Cybersecurity Best Practices

Cybersecurity is a trendy topic these days, and following best practices is essential not only for small businesses but also for home users. But which should you be following?

Before we get to that, there are a couple of things we need to sort out. First, the field of cybersecurity is quickly growing because cyberattacks are increasingly common and very costly. In 2020 we saw corporate cyberattack complaints as high as 4,000 each day, a 400% increase from the previous year. With these attacks having the potential to cripple businesses, not protecting against them can cause many, but especially small businesses, to fail.

Secondly, because cyber criminals employ bots – an automated means of conducting cyberattacks – everyone who uses a device connected to the internet is a target. Every piece of your information has value to these cybercriminals, from email addresses to credentials to financial information. Some are looking to collect this information and sell it, while others intend to use it for financial and identity fraud.

Best Practices Trendy Topic

In addition to following these best practices to keep employers from potentially going out of business, doing so also serves personal self-interests. That being said, you don’t need to be in the field of cybersecurity to be secure and follow these best practices.

With that in mind, here are 3 Cybersecurity Best Practices.

Best Practices Admin AccountAdmin Rights on User Accounts

This is one of the most significant issues we still see both in small businesses and for home users. Every person who uses a computer should have only user rights, with a separate admin account.

Because admin accounts have full rights to the computer, accidentally clicking on malware gives it full access to your computer. On top of this, admin accounts can bypass antivirus and other security measures, making code insertion and other efforts to take control of the computer far more likely to succeed.

The primary reason people want to use admin accounts is for convenience, but it’s not worth risking your security. Besides, current computer operating systems prompt user accounts to enter the admin password when attempting everyday tasks such as software installs. So there simply is no good reason to use an admin account as a user account, in business or at home.

Use 2-Factor Authentication

Even strong passwords are not enough. With cybercriminals continuously attacking individuals and organizations seeking personal data, passwords are among the most valued commodities on the dark web. Millions of breached passwords are bought and sold every day. It is such a big problem that Have I Been Pwned – a website that allows you to check if your email address has been involved in a data breach – is now offering spinoff sites called Pwned Passwords that specifically determines if a password you’re using has been involved in a data breach.

By requiring a second form of identification to go along with your strong password, 2FA helps keep you secure if your password has been breached.

Best Practices 2FA Image

To put this in perspective, the recent Colonial Pipeline ransomware attack happened because a cybercriminal purchased a group of breached passwords on the dark web that included one of their unused accounts. Had the company required 2FA, that attack almost certainly would have been thwarted. This one security protocol could have saved the company 4.4 million dollars and prevented a gas buying panic on the east coast of the United States.

Embrace Zero Trust

A relatively new concept is a mindset of not trusting people or technology to be secure enough on their own. It includes everything from changing default user names and passwords on devices to establishing a secure guest network for visitors to installing antivirus and checking for security updates.

Best practices zero trust imageOne of the vulnerabilities that get exploited the most by cybercriminals is awareness. Phishing emails are one example of this, but they also include cybercriminals using default credentials to take over camera systems and taking advantage of old, pirated, or custom software. Therefore, never trust that the devices you purchase are secure enough, be skeptical of any email, text message, or phone call that seems threatening or manufactures a sense of urgency, and question anything that seems too good to be true.

In essence, Zero Trust means that we are not going to trust our security to anyone else.

Practical Security

Whether we are talking about work environments or home environments, cybersecurity is a consideration we can no longer leave to someone else. Everyone who uses a device to connect to the internet must be aware of the risks in this new threat landscape. Failure to do could put yourself, your friends, and your family at risk.

5 1 vote
Article Rating
Notify of
Inline Feedbacks
View all comments