2018 was a big year in security. New privacy laws were implemented (GDPR in Europe and PIPEDA in Canada) and 2018 had the second greatest number of reported data breaches in a year since 2005. Some of the major data breaches that happened this year include those that affected airline Cathay Pacific, Marriott hotels and Facebook. With 2019 coming up, many organizations will be looking to see how they can take their security to the next level. To help your organization get cyber ready for the new year, here are 7 security resolutions for 2019.
7 Security Resolutions for 2019
1. Manage local admin passwords: Local administrative accounts are privileged accounts that allow access across your network. These accounts often have easy-to-guess, default passwords that are the same across all the machines in your network This means that if a hacker is able to get hold of your local admin account, they can move freely across your network. In order to protect yourself, you need to either disable these accounts or make each local admin password unique. If you haven’t already done this, now’s a good time to start.
2. Adjust your social media privacy settings: Social media has become an integral for businesses to market themselves and reach out to their customers. However, social media can lead to great security risks. It’s important for businesses to adjust their security settings on their social media accounts. Limit access to your accounts and disable auto location tracking. You should be in control of your social media accounts, not the other way around.
3. Secure remote devices: Working remotely helps business productivity but it is also a security risk. Research has found that a third of cyber attacks are a result of unsecure remote working. Businesses need to ensure that employees are taking the proper precautions when they are working remotely. All remote devices should include endpoint security with anti-virus and firewalls. The new year might be a good time to re-evaluate your BYOD and remote working policies.
4. Implement Zero Trust security model: “Never trust; always verify” is the motto of a Zero Trust model. This means that nothing in your network (including users, devices, servers, etc.) should be trusted until you can verify its identity. Implementing Zero Trust requires a shift in how your organization thinks about security. Start by assessing your devices and data and adjust your security controls appropriately.
5. Limit privilege access: According to Forrester, 80% of security breaches involve privileged credentials. Limiting your local admin privileges is important, and one way to do this is to use least privilege access. Least privilege is the practice of restricting access rights for users and accounts. Make sure that you are limiting access to only those who need it.
6. Use a comprehensive prevention system: Hackers will be looking for any weak spots to exploit your vulnerabilities. It’s important to be one step ahead by protecting every layer of your organization. This includes using advanced security technology, like a SIEM system, to monitor your environment for threats.
7. Boost your security culture: 95% of organizations say their current cybersecurity environments are far from the ones that they would like to have. The new year is often a time for fresh starts, so why not improve your cybersecurity culture? Start the new year by educating your employees with cyber awareness training or with a cybersecurity assessment from our Consult IT team. It’s never too late to start protecting your organization.