Have you made a New Year’s resolution yet? Apparently, only 9 percent of us who make goals manage to keep them. The likely reason is that the goals we make are hard to keep. Goals need to become habits to stay the course.
Good habits can improve lives. In business, good habits can also improve our business. In 2018, security threats hit UK businesses hard. We saw incidents involving ransomware, crypto-jacking, phishing, and scams galore. According to Verizon, in the last year, around 40 percent of successful cyber-attacks involved ransomware. The same report also pointed out that 85% of organisations have suffered a phishing attack. In Q3 of 2018, Kaspersky identified a large surge in various scam emails including sextortion emails.
The cybersecurity landscape is messy, complex, and difficult to navigate. However, good cybersecurity habits can make a really good New Year resolution that can help to keep your business security-safe this year. Here are 5 good habits to take up in 2019.
Your 5 Cybersecurity New Year resolutions
Good Habit 1: Cybersecurity awareness and culture of security
It all begins with knowing what you are up against. “Forewarned is forearmed” is as true in cybersecurity as it is in other areas of business. Your first good habit should be to make your entire business security aware. Cybersecurity awareness training is something that all size businesses, across all sectors, can use to ensure that staff are clued up about modern security threats. Security awareness training is a holistic, enjoyable, series of activities that take your staff through exercises designed to make them cybersecurity savvy. The end result is that your staff become your first line of defence against cybercrime.
Being cybersecurity aware also gives your staff the confidence to spot the signs of phishing emails and scams. A good training package will offer phishing simulation exercises too. Phishing simulations train your users to stop and think before clicking links and downloading suspicious attachments.
While you are building security awareness as a good habit for 2019, also check out our regular Breaking Scams reports. These reports bring you up-to-date news on the latest scams.
Good Habit 2: Password hygiene
Passwords bring big risks in cybersecurity. Security breaches like the Uber data breach, which affected 57 million users, are often due to poorly managed passwords. In the case of Uber, the passwords of developers and other privileged users were shared openly in a Cloud repository. A good habit to develop is to make sure that your password policy includes:
- Robust password choices – we recommend the use of a passphrase made up from three or four memorable words.
- No communal sharing of passwords, especially if the user has privileged access to resources.
Good Habit 3: Using Second-Factor Authentication (2FA) across the business
Enforcing the use of robust passwords across your organisation is a good security habit to get into. However, go one better, and wherever possible, add in the requirement to use a second-factor (also known as two-factor, authentication (2FA)) to login to company resources. Second factors usually come in the form of SMS text codes, mobile app codes, email codes, or even biometrics – like a fingerprint or retina scan. Many Cloud applications are now available with 2FA as an option, but you will need to set this up for your users. At a minimum, enforce the use of 2FA for anyone in your business with privileged access, e.g. a network administrator
Good Habit 4: Mobile hygiene
Workplace mobility is to be encouraged as it has been shown to improve productivity. However, mobile devices in the workplace are also a potential security nightmare. McAfee has identified year-on-year growth in the numbers of mobile malware available for mobile device infection. Even legitimate stores like Google Play were found to have high failure rates when detecting malware-ridden apps.
If your staff use mobile devices at work or at home to access work resources, ensure you follow basic mobile hygiene practices, such as:
- Ensure devices are patched promptly and operating systems are up-to-date
- Only allow apps to be downloaded from approved stores
- Avoid using open Wi-Fi, for example when employees are travelling
- Train users about mobile-based phishing, e.g. how to spot a malicious text message
Good Habit 5: Clean desk policy
And, our final suggestion for a good security habit for 2019 is to ensure your staff keeps their desks tidy. Enforcing a clean desk policy can help to alleviate a number of security risks, including:
- Making sure that sensitive information isn’t left lying around
- Prohibiting the writing down of passwords on pieces of paper
- It can also ensure you meet certain compliance criteria. ISO 27001 requires that you have a clean desk policy in place
We hope you find these suggestions for good security habits useful. There is little doubt that 2019 will bring security challenges to us all. Using security awareness training across your organisation will set in place the seeds of good habits with your staff. Your staff are your best form of defence and encouraging good habits is good security practice.
Security aware staff where being secure is second nature, will help to make sure that your business is cyber-safe in 2019.