Essential practices to strengthen your business’ cybersecurity

Estimated reading time: 4 minutes

With enterprises being the centre of attention of an ever-evolving threat landscape, foolproof security of business assets has become the need of the hour. To counter the menace of cyberattacks, today we have businesses that specialize in the development and deployment of advanced and futuristic solutions that have the capability to defend businesses from the most dangerous of malware.

However, this vigilance may falter if enterprise stakeholders are not cautious about the basics of cybersecurity. Every critical aspect such as email, user access, software updates et al. needs to be optimized so that even a worst-case scenario pertaining to cyberattacks turns in the business’ favour.

Seqrite intends to educate its esteemed customers about very simple but effective steps that organizations need to integrate into their status quo to bolster cybersecurity.

Regular data backups

Data backups are essential because ransomware is notorious for locking enterprise data and demanding monetary benefits in exchange for data release. There is other malware too that may make businesses lose 100 % of their critical data.

Hence –

• Back up your important data regularly and keep a recent backup copy offline
• Encrypt your backup
• Always use a combination of online and offline backup
• If your computer gets infected with ransomware, your files can be restored from the offline backup, once the malware has been removed
• Do not keep offline backups connected to your system as this data could be encrypted when ransomware strikes

Grants

Administrators should practice extreme caution while granting rights to the business workforce. Pin-point accuracy is a must while assigning access rights to employees. Admins should have absolute clarity about what parts of the business should be accessible to which users.

Hence –

• Regularly audit local/domain Users and remove/disable unwanted users
• Set strong passwords for every business account
• A strong password includes a combination of –
• Letters in upper case
• Letters in lower case
• Numbers & special characters
• Password should consist of a minimum 8-10 characters
• Mandating a password change on a periodic basis
• A bad example would be common passwords like P@ssw0rd, Admin@123#, etc.
• Set password expiration & account lockout policies (in case the wrong password is entered)
• Don’t assign Administrator privileges to users
• If possible enable Multi-Factor authentication to ensure all logins are legitimate
• Don’t stay logged in as an administrator, unless it is strictly necessary.
• Avoid browsing, opening documents or other regular work activities while logged in as an administrator

Software updates

Software updates drop the latest fixes to bugs and patches to every software entity present in your business.

Hence –

• Keep your Operating System and other software updated. Software updates frequently include patches for newly discovered security vulnerabilities which could be exploited by attackers. Apply patches and updates for software like Microsoft Office, Java, Adobe Reader, Flash, and Internet Browsers like Internet Explorer, Chrome, Firefox, Opera, etc., including Browser Plugins
• Always keep your security software (antivirus, firewall, etc.) up-to-date to protect your computer from new variants of malware
• Do not download cracked/pirated software, as they risk backdoor entry for malware into your computer
• Avoid downloading software from untrusted P2P or torrent sites. In most cases, they harbour malicious software

Securing network and shared folders

Typically, network and shared folders are home to the most confidential business data. Hackers are always on a prowl to break-in to these folders and gain access to highly-sensitive information.

Hence –

• Keep strong and unique passwords for login accounts and network shares
• Disable unnecessary, admin share. i.e. admin$. Give access permission to shared data as per requirement
• Audit RDP access & disable it if not required or, set appropriate rules to allow only specific & intended systems
• Change RDP port to a non-standard port
• Configure firewall in the following way –
  • o Deny access to all to important ports (in this case RDP port 3389)
  • o Allow access to only IP’s which are under your control
• Use a VPN to access the network, instead of exposing RDP to the Internet
• Possibly implement Two Factor Authentication (2FA)
• Set lockout policy which hinders guessing of credentials
• Create a separate network folder for each user when managing access to shared network folders
• Don’t keep shared software in executable form

Email

No business can function without email. History is proof that email is one of the most go-to channels for hackers to propel cyber attacks.

Hence –

• Enable Multi-Factor authentication to ensure all logins are legitimate
• Set password expiration & account lockout policies (in case the wrong password is entered)
• Don’t open attachments and links in an email sent by an unknown, unexpected or unwanted source. Delete suspicious-looking emails you receive from unknown sources, especially if they contain links or attachments
• Cybercriminals use ‘Social Engineering’ techniques to trick users into opening attachments or clicking on links that lead to infected websites
• Always turn on email protection of your antivirus software

Disable macros for Microsoft Office

Fairly self-explanatory, macros should be disabled because a lot of malware penetrates due to the enablement of macros.

Hence –

• Do not enable ‘macros’ or ‘editing mode’ by default upon execution of the document, especially for attachments received via emails. A lot of malware infections rely on your action to turn on macros
• Consider installing Microsoft Office Viewers. These viewer applications let you see what documents look like without even opening them in Word or Excel. More importantly, the viewer software doesn’t support macros at all, so this reduces the risk of enabling macros unintentionally

Secure browsing

Web browsers are the most sought out channels for malware attacks – everybody knows it.

Hence –

• Always update your browser
• Try to avoid downloading pirated/cracked media or software from sites like torrents
• Block the ad pop-ups in the browser.
• Always verify whether you are accessing the genuine site by checking the address bar of the browser. Phishing sites may show contents like a genuine one
• Bookmark important sites to avoid being a victim of phishing
• Do not share your personal details like name, contact number, email id, social networking site credentials for any unknown website
• Do not install extensions in browsers which you are not fully aware of. Lookout for impersonating web-pages and do not allow any prompt on an unknown web page that you are visiting. Avoid visiting crack software download websites
• Policies should be clearly communicated for employees opting for BYOD (Bring Your Own Devices) facilities
• Policies for using official applications on platforms other than office infrastructure should be established

 

Lastly, for pen drives, disable the autorun feature if not needed and regularly educate employees for best cybersecurity practices.

Seqrite is Quick Heal Technologies’ flagship enterprise product – the company is a stalwart and an industry major that has spearheaded the movement about the importance of cybersecurity. Hope, this educational document helps.

Please get in touch with us for any specific questions.