As cybercriminals and cyber threats—as well as cybersecurity—all continue to evolve, the list of ways to protect your company could number into the thousands. But for now, to avoid putting you to sleep, we’ve compiled just a few guidelines for protecting your company and your employees.

Here are Avalon Cyber’s seven tips to help keep your network safe:

1) Get password management software. 

Weak passwords or reusing the same credentials for multiple systems or services are a cybercriminal’s dream. But trusting all your employees to create strong ones (and then actually remember them) could be asking a bit much. Think about investing in password management software to do the work for everyone. There are several password management software applications and platforms, which can assist you with this important task that are user friendly, work on a variety of platforms and devices, and generate and store passwords securely, so users don’t have to create or remember them on their own.

2) Install and update antivirus software regularly. 

By now, you’re probably sick of us preaching about needing many lines of defense against today’s sophisticated cybercriminals, but we do want to stress that it’s still important to have good ol’ antivirus protection. Many antivirus systems detect problematic behavior by programs and, although even the most up-to-date systems can fail you, they are far from worthless and should still be your first line of defense. BUT… you do need more than just AV software to secure your network and should strongly consider adding other endpoint protection technologies, such as Avalon Cyber’s KnightVision MDR, which actively monitors behavioral events at the endpoint level, 24/7/365.

3) Develop and implement a robust information security program.

Having a good information security program that includes training and continually educates employees and end users about good and bad security behavior can significantly reduce that threat to your business. Your program should discuss security policies, system and data identification, incident response planning, configuration management, training and awareness, disaster recovery, and many other critical elements.

4) Understand your weak spots.

It’s crucial to understand the weak spots in your defenses before potential attackers do. The first step in any cybersecurity strategy is to find out where you stand right now, which is why you should begin your plan with a full corporate risk assessment, including a vulnerability assessment and penetration test. (Be sure to perform these tests at least once annually to test the health and welfare of your IT environment.) Cybersecurity experts will analyze your current technology, processes, and personnel awareness and compliance with those processes. They will then deliver the results in a comprehensive report that you can understand quickly and thoroughly, with the risks articulated and ranked clearly by order of criticality.

5) Secure your corporate network’s remote user access.

Do not allow an unsecured default Windows remote desktop protocol (RDP) allow users or third-party vendors to connect to your corporate environment. This connection protocol can be fine to use within the network, but it is extremely dangerous to have RDP open to external users. Instead, use an up-to-date virtual private network (VPN) connection protocol with encrypted tunnels to connect remote users and third-party vendors that need secure access to your data and resources. Incorporate a two-factor or multi-factor authentication (2FA or MFA) process into your security program for additional authentication protection.

6) Invest in a Managed Security Service Provider

Today, it’s not a matter of if a cyberattack will happen, but when. And, unfortunately, most data breaches go unnoticed for several months, allowing the attacker plenty of time to scoop up sensitive data. The average number of days from the time the cybercriminals gets in your network, until the time someone discovers them is 191 days. Subscribing to a Managed Security Service Provider (MSSP)—a company that will monitor and manage security devices (such as firewalls, servers, intrusion detection systems, and VPNs) to protect your digital infrastructure and user endpoint devices (such as laptops and desktops)—will greatly reduce and mitigate your losses in the event of an attack. MSSPs use state-of-the-art technology to monitor your systems for malicious behavior and dramatically reduce the detection and response time.

7) Keep your leadership involved.

Dedicate a team of people—including your CEO and other C-suite executives—to understanding your security posture and evaluating your ability to keep up with the latest security trends. Cybersecurity needs to be a top-down approach and every level of your organization needs to be focused on this problem. Even if you’ve outsourced a big chunk of your cybersecurity measures to a MSSP, for example, Avalon Cyber, it’s still important that you pay attention to the consequences of adopting new technology, the causes and costs of a data breach, and the details of your incident response plan.

If you have questions or would like to discuss any of our cybersecurity services, please contact us anytime!