6 Habits To Improve Your Security Posture
Published on 01/07/2020
Security threats are increasing year on year and 2019 was no different. Organisations across the world were constantly targeted by scams and vast quantities of data was breached by malicious actors.
It’s easy to throw statistics out about the scale of the threat, in the first half of 2019 the quantity of ransomware attacks increased by 195% or that in a single ransomware attack, one organisation paid out £45 million in recovery costs. However, these are just numbers and they are irrelevant until you’re the one facing the threat.
Getting into a few good habits when it comes to security will help you improve your security posture dramatically in 2020. To help you with this, SES has created the following guide which explores six habits you should start to adopt which will enhance your organisation's security hygiene.
2019 saw a never-ending conveyor belt of scam emails and phone calls targeted at businesses. As many as 90% of attacks originate from phishing emails and providing your staff with training on how these scams work, how to detect them and what to do when facing them will significantly improve the human element of your security, improving your security posture.
Using strong passwords is vital not only to your organisation's security, but to the security of any account you have set up. At SES we advocate using memorable, three-word phrases as passwords which include a combination of upper and lower case letters, numbers and symbols as this makes them much harder to crack.
Using a password manager to store all of your passwords in a secure location and ensuring you don’t reuse passwords for multiple accounts will also increase your security posture.
In addition, we recommend visiting haveibeenpwned.com to see if your login credentials have been compromised for any of the accounts you hold, then changing passwords for any of the accounts which appear on the list.
An extension of using strong passwords is introducing two-factor authentication to all of your accounts which support it. Two-factor authentication requires an extra form of authentication such as a fingerprint, facial recognition, a text with a code or a code from an RSA token in order to unlock the account you are trying to access.
Ensuring you have installed the latest updates to your operating system and applications is essential as these updates include important patches to known vulnerabilities and exploits. Without them you are open to attack as malicious individuals develop exploits which target the vulnerabilities the latest patch fixed. Therefore users who have not yet patched their systems following an update are at risk.
Installing anti-virus protection is also important to scan your systems on a regular basis and ensure malware is eradicated.
Performing regular backups of your business critical data (daily, weekly and monthly) will help you to defend against a number of malware threats. Regular backups enable you to maintain a secondary, clean and offline backup which can be deployed to restore your systems to a previously uninfected state, should your business be affected by malware.
Ensuring all employees have their own personal login credentials ensures that each employee only has access to the technology and area of your network they require to perform their role.
Segregating your network means that in the event a malicious individual was able to breach your defences, their lateral movement would be restricted, as would the damage and disruption they would be able to cause.
Setting privileges also ensures that employees can only access the company data they need, preventing unauthorised access to company computers, account and data, reducing the likelihood of breaches from within.
Breaking bad habits and forming good ones is integral to strong security hygiene. If you are interested in finding out more about how SES can help improve your organisation's security posture, please get in touch.
© SES Secure Limited and ses-escrow.co.uk, 2020. Unauthorised use and/or duplication of this material without express and written permission from this site’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to SES Secure Limited and ses-escrow.co.uk, with appropriate and specific direction to the original content.