Timely patching is the key to an effective cybersecurity strategy. But what is a patch and what does it do? A patch is a piece of code that a vendor, such as Microsoft, sends to correct an operating system or software program problem.
Over half of breaches occur because a “known” vulnerability was not patched. Think about that. Microsoft informed you of an issue, provided a fix and you didn’t act. We’re all guilty of it. But now you know. To ensure timely patching, audit your software programs. Once you have inventory oversight, create a consistent and repeatable process to update systems with new patches as they’re released.
Do you want to fight cybercrime? Teach your staff to avoid phishing scams — and that’s phish with a “p.” Phishing is when a fraudster uses deceptive emails and websites to steal personal data or information. It’s estimated that 90% of successful cyberattacks start with a phishing attack. Hackers make messages look like they came from colleagues and can include personal information pulled from out-of-office messages or social media.
So how can you fight back? Education! Some tools such as Office365 allow you to “phish” your employees. If an employee clicks or taps on a link, make sure you incorporate learning so they know they’ve been phished and what to do next. This will help your staff identify suspect emails, potentially saving your organization from financial or reputational loss.
3. Assess your cybersecurity risk
With cybersecurity, knowledge is half the battle. One of the best ways to strengthen your firm or organization’s cybersecurity program is to assess your cyber risk. Start by talking to your leadership. Find out what data they value the most. Next, determine the location of the data. Is it at a vendor or in your data center? On which server does it live? Is it backed up? Once you know this information, you can assess common attack vectors used to target such data.
THEN, you can get to the DOING! Determine what controls exist, if those controls apply to the highest risk areas and what new controls you could institute.
Another tip: See if you even need the data! Companies often maintain data they no longer need. Again, knowing is half the battle.
4. Use multi-factor authentication.
Did you know that there’s a readily available tech solution that could prevent almost 80% of breaches? It’s called multi-factor authentication, or MFA, and only half of organizations use it. MFA is a security system that requires multiple forms of verification to authenticate a user. Have you tried to log in to your bank account from a new device? When you have to enter a security code sent to your phone, that’s MFA. It creates a layered defense, so even if an attacker hacks through one barrier, you’re still protected.
MFA is an easy and effective way to ward off potential cyberattacks. Talk to your IT professionals and executive leadership about why they should invest in MFA to protect their most important systems.
Remember that a failure to perform simple safety measures such as the ones Joel provided is one of the biggest reasons organizations become cyberattack victims. With the four above tips, you’ll take a few small but crucial steps toward protecting your company or firm from extreme financial and reputational loss. Do you want more cybersecurity tips? Register for our “Cybersecurity in 2020: What you need to know” webcast on Nov. 8 at 10:30am ET and earn 1 free CPE credit while you supplement your cybersecurity knowledge.
Mballa Mendouga, Communications — Manager, Corporation Social Responsibility & Campaigns, Association of International Certified Professional Accountants
Related Stories
- ICYMI: Five things you need to know about cybersecurity
- Is the spookiest item on your calendar a networking party?
- The 5 flames that motivate your people
Originally published by AICPA.org
