4 Cybersecurity Resolutions to Make in 2020 | Vumetric Cybersecurity
Cybersecurity Resolutions 2020

4 Cybersecurity Resolutions to Make in 2020

Share on linkedin
Share on facebook
Share on twitter
Table of Content
    Add a header to begin generating the table of contents

    Technology continues to shift and evolve, and it is critical for today’s organisations to stay on top of changing trends and security issues. Here are 4 cybersecurity resolutions your company should make in 2020 to ensure the security of their data and the integrity of their systems following any potential incidents to come:

    1. Commit To A Zero-Trust Policy

    As part of their 2020 cybersecurity strategy, companies should commit to a zero-trust policy, which means nothing should ever be assumed as secured until it has been proven as such.

    The security of the infrastructures, networks and applications used by the organisation should be assessed and validated by professionals with the help of a Penetration Test or a Security Audit, or both. They should also validate the security of their defense mechanisms, such as network firewalls and web application firewalls, to validate that an attacker could not get around them to perform malicious acts.

    According to recent statistics, less than 50% of cyberattacks are detected by antivirus software. Having a Zero Trust Policy gives companies the peace of mind that their organisation is safe from cybersecurity incidents, and also makes it much easier to comply with any security requirements imposed by potential business partners, providers, or customers in the upcoming year. Performing a yearly penetration test is often a requirement for various standards, such as PCI-DSS.

    They should also consider everything to be a risk, which means limiting user access privilege to prevent a malicious employee from stealing sensitive data, verifying that a user cannot escalate his own privileges to become an administrator. Even well-meaning employees can pose a risk as more than half of data breaches are the result of human error. Networks should also be segmented as much as possible to prevent that an attack could spread to other parts of the organisation.

    2. Educate Your Staff

    The biggest cybersecurity risk for most organizations going into 2020, mainly by its easy-to-perform nature, remains phishing attacks. Increasingly, phishing attacks can appear to be harmless and employees can inadvertently put your company at risk of a damaging cybersecurity incident.

    Companies should provide cybersecurity awareness training for their employees who regularly process emails and should provide clear guidelines on how to deal with these risks.

    This includes:

    • Checking for typos in the websites they visit
    • Never clicking on suspicious attachments
    • Never submitting their password on unknown websites
    • Never using outdated browsers or applications
    • Never clicking on pop-ups
    • Understanding secure vs. non-secure websites
    • Verifying with the IT department when unsure of the legitimacy of a link

    This also includes evaluating the awareness of their employees to the risks of phishing, through phishing test campaigns that replicate real phishing attempts to see how many employees are susceptible to these attacks. This should help them provide evidence of the risks to their employees.

    Employees must also be trained on the use of trusted software and limited on what they can download on their workstations to prevent infection by malware or ransomware.

    Educate your employees about ransomware and be cautious about which employees have access to what. By limiting employee’s access to the programs and platforms they need to perform their tasks, you minimize the risk of a threat that spreads across your organization and causes a disruption in your usual business operations.

    3. Develop A Strong Cybersecurity Strategy

    Another way for organizations to limit their cybersecurity risks in 2020 is with a strong strategy that contains clearly defined policies and procedures.

    Amongst this policy, they should have a defined incident response procedure and some clearly defined steps to follow after an incident. There should also be a software and OS patching policy, forcing the employees to keep their software and operating systems updated at all times. Outdated operating systems and software represent one of the largest vectors of attack used by hackers to gain access to your systems for malicious acts. Most attackers aim to find vulnerabilities within those outdated versions of software and operating systems in order to pivot to your databases or to gain administrative privilege within your critical infrastructure. Some of the biggest incidents in history, such as the Equifax incident, were caused by a lack of software and OS patching, leaving many critical systems and domains unpatched for months and even years, allowing hackers to gain access to their critical database.

    Networks, devices and software used at the enterprise-level should have someone specifically in charge of keeping everything up to date as soon as possible to prevent a hacker from exploiting vulnerabilities within those obsolete versions.

    This policy should also have a set of guidelines for strong password management. Organisations should force employees to use strong passwords, randomly generated by password managers (such as LastPass or KeePass) which should never be used at more than one place in the company.

    They should also set up multi-factor authentication anywhere they possibly can, to ensure that a compromised password cannot allow a hacker to connect into your critical systems. Types of multi-factor authentication include:

    • Passcode sent by text messages (least recommended method)
    • Security questions
    • Two-factor authentication applications, such as Authy.
    • Biometrics such as voice recognition or fingerprints

    These precautions are essential because, according to research, 73% of online accounts use duplicated passwords and once a hacker obtains a user’s password, it can create a “domino effect.” When these companies are breached and these passwords are leaked, they are generally sold on the dark web and associated with your personal information, which becomes yet another vector of attack for hackers attempting to hack into your company.

    4. Take Third-Party Risks Into Account

    With technology becoming more global and diverse, many of today’s companies are utilizing third-party affiliations to meet the demands of today’s consumers. However, research shows that more than half – 59% – of companies experienced a third-party breach, but only 16% said they effectively mitigated them. According to a recent poll, 75% of organizations believe that third-party cybersecurity incidents are increasing going into 2020.

    Organizations should develop cybersecurity strategies, procedures and policies with their various providers and business partners to ensure that their shared solutions have been audited to validate their security. In alignment with the aforementioned Zero Trust policy, a cybersecurity strategy must include third-party risks.

    Determine what needs to be protected, identify what you are legally required to protect, and clearly define who manages the security of each given component used by both parties. Each should agree on measures taken to secure their part so that there no grey zones left unsecured.

    They should also determine an incident response procedure so they know how to react in the event of an attack/breach. These procedures should be clearly outlined and updated when necessary so everyone stays vigilant and updated.

    When possible, organizations should demand that their business partners and providers comply with security standards (Such as SOC, ISO27001, or even their own) to limit the financial impact of a breach for all parties involved.

    Final thoughts

    When it comes to cybersecurity, today’s companies need to be constantly vigilant about risks to their data because of the constant shifts of technology and how quickly hackers adapt to those shifts. Staying ahead of them is imperative to keeping your information and networks safe. Our company specializes in analyzing security risks and determining where your vulnerabilities so you can prevent cyberattacks. Request a free quote today or contact us for more information on how to keep your company safe in 2020.

    Want to know how we can help?

    Recent Vumetric Blog Posts

    Cybersecurity Covid 19 Coronavirus Remote Work
    9 Cybersecurity Best Practices for COVID-19 Remote Workers

    Amidst the coronavirus pandemic, many organizations have opted for remote work for the next following weeks to prevent …

    Cybersecurity Statistics
    20 Cybersecurity Statistics You Should Know

    Cybersecurity has become increasingly important across every industry due to the massive transition to digital operations. Businesses can …

    Benefits of PCI Compliance
    5 Benefits of PCI-DSS Compliance

    Are you thinking of accepting credit or debit cards as a form of payment?  Have you started accepting …

    How to Improve a Website's Cybersecurity
    9 Tips to Improve Your Website’s Cybersecurity

    According to statistics from IBM, the loss of business following a cybersecurity incident averages at $1.42 million, perhaps …

    Importance of Cybersecurity for Stakeholders
    The Importance of Cybersecurity for Stakeholders

    As our world and businesses grow more digital by the hour, cybersecurity becomes an increasingly important concern for …

    Tell us About Your Cybersecurity Needs

    A specialist will reach out in order to:

    • Understand your needs
    • Determine your project scope
    • Provide a cost approximation
    • Send you a detailed proposal
    • This field is for validation purposes and should be left unchanged.
    stay informed!
    Subscribe to stay on top of the latest trends, threats, news and statistics in the cybersecurity industry.
    • This field is for validation purposes and should be left unchanged.