Every year, cyberattack methods become more sophisticated and organizations not prioritizing cybersecurity put themselves at greater risk. In the last five years, the FBI’s Internet Crime Complaint Center has received 2.76 million internet crime complaints, amounting to $18.7 billion in total losses†. Of those complaints, methods of manipulating people through email or fake websites (including phishing, smishing, vishing, and business email compromise) have skyrocketed in that time.
For businesses, the rise of such attacks highlights the critical need to build strong cybersecurity practices to combat evolving and sophisticated threats. Prioritizing cybersecurity and fraud best practices within your organization can help mitigate the financial, operational, and reputational consequences of cyberattacks.
The Huntington Cybersecurity team has compiled their best practices, insights, and recommendations into this checklist. This resource can help your organization bolster its defenses and develop a strong security culture in the new year and beyond.
Prioritize incident response planning that includes data recovery
- Create or strengthen an incident and crisis response plan. Kick off the new year by developing or bolstering your organization’s strategy for responding to cyber threats or natural disasters.
- Designate those who will execute the incident and crisis response plan.
- Identify key stakeholders and decision-makers.
- Prioritize the critical data needed to maintain operations.
- Use tabletop exercises to test the response plan and continually refine it.
- Maintain an accurate inventory of your organization’s assets (IT equipment, data, and systems). In the event of an attack or disaster, this information will be helpful for insurance claims. Recovery of data after an incident will also require this information. Set a policy to maintain an asset inventory with a regular schedule for updating and verifying its accuracy.
- Perform automatic and continual backups of business data and information. Prioritize critical data, such as databases, financial files, spreadsheets, human resource files, accounts receivable/payable files, and core IT configurations.
- Recovery Point Objective (RPO) and Recovery Time Objective (RTO) are two aspects of a data recovery and backup plan. Add these requirements to your plan.
- Practice retrieving your backup files to make sure you can recover them in the event of a cyberattack.
- Create and enforce corporate policies for systems or areas where personally identifiable information (PII) and other sensitive data are held. This information may be accessed by bad actors, so help protect it with added security controls.
- Add additional layers of protection for critical data. Implement physical security, download offline copies of backups, and enable encryption. In the event of a ransomware or destructive malware attack, these additional backups can help allow for business continuity.
- Review and update your cyber liability insurance policy. In the event of a breach or attack, your organization’s policy can help cover financial losses. Assess whether your current policy provides the first- and third-party coverage your organization needs, based on its technology infrastructure and susceptibility to cyberattacks. If not, consider making it a priority in the new year to upgrade your policy and help protect your organization.
- Conduct an annual assessment of vulnerabilities in your IT environment. Set a regular cadence to audit the security posture of your IT environment and implement standards to ensure vulnerabilities are addressed.
- Enforce security controls for remote workers. Require employees working from home to use a virtual private network (VPN) and secured home router. Remind employees to keep work and personal devices separate to help keep sensitive data and networks safe.
- Keep all computer operating systems and applications updated with the latest security patches. Remaining up to date on the latest versions and patches can help prevent bad actors from exploiting vulnerabilities. Scanning tools can assist with identifying vulnerabilities and deploying patches across networks, endpoints, databases, and equipment.
- Ensure your organization’s antivirus, malware protection, and email security software are active and the most updated version available. These detective and preventative measures allow your organization to help prevent bad actors from exploiting vulnerabilities or gaining access to sensitive data or systems.
- Use a firewall to protect the enterprise network.
- Enable a security incident and event management (SIEM) system to collect data and help your team better detect and respond to incidents.
- Consider investing in a managed security provider (MSP) for continuous monitoring.
- Subscribe to CISA’s Known Exploited Vulnerabilities Catalog. The Cybersecurity & Infrastructure Security Agency (CISA) maintains an ongoing record of known vulnerabilities. Make sure you or your organization’s security team subscribes to this catalog and uses the information to prioritize vulnerability management.
Implement measures to protect against common cyberthreats
- Employ identity and access management (IAM) policies. Your organization’s policies should include multifactor authentication (MFA) for all users, privileged access management, and single sign-on capability. These precautions can help mitigate insider threat risks.
- Implement role-based access control (RBAC) and restrict third-party access. Limit access to essential functions for employees and third-party entities to help protect your network, infrastructure, and data.
- Reduce or eliminate vulnerable connection methods into your network. These vulnerabilities, including Server Message Block or Remote Desktop Protocol, can allow bad actors to target companies with an ever-evolving form of malware called ransomware.
- Require permission for USB or remote drive access. Doing this will help protect against insiders copying sensitive data onto a remote drive or device.
- Control physical access to computers and network components. Technology devices, such as iPads or laptops, are common targets for theft. Consider your corporate asset inventory and implement measures to prevent unauthorized individuals from accessing them.
- Train employees to look for BIMI in their email provider. Brand Indicators for Message Identification (BIMI) is an email specification that displays brand-controlled logos next to emails as an added defense against business email compromise. For example, a validated email from Huntington will appear in a user’s inbox with a honeycomb icon to verify it’s from a trusted source.
- Add an external email banner. This banner, which appears at the top of emails from an external sender, helps draw attention to the fact that it isn’t from someone within the company. Seeing the banner alerts employees to stay vigilant against an email phishing scam.
- Assess your website and social media to determine whether they share too much information. Bad actors can use this public information to gain knowledge about a company and wield it through a social engineering attack to con employees into giving away access to secure data.
Begin developing or deepening a strong security culture
- Implement a year-round cybersecurity training program for employees. Your organization’s security program should include awareness, training, and outreach efforts. Every member of your company should know their role in cybersecurity, regardless of their job role.
- Plan regular communications to inform employees about common threats, such as phishing scams, and best practices for protecting against them. Examples include how to identify and report a suspicious email or when to verify an email sender’s identity via phone or other communication methods.
- Remind employees about general cybersecurity hygiene. Employee education is one of the simplest ways to build a culture that prioritizes cybersecurity. Here are a few basic reminders to help keep employees vigilant:
- Use strong passwords unique to each account. A password manager can help with this.
- Never click suspicious links or open unknown attachments.
- Lock devices when not in use.
- Pay attention to email details, such as whether it is from an external source or includes brand indicators for message identification (BIMI).
- Set up multiple channels for employees to report suspicious behavior or cybersecurity incidents. Your employees should feel safe reporting incidents, even if they caused them. Allowing employees to report anonymously might empower some to speak up when they otherwise wouldn’t.
- Make sure employees can easily find contact information for your organization’s cybersecurity team. Consider adding the security team’s point of contact’s email and phone number to your intranet home page and encourage employees to reach out with questions or concerns.
Strengthen your organization’s cybersecurity defenses
Cyberattacks remain an ongoing threat to businesses across every industry. The effects of a successful data breach or attack can have far-reaching financial and reputational consequences. Preventative measures, like those included in this checklist, can help keep your organization safe and secure.
Huntington is committed to connecting you with the insights, resources, and expertise you need to grow and protect your organization. Start the conversation to learn more by reaching out to your relationship manager.