In 2018, Microsoft’s Security team analyzed more than 6.5 trillion security signals a day to identify security trends. Prevention, detection and response were highlighted, but since an ounce of prevention is worth a pound of cure, these four prevention recommendations should be on your radar.
- Security Hygiene
Security hygiene and configurations are designed to protect your assets. Running up-to-date software is crucial, especially on operating systems, anti-virus software, email, and internet browsers. Also important: creating a backup program, using software only from trusted sources, securing privileged administrator accounts, and using a secure email gateway with advanced threat protection capabilities to help guard against phishing attacks.
- Access Controls
Access controls regulate who or what can view or use organizational resources, so implement Multi-Factor Authentication (MFA) across the board. Apply least privilege principles, segment your network, and remove local administrator privileges from end-users to reduce potential cyberattack damages. Restrict downloading privileges and limit application downloading to only reliable sources.
- Backups, Backups, Backups!
Critical systems and data must be backed up regularly. Up-to-date and easily accessible backups can nullify a ransomware attack. Follow the 3-2-1 rule for backups: have 3 copies of your data, including 2 copies on different media types (USB, external hard drive, cloud, etc.) and 1 copy offsite.
- Employee Training and Awareness
Employee security awareness and training is the best cyber risk mitigation technique you can implement. For example, Microsoft reported that inbound phishing emails increased 250 percent in 2018! Train your employees to recognize phishing emails, especially those that request sensitive information or ask them to click on a link or open an attachment. One easy way to ensure something is authentic is to ask your IT team to verify it before proceeding. Additionally, instruct your employees how to report suspicious email requests, so your security team can investigate them. Finally, training your employees on ransomware, data safeguarding, and other social engineering techniques can give you and your organization the advantage when it comes to preventing a data breach.