Cyber security best practices for 2023

The cornerstone of good cyber hygiene involves doing the basics well. With remote working now a mainstay for many organisations, it is now more important than ever to keep security front of mind.

To help you maintain good levels of cyber security within your business, Nviron has created a best practice guide for 2023, demonstrating how your organisation can reduce your attack vectors and maximise security.

1. Strong passwords & MFA

Using strong passwords is integral to your organisation’s security and the security of any account you have set up. At Nviron, we encourage using memorable, three-word phrases as passwords, including upper- and lower-case letters, numbers and symbols, making them much harder to crack.

In addition to using strong passwords, introducing Multi-Factor Authentication (MFA) to all accounts requires users to provide two or more verification factors when accessing a resource such as an application or online account. This adds additional layers of protection to the sign-in process.

2. Updates, patches & anti-virus protection

Installing the latest updates to your applications and operating system is essential to patch known vulnerabilities and exploits. Ensuring you update promptly once patches have been released is integral, as malicious individuals will use patch notes to identify which vulnerabilities were fixed and then create exploits to attack the pre-patch vulnerabilities.

In addition, Installing anti-virus protection is also essential to scan your systems regularly and ensure any malware is eradicated.

3. Implement a zero-trust security strategy

A zero-trust security strategy is designed to manage risk by granting each user, application, and device the bare minimum access required to perform its role within the company. By limiting permissions and giving access to resources on a case-by-case basis, zero-trust security minimises the impact of a successful attack against an organisation.

4. Perform network segmentation

Cyber threat actors rarely gain immediate access to the resources targeted in their attacks. For example, cybercriminals commonly gain initial access to user workstations through phishing emails or other attacks. They then can move laterally through the network to attack more high-value targets, such as database servers or critical systems.

Network segmentation is designed to make this lateral movement more difficult by breaking the corporate network into discrete pieces based on business needs. By placing next-generation firewalls (NGFWs) between network segments, an organisation increases the probability that attempts at lateral movement will be detected and blocked.

5. Improve security hygiene by taking proactive measures

Corporate security teams often operate with a reactive mindset, focusing on threat detection and response rather than attempting to proactively sure up defences and reduce attack vectors, only acting once attacks have begun.

It is essential to introduce proactive security measures, such as patching vulnerabilities before they are exploited. It allows you to avoid future threats, improving your organisation’s security posture and risk exposure.

6. Address leading threats with cyber security awareness training

Phishing attacks remain among the most common and effective techniques within a cyber threat actor’s arsenal. Tricking a user into clicking on a malicious link or opening an infected attachment is almost always easier than identifying and exploiting a vulnerability within an organisation’s network.

Security training focused on the latest threats can help reduce an organisation’s exposure to evolving attack campaigns, and in-depth visibility into an organisation’s network and IT infrastructure can support more targeted training based on the risky actions employees may perform.

Whilst implementing these steps will help you begin to improve the security culture within your organisation, you can still take additional steps to improve your security posture within your organisation and defend against incoming attacks. To discuss your Cyber security requirements and how Nviron can help you protect against attacks, please Click Here to speak to one of our specialists. Alternatively, existing customers can contact their designated Account Manager.