Cybersecurity has never been more critical -- and cybercrime has never been a bigger threat. In 2020 alone, the US Federal Trade Commission received 1.4 million reports of identity theft, up 50% from 2019. Malware increased by 358% and ransomware was up by 435%. The average cost of a data breach? $3.86 million. And, according to the PwC Global Economic Crime and Fraud Survey, 47% of companies experienced fraud in 2020. That's why we compiled a 10 tips to improve your cybersecurity.
Yet despite these staggering statistics, most organizations aren't prepared. IDG revealed in its Cybersecurity at a Crossroads: The Insight 2021 Report that 78% of senior IT and IT security leaders believe their organizations lack sufficient protection against cyberattacks.
With a large portion of the workforce continuing to work remotely, and with increased adoption of mobility and BYOD policies in the workplace, IT teams must be proactive in their fight against cybercrime by implementing technology and procedures that minimize risk and protect their organizations against a possible attack.
Here are 10 useful tips for strengthening your cybersecurity posture.
1. Create a baseline IT asset inventory
If you don't know what IT assets you have, you can't protect them. But keeping track of all the assets connected to the network at any given time is becoming more challenging, given the highly mobile and distributed nature of today's workforce. Gartner reports that 30% of hardware assets are stolen, missing, lost or have otherwise "ghosted." And shadow IT is common in large organizations, as various business units and teams often circumvent IT to quickly deploy hardware and software assets they need. That's why creating a complete and accurate IT asset inventory is a critical first step to any cybersecurity strategy, and why all major security frameworks -- ISO, NIST and CIS -- have IT asset management at their core.
However, IT asset tracking has traditionally involved spreadsheets that are error-prone and become outdated quickly. To ensure your IT asset inventory is up-to-date, accurate and complete, an automated solution for scanning and discovering IT assets, along with in-depth information about those assets, is your best bet.
2. Implement ongoing monitoring of the IT estate
IT assets connect to and disconnect from the network all the time, especially now, with remote working still common for most organizations. It's crucial that IT tracks such assets the moment they connect -- and vulnerabilities can open the door for an attack.
Advanced asset discovery solutions offer credential-free device recognition, to detect and identify rogue and unknown assets, eliminating blind spots across the IT estate. This is particularly important as employees connect work computers to home networks, where a variety of unprotected personal and IoT devices can serve as gateways to malware or fraud.
3. Stay on top of updates and patches
Outdated software or operating systems can be vulnerable to various types of cybersecurity threats, so it's critical to make sure your systems receive all necessary updates and patches to keep your network safe. A comprehensive ITAM solution will provide information about software versions and vulnerabilities, enabling you to quickly identify machines and devices in need of an update or patch.
4. Secure employee devices against malware and ransomware
By the end of 2021, businesses will be targeted by a ransomware attack every 11 seconds. And Verizon found 94% of the time, malware arrives on computers by way of employee emails. While you're pushing out patches and updates to connected devices across the network, it's critical to ensure all employee devices -- laptops, mobile phones, tablets -- have the most updated malware and antivirus software installed.
5. Keep hardware up to date
Hardware doesn't last forever, and old devices and services probably don't have the most recent security upgrades. What's more, hardware failures cause 53% of all data loss and system downtime. With information about your hardware assets and warranties available in your IT asset inventory, you can take rapid action to repair or replace outdated or damaged hardware, before they pose a risk to the organization.
Get Your Hands on the Latest Network Reports for Free
6. Analyze IT asset data for user insights and reporting
It's one thing to know what assets you have; it's another to be able to mine that data for actionable insights. An ITAM solution that offers intuitive dashboards and customized reporting can help you track patch status, vulnerability exposure, security compliance and more. And the more data the better. Look for solutions that provide granular data about all of your IT assets beyond device type -- hardware specs, installed software, user details and more.
7. Control access to data and applications
Access control is an essential component of cybersecurity that enables IT to dictate who within the organization has access to what resources. An employee who gets hacked can unwittingly be the gateway for a fraudster to get into the corporate network -- and if controls aren't strict enough -- access sensitive and confidential data, such as customer data.
As each point of access poses a risk; limiting employee access to only the data they need to do their jobs is an essential best practice. With strict access control policies such as multi-factor authentication in place, organizations can ensure people are who they say they are, and prevent unauthorized access to physical and logical systems. Again, having that IT asset inventory that includes user data can help you ensure all the right controls are in place.
8. Backup data in the cloud
Data loss and corruption can result from a security breach, so it's critical to perform ongoing backups. The cloud is a great option for data backup, because it offers unlimited scalability and eliminates additional infrastructure costs. The cloud offers predictable storage costs and eliminates downtime, as data from the cloud can be instantly accessed and restored, ensuring business continuity.
9. Have a solid incident response plan in place
An incident response (IR) plan is the best way to ensure rapid corrective action following a cybersecurity incident. A good IR defines measures and actions staff should take following an attack or breach, and helps coordinate resources to quickly restore operations.
Your IR plan should define roles and offer step-by-step technical instructions for how to fix the vulnerability, assess the damage, restore any lost or damaged data, and document the incident. Having everyone aligned on a plan of action -- with access to a central data repository so everyone's working off the same information -- will minimize the impact of an incident and protect the business from unnecessary damage and costs.
10. Educate employees
Perhaps the best defense has less to do with technology and more to do with vigilance on the part of people within your organization. But most people don't know how to identify a threat, and don't recognize a fraud attempt when they see one. For instance, 28% of employees lack confidence in identifying a phishing email. By educating them about the dangers of cyber threats, what to look for, and how to report a possible attack, you can mitigate risk and reduce incidents, and ensure everyone in your organization keeps cybersecurity top of mind.
The first step to cybersecurity
Lansweeper is leading the IT asset management software market, helping organizations minimize risk and optimize IT with complete visibility and actionable insights into their IT estate. Learn more about how Lansweeper can help you build and maintain a complete, up-to-date and accurate IT asset inventory to support your cybersecurity initiatives.