Top tips is a weekly column where we highlight what’s trending in the tech world today and list out ways to explore these trends. This week we’re looking at five steps every organization should take to prevent cyberattacks and keep their data secure.

The recent ransomware attacks on MGM Resorts in Las Vegas and Marriott Hotels have shown that we must be better prepared to identify and prevent phishing attacks. You would think that something as simple as an email attack can easily be prevented and mitigated. However, the common denominator in most serious cyberattacks can be traced back to the most trivial of origins.

The importance of preventing cyberattacks has mostly been overstated. However, every now and then, certain situations arise that call for a friendly reminder. The recent data breaches that cost these hotels millions in losses and damages, certainly call for a refresher and we’re happy to help you out.

With Cybersecurity Month quickly approaching, allow us to show you five simple steps that could prevent a cybersecurity disaster and save your organization millions of dollars.

1. Keep your software up-to-date
Your device’s operating system, the browser you use, along with any third-party applications installed on your device are all vulnerabilities that threat actors can exploit and use as an entry point to get into your device and wreak havoc. This is why manufacturers regularly roll out updates and fixes to patch up any weak points and give their users a more secure experience. Although they may seem inconvenient at times, it is crucial not to ignore these updates and ensure that your software is always running its latest version. A five-minute inconvenience can prove to be a pivotal business decision in the long run.

2. Secure your endpoints
Cyberattacks among employees who work remotely have increased by 238% since the 2020 lockdowns, according to Alliance Virtual Offices. That’s quite a worrisome number considering almost 13% of the workforce works from home and 28% in a hybrid model. What’s even more alarming is that over 80% of organizations allow employees to use their own devices and without adequate endpoint protection, your entire business is a house of cards.

Unified endpoint security gives your organization a holistic view on all the devices that are integrated in the system and allows you to monitor anomalies constantly and prevent a mishap at a moment’s notice. All it takes to bring down your network is one unauthorized device or one malicious application. Unified endpoint management solutions help you monitor all of this on one dashboard.

3. Back up your data
Your organization should prioritize a good backup strategy to avoid painfully long down times and heavy financial losses. In order to do this, you must understand the amount and type of data you have, how much it would cost to create a backup, and what methods of backup are best suited for you. It’s also important to separate business-critical data from old static data, and prioritize them accordingly. Having a strong backup strategy, no matter the cost, can prove to be the less expensive option when compared to the financial and reputational damage you’ll have to deal with if you don’t have one.

4. Restrict and regulate access
While we focus our attention on external threats, it is easy to forget sometimes attacks originate from within. Multi-factor authentication (MFA) is currently the most popular way of regulating access. Biometric identifiers such as fingerprints and face ID are also some measures that provide another level of security. Organizations must implement these steps in their systems as the first line of defense from cyberthreats.

Organizations can ensure that the right people have access to the required amount of organizational data and resources using identity and access management (IAM) solutions. Any anomalies in privileged accounts can be detected in real time and swiftly acted upon by IT admins by deploying the right privileged access management tools.

5. Train your staff
Let’s face it, when it comes to vulnerabilities, humans are the weakest link. Human emotions play a role in creating cognitive bias when it comes to critical thinking and decision-making, often leaving us susceptible to errors. An untrained staff member in your organization will most likely fall for a phishing email designed to trigger an emotional response. This is why regular staff training sessions, courses, and tests must be rolled out at an organizational level to keep your employees on your toes. Employees must be trained to scrutinize and question event the minutest of incidents and made aware of the consequences of a potential breach. This is essential to creating a cybersecurity-first ecosystem within the workplace.

As we step into the most secure month of the year—Cybersecurity Awareness Month—let’s not treat this October as just another checklist item by watching awareness videos, reading material, and taking tests. Let’s make it a point to incorporate the message behind cybersecurity month into our everyday work routines and ultimately our lives—we must never be too complacent and trusting when it comes to our organization’s security. Threat actors are all too eager to prey on the first vulnerability they can find. It is our duty as employees to prevent fires instead of waiting on someone else to put out the flames.

David Simon
Marketing Analyst