For many organizations, managing cyber risk can feel like an uphill battle as it’s difficult to know where to begin. If you’re facing a long list of security actions and struggling to prioritise, you’re not alone. That’s why we’ve identified 5 practical, high-impact steps designed specifically for organizations to help prevent the worst from happening. By focusing on these 5 actions, you can see an immediate improvement in your posture.
Enable MFA: An email and a password are not a secure way to log in. The standard best practice is to have MFA (multi-factor authentication, also called 2FA) enforced for all logins that allow it. Insurers and auditors expect this to be in place.
Identify privileged users: You should know who has privileged access to the network AND who has access to sensitive or regulated data, why they have that privilege, and the additional training and security measures (such as MFA) they have in place.
Plan crisis management: You need crisis management plans in place for when (not IF) you experience a cyber incident. Users need to know what is safe, leaders need to know who is responsible for communication, and technical teams need to have a playbook for bringing systems back online.
Protect your backups: Your backups are your most precious asset and your safety net, and a target for threat actors. Ensuring your backups are stored away from the primary network, encrypted, and only accessed by users with unique credentials and MFA will help prevent them from being compromised.
Train your users: Your biggest vulnerability is likely in your users. Threat actors rely on human error and misunderstanding to make their most impactful attacks. They would rather manipulate your people than hack your technology. The only defense is to train your users regularly and ensure they are prepared to navigate the current cyber risks.