devices. EDR solutions monitor endpoints and use behavioral analytics, threat intelligence and heuristics to detect abnormal activity.
- Deploy filtering solutions. Content filtering solutions help to identify and block emails and websites that contain threats. DNS security solutions identify and block access to malicious domains before a connection occurs. These tools work in concert with antivirus solutions and firewalls in a layered security approach.
- Enforce least privilege access. Least privilege access principles limit access to systems and accounts users need to do their jobs. In particular, limit access to administrative accounts and do not allow local administration of desktops and laptops.
- Maintain firewalls. Firewalls are not “set and forget” security tools. They need patches and updates just like any other software. It’s also important to review firewall rules regularly and block unneeded ports.
Many organizations get caught in the trap of seeking the very best security while overlooking the basics. It’s important to follow best practices daily while taking incremental steps toward improvement. Our company, Mainstream, is here to help you identify gaps in your security environment and strengthen your security posture.
Editor’s note: Jeff Pracht is an IT business development manager for Mainstream Technologies, an Arkansas-based firm that delivers a full range of technology, software and cybersecurity services to clients. The opinions expressed are those of the author.