Page 53 - Cyber Defense eMagazine for August 2021
P. 53

•  Regularly check and update your firewall configuration settings to ensure complete protection and
                   efficient performance.


            2.     Network Password Protocols
            Passwords are like the key to your home. Just like you wouldn’t leave your house key lying around, don’t
            be careless with your company’s password management. Try these tips:

               •  As many as 81% of business data breaches are due to poor password protocol, so it's important
                   to effectively manage this risk.
               •  Strong passwords, of 8-12 characters and containing a combination of uppercase and lowercase
                   letters, numbers and symbols, can go a long way toward minimizing the risk of a cyber attack.
               •  Don’t allow weak passwords, such as "12345" or "password1" and words from the dictionary or
                   patterns of numbers or symbols.
               •  Always  require  the  use  of  different  passwords  for  each  account  and  service.  A  trustworthy
                   password manager can be utilized if needed.
               •  Enforce strong password safety measures on company mobile devices and laptops.
               •  Incorporate rolling updates to prompt users to change passwords either monthly or quarterly.
               •  Also update relevant passwords when a personnel change occurs.
               •  Require multi-factor authentication to provide two or more levels of security.


            3.     Patching and Updates Maintenance

            Patching and updates maintenance is an incredibly important part of your cyber risk protection. New
            vulnerabilities in software files and systems may be discovered regularly. Patches published to fix the
            bugs can occur as often as once a day, so managing this process is key:

               •  Conduct a comprehensive inventory of devices, OS versions and applications. Forgotten systems
                   and devices can lead to neglected updates and the risk of a successful attack.
               •  Determine how often critical services are patched and updated and look for ways to minimize risk
                   from unpatched vulnerabilities.
               •  Monitor  for  new  patches  and  vulnerabilities,  and  ensure  a  process  is  in  place  for  testing,
                   configuring and rolling out fixes.
               •  Audit your patches to ensure your administrators are aware of any failed or pending patches that
                   may be critical.

            4.     Phishing Awareness Training
            Many workers know they should avoid a suspicious email but spotting today's most common phishing
            tactics is getting more difficult.

            Recent tricks include:
               •  Send an invoice
               •  Request a password reset
               •  Request to update payment info
               •  Prompt to click a download link






            Cyber Defense eMagazine – August 2021 Edition                                                                                                                                                                                               53
            Copyright © 2021, Cyber Defense Magazine.  All rights reserved worldwide.
   48   49   50   51   52   53   54   55   56   57   58