Top 16 Cybersecurity Best Practices for 2020

As we reach the end of 2019, it’s time to look back and reflect on what has changed over the past year in the world of cybersecurity – and what that means for 2020.

Of course, the whole problem with cybersecurity is that the bad guys are actual professionals. While you’re spending your time at the office drafting proposals, delivering great service, chasing down leads, and filling out paperwork, pro cybercriminals are spending their time “at the office” coming up with new ways to hack into your systems, infect you with ransomware, and steal your business data, so they can sell it off to the highest bidder on the dark web.

Unfortunately, this means you’re likely to always be a step behind the bad guys – which is why it’s important that we all pay attention to the latest cybersecurity news and adjust our security strategies accordingly. That way, we can keep all the bases covered.

With that in mind, here’s the quick list of the top 16 IT security best practices we all need to focus on in 2020(so far).

Keep an Eye on Cloud Security

At this point, all the experts agree: the cloud is secure. However… you or your staff may be using it in an insecure manner, which means you’re overriding all of the cloud’s built-in security.

Does this sound like a cop-out to you? Yeah, it actually sounds like a cop-out to me too, but this is the logic I hear all the time from cloud vendors.

Whenever your data is lost or stolen from cloud services, the vast majority of cloud vendors will blame your security practices for the problem – and maybe they have a point. After all, since you stand to lose the most if something happens to your data, you should probably do your best to personally keep a close eye on it.

In practical terms, this means you should:

1. Integrate your cloud data and applications only with verified, secure add-ons, and make sure your cloud service integration points (with other cloud services) are tested and verified by each vendor.
2. Stay in the know about what data you have, the current data laws such as the CCPA, and your data responsibilities.
3. Only collect and retain business data you need because the less data you have, the less you have to lose.
4. Back up your data regularly, including your cloud data. Businesses of all sizes often forget to back up their cloud data using a cloud-to-cloud backup service, but that’s a big mistake because you can’t trust the cloud vendors to handle your backups properly. While you’re at it, make sure you test all your business backups frequently – you want to make sure they work when you need them to.

Quick tip for 2020: Cybersecurity experts have identified a few software supply chain risks in which auto updates have sometimes been poisoned with malware. When you back up your data properly with a business continuity solution, you can rewind your systems back to before a poisoned update, if need be.

Don’t Become the “Big Phish”

Spear phishing and targeted ransomware attacks continued to be a big problem in 2019, which means malicious hackers were taking the time to seek out the “big fish” in terms of business data access. Your company’s big fish are probably people like your IT administrators and the C-Suite, who may maintain full administrative access to all your systems. If so, cybercriminals could phish those users to tap into 100% of the data at your company.

Scary stuff.

To protect against this happening to you in 2020, you should:

5. Spread data access out across multiple IDs, instead of having one or two employees with full access to all data. Best practices recommend having a named account for each end user that accesses data anywhere – and to avoid giving any one superuser all the “keys to the kingdom.”
6. Use unique, hard-to-guess passwords for each account, change your passwords often, and use a password manager like Dashlane to keep track of all those impossible passwords.
7. Ensure that you’re watching your systems 24/7 with network monitoring that can identify weird logins (such as a login from Russia, when none of your staff is there) or repeated failed access attempts that could suggest a hacker trying to break in.
8. Train every person on your staff to identify and avoid phishing attacks and Business Email Compromise (BEC) attacks. In fact, since your staff will always be your last line of defense against a determined cybercriminal, it’s a smart idea to focus on end-user security education for every member of your company – and to make sure your training program includes practicing with simulated phishing attacks.

Tie Up Loose Ends

Take a second to look around your desk. Really, take a second – and then come back to this article because I’ll have a question for you as soon as you return. Ready? Here’s the question: While you were looking around your desk, how many times did you think, Oh no! I still have to take care of that! or Did I ever follow up on that? Better check.

These days, business runs at such a darn fast pace that it can feel like there are a million things flying at you at all times. Multiply all the loose ends you need to tie up by all the loose ends your staff needs to tie up… and then add on all the loose ends in our personal lives (Do I still need to take advantage of my end-of-year vision benefits? Did I pay the cable bill? I forgot to buy a present for Great Aunt Judy!)… and suddenly it seems kind of amazing that anybody gets anything done at all!

To avoid all those loose ends leaving you open for business cybersecurity attack, you’ll want to:

9. Close off open access ports for old websites, test sites, old logins and online accounts, old apps, and old tech (a network vulnerability scan provides quick answers on a lot of this stuff).
10. Limit mobile device access to your secure business network, and that includes limiting IoT access
11. Prevent email-borne malware attacks by using Advanced Threat Protection for Microsoft Office 365.
12. Make sure you have the ability to remotely wipe sensitive company data on stolen or lost mobile devices.
13. Invest in a Managed Detection and Response (MDR) service, which provides for faster, more agile threat response from a dedicated, cybersecurity-focused team that watches your systems 24/7. Antivirus and patching, while still extremely important, simply aren’t enough for effective security in 2020 – MDR goes above and beyond to meet your modern security needs.

Understand Your True Risk

Okay, so maybe you’re thinking you don’t really need to do all this because your company is small. Hackers don’t care about you. Well, that’s another trend that IT security experts identified this last year: most smaller companies work with larger companies, which makes small companies’ IT systems a potential backdoor into larger companies’ systems.

Remember how it worked with the Target cyberattack, way back in 2013? In the aftermath of that massive breach, analysts found that the cybercriminals had used the compromised systems of one of Target’s smaller business providers, an HVAC company, to leapfrog into the larger company’s systems.

Avoid becoming a stepping stone for large business partners. Instead, keep a close watch on your cybersecurity in 2020 when you:

14. Work with a Virtual CIO, also known as a CIO On-Demand, which is a service that leading Managed Services Providers (MSPs) offer. A Virtual CIO meets with your leadership team regularly to make sure you’re knowledgeable about the latest IT security tactics, and also to help you make sure your technology supports your business strategy.
15. Practice, plan, and prepare for every possibility. Make business continuity plans to keep your company running in the event of a disaster, train your staff to follow through on those plans, practice for success and, again, perform regular backups, including cloud-to-cloud backups. (Seriously, backups are really important!)
16. Stay up to date on the latest cybersecurity news, so that you know where new threats are coming from, what the new tactics are, where the most recent breaches occurred, and if any of these details affect you and your company.

Choose the Easy Way to Protect Your Business in 2020

As I mentioned earlier, today’s cybercriminals are professionals and they spend their working hours devising new ways to break into unsecured systems. They may specifically target your company as a way to get to a larger company, they may see your company as the “big phish,” or they may decide to steal your data simply because they can. Either way, your job is to keep cybercriminals out of your systems, so you can protect your business.

But… as you and I both know, cybersecurity protection isn’t actually your job. Your job has a thousand-and-one facets, only one of which is IT security. And that means you probably don’t have the time to keep up with every single one of these 16 tips and best practices, every single day.

However, it is our job.

For nearly 20 years, the IT security experts at Interplay have kept Seattle business leaders like you safe from cyberthreats and malicious attacks around the clock. We’ve provided backup and business continuity services that rescued a decade of data from ransomware, and we’ve helped out at all hours to solve tricky tech issues like crashed email and lost files. When our clients needed hands-on help, we’ve rolled up our sleeves and fixed the problem, so our clients could get back to work quickly.

Most importantly, Interplay wholeheartedly agrees with you that your business also deserves this level of high-quality cybersecurity protection in 2020.

 

Check out the in-depth guide to get all the facts on how a Managed Service Provider like Interplay can protect your business from today’s cybersecurity risks.