The world of cybersecurity is constantly inundated with news on the latest data breaches, cybercriminal attack trends, and security measures. And while that information is critical for adapting to the ever-changing nature of cybercrime, it’s also important to pay attention to foundational measures as well. Basic security hygiene still protects against 98% of attacks.
As companies become increasingly reliant on technology and online systems to conduct their business, meeting the minimum standards for cyber hygiene is essential for protecting against cyber threats, minimizing risk, and ensuring ongoing business viability.
Read on to learn what these standards are and how you can begin implementing them in your organization.
Increase your cyber hygiene in 5 steps
- Require phishing-resistant MFA: Enabling multifactor authentication (MFA) can help prevent up to 99.9% of attacks. This is because MFA helps disrupt potential phishing attacks by requiring attacks to crack more than two factors of verification in order to gain access to your system.
However, in order for MFA to be effective, it must be frictionless. Options like device biometrics or FIDO2 compliant factors such as Feitan or Yubico security keys can help increase security without placing an additional burden on employees. Likewise, MFA should be strategically leveraged to help protect sensitive data and critical systems rather than applying it to every single interaction.
Finally, MFA should be easy for end users. Conditional access policies are a great solution here, as they can trigger two-step verification based on risk detections, as well as pass-through authentication and single sign on (SSO). This helps reduce the need for end users to navigate multiple sign-on sequences to access non-critical file shares or calendars on the corporate network as long as their devices are updated. It also eliminates the need for 90-day password resets.
- Apply Zero Trust principles: Zero Trust acts as a proactive, integrated approach to security across all layers of the digital estate. Under the Zero Trust model, every transaction is explicitly and continuously verified; least-privilege access is enforced; and intelligence,…