In the ever-evolving landscape of cyber threats, we’ve gathered insights from CEOs and COOs on bolstering your organization’s digital defenses. From utilizing authenticator extensions to integrating a Phish Alert Button, explore the diverse strategies in our compilation of fifteen effective cybersecurity measures. How do you tackle cybersecurity challenges in tech?
- Utilize Authenticator Extensions
- Promote Cybersecurity Awareness
- Communicate Threat Information
- Empower Department Heads in SaaS
- Train Staff in Cybersecurity Awareness
- Cultivate a Security Champions Network
- Partner with Managed Security Service Providers
- Limit Public Data Access
- Measure Cybersecurity Program Maturity
- Implement Robust Anomaly-Detection Systems
- Choose a Proactive Compliance Framework
- Invest in PR for Crisis Management
- Enforce Rigorous Role-Based Permissions
- Secure Websites with SiteLock
- Integrate a Phish Alert Button
Utilize Authenticator Extensions
We at Continuity2 make use of the Authenticator extension on Chrome every time we log into websites. This security measure ensures no one can access sites without unique codes that change every 30 seconds, and to set up the authenticator, you must be invited to the site. It’s a handy cybersecurity measure!
Also, a security measure that every business should take part in is monthly patch updates. We make use of automation to smooth out the process and identify areas that need work. We also have our team go in and do timely testing and deployments to ensure we are fully protected.
The last security measure I’ll mention is using the principle of least privilege (PoLPs). This ensures everyone has access to what they need but also prevents access to areas that aren’t needed for each role. Having this measure in place helps protect all levels of the business from cyber threats, as not everyone has access to everything, meaning in the event of a potential breach of an employee’s account, your business won’t be fully exposed.
Promote Cybersecurity Awareness
We’ve done a few things. Two-factor authentication for all our major platforms is one of them. Using a vault-password system is another. We’ve got regular cybersecurity training that the team all have to complete each month—these are short videos, but very informative and a good reminder for the team.
Of all these things, I think awareness is the most effective tool for cybersecurity. Awareness means people are more inclined to use strong passwords and 2FA because they understand both the prevalence and dangers of hacking, phishing, and other threats. If you make people WANT to protect their data and business data, then they will be much more likely to diligently use the security tools available and to pay attention to red flags.
Communicate Threat Information
I know you’ve probably heard this multiple times over the years, but cybersecurity starts with awareness. This means that if my staff encounter a threat or suspect something is risky, then I disseminate the information to everyone who would be affected by it.
I would say that communication is key to cybersecurity. Meaning, if I encounter a cyber threat and just keep it to myself, then the experience is smothered, and no one will benefit. But if I make sure all relevant staff are notified, then my technology organization would be safer in the long run. This has proven to be effective in various cases at my organization through the years.
Empower Department Heads in SaaS
Giving autonomy to department heads for manual SaaS user deprovisioning allows the saved budget to be absorbed into their own. This enables us to avoid the headaches of deprovisioning for non-SSO-enabled tools.
Train Staff in Cybersecurity Awareness
Most cyber breaches happen because people are tricked by cybercriminals, and they are only tricked because they are unable to spot the cyber scams and don’t know how to deal with them.
So the best thing you can do is train your staff to be cyber-security aware! It’s not expensive; it’s easy to get started as there are plenty of online resources, and you want to keep building knowledge and suspicion over time.
Ideally, you want to work towards a culture of cyber-security awareness, where staff are constantly informed (with small, bite-sized chunks of engaging initiatives), and they question things automatically.
Cultivate a Security Champions Network
An offbeat but impactful cybersecurity measure I took care of is cultivating a Security Champions network within the organization. Instead of relying solely on dedicated cybersecurity teams, we identified and empowered individuals across various departments who showed an interest in cybersecurity.
These champions served as advocates, helping disseminate best practices, identify vulnerabilities, and promote a culture of heightened awareness. This offbeat approach not only decentralized the responsibility for cybersecurity but also created a more organic and collaborative defense against potential threats.
The unexpected positive outcome was a cultural shift where security became a shared value, woven into the fabric of our organizational mindset rather than a task confined to specific teams.
Partner with Managed Security Service Providers
We’re actually investing and working with Managed Security Service Providers. For startups, using managed IT services is a smart way to quickly lower the risks of cyberattacks. It’s really important to have IT security experts. But for startups like us, it’s challenging and expensive to hire, train, and retain IT security staff.
So, a good solution for us is to work with Managed Service Providers (MSPs) or Managed Security Service Providers (MSSPs). I can tell you, teaming up with these providers gives smaller companies a cheaper option to make sure they’re ready to handle modern cyber threats.
Basically, MSPs and MSSPs really help small and medium-sized businesses by putting in place strong security measures that perform regular tasks automatically, like blocking spam. This frees up our team to focus on other important things, like improving our business, coming up with new business ideas, and increasing our profits.
Limit Public Data Access
As the COO of a tax consulting firm, I have seen what can happen when preventative cybersecurity measures are not in place. Since our clients entrust us with their sensitive financial information, it is critical that we prioritize cybersecurity to protect them and our business.
One of the most important cybersecurity protocols is to limit the data that is accessible to the public. By only giving access to necessary information, we significantly reduce the risk of data breaches. Additionally, we have implemented regular software updates and security patches to ensure that our systems are up-to-date with the latest protection against threats.
Measure Cybersecurity Program Maturity
The most effective measure to implement within your cybersecurity program isn’t a tool or a technology. It’s a process around how you measure the maturity of your program. Understanding where your gaps are and measuring that against your organizational risks is the most effective way to understand how to build the roadmap for your program.
Most breaches occur not because of a failed implementation of the latest, greatest security buzzwords, but rather due to a lack of oversight of the basics.
If you don’t have a security framework that you are using today to help measure the maturity of your organization, I would recommend looking into one of the standards that already exist through either ISO or NIST as a starting point. Don’t boil the ocean by trying to understand or implement all of the standards, or make your life more difficult by trying to create your own from scratch. Review the standard, identify controls that you feel are most relevant for your organization, measure, improve, raise the bar on your goal, and repeat.
Sam Masiello, Enterprise Chief Information Security Officer, The Anschutz Corporation
Implement Robust Anomaly-Detection Systems
When your company handles petabytes of data, privacy is paramount. Now, I have tried countless security measures, but there is one that has had the best results of all: a robust anomaly-detection system. This cybersecurity measure alone has proven instrumental in safeguarding our organization’s sensitive information.
This sophisticated solution operates seamlessly, continuously analyzing vast datasets for deviations from established patterns. By doing so, it swiftly identifies abnormal activities that might indicate a security breach. It enables us to address potential threats before they escalate, mitigating risks and ensuring the integrity of our data.
The best part? Most anomaly-detection systems operate in real-time, providing timely alerts when suspicious behavior is detected. This instantaneous response capability empowers our cybersecurity team to take swift action, enhancing our overall security posture.
Choose a Proactive Compliance Framework
Proactively choosing a compliance framework (SOC 2, for instance) is a great way to kick-start cybersecurity initiatives. Not only does it come with great branding value, but it also forces the organization to think hard about a number of topics that could easily be left to a later date. This proactivity is a good way to manifest the basics of a cybersecurity program.
Invest in PR for Crisis Management
We put a lot of effort into proactive cybersecurity and data-breach management by putting resources into a capable PR and crisis-management team or agency. In my experience, a data breach or a cybersecurity problem can seriously damage how others see us. In fact, most folks become wary of giving their private information to a business that’s experienced a data breach. This sort of situation can result in losing customers and money, even long after it’s resolved.
To minimize the possible harm, we should consider hiring a public relations company or a crisis manager. They can assist us in managing any negative publicity and working on restoring our positive reputation.
Enforce Rigorous Role-Based Permissions
Given the intimate customer conversations and occasional financial details traversing our platform, we maintain rigorous role-based permissions. Support reps only access specific mailboxes to fulfill immediate requests. Broader analytics teams analyze aggregate usage trends anonymously. And privileged approvals temporarily allow targeted troubleshooting by our engineers if abnormalities arise in message flows.
Ongoing identity verification via MFA and geofencing provides additional friction, ensuring authenticated access aligned to job functions. And immutable data logging creates full accountability, tracing any potential system queries.
Secure Websites with SiteLock
We have recently implemented SiteLock on our website, and I believe it was a step in the right direction. With cybersecurity becoming increasingly important, there are numerous hacker attacks on unprotected websites, posing a significant threat to an organization’s website. If your website is not secure, you should consider implementing security measures to safeguard your website from malware and other cyberattacks.
Integrate a Phish Alert Button
We’ve implemented many cybersecurity measures in the last couple of years. However, one has shown a significant difference in changing behaviors toward cyber threat identification and reporting. We’ve implemented Security Awareness Training to educate our team on established and emerging threats, what the red flags are, and the appropriate actions to take toward each. We coupled this with a Phish Alert Button integrated into Outlook to press on any email or communication that seems suspicious, which alerts our IT team to the possible threat for further investigation.
In addition to this, there are simulated phishing emails that go out to staff, and we’ve run monthly contests with prizes for those who have spotted and reported the most fake phishing emails. We are also sending out a security-focused email newsletter that shows a baseline for how many team members are falling for the fake phish attempts and how many are reporting them.
Between the contest prize incentive and the monthly reporting, we’ve started to see more users reporting phishing attempts and fewer people clicking where they shouldn’t—a quantifiable change in security-aware behavior!