9 practical tips to improve cybersecurity in your company

Companies often have outdated security policies that do not take into account the latest technologies, new cyber threats, or best cybersecurity practices. Security policies are the foundation for corporate safeguarding.

Make sure to update your policies first, then update your security practices and then train your employees so they understand - and respect - the new policies.
 

It's normal to be confident, but when you receive an email, a phone call, a text message, a request on social media, or another direct communication, the sender might be an imposter trying to deceive you.

Always take a moment before opening an attachment, clicking on a link, or providing sensitive business or personal data.

Start by asking yourself, does the communication seem legitimate? Would this person or company send you this request? If you're not sure, contact the sender and ask for confirmation of the message in question. This helps you avoid phishing and other attacks aimed at exploiting your trust.
 

Too often, employee security awareness activities are just an hour a year, during which the same presentation is shown, or they translate only into an occasional reminder email.

In reality, very often none of these activities are carried out.

Security awareness can be perceived as a waste of time and, unfortunately, it often is due to poor organization.

It becomes important to start a change of perspective, to understand the importance of security and the need for everyone to do their part. You can help your company change its approach to cybersecurity by explaining to employees in a few minutes why they are asked or requested to do (or not do) certain things. 
 

Cyber attacks often use compromised user accounts to access a company's internal resources. Requiring to change passwords periodically, setting specific requirements for creating a new password, asking for two-factor authentication, or using an OTP code system, for each user, can be a simple but effective method in stopping many cyber attacks.

If this is not feasible for your company, at least require system users and all others with privileged access to systems and networks, to have strong passwords that attackers will not be able to guess and that have not been used on potentially risky portals.
 

To make things more difficult for attackers, be organized when it comes to your passwords. Find a system that allows you to create a strong and unique password for each website, business or personal app, each time, but that is still easily memorable. 

If you can't remember every password, avoid using just one for different sites or apps, or even writing them directly on post-it notes and leaving them in plain sight next to devices. Instead, look for and use a password management software.
 

If it's been a while since your company has reviewed its network security controls, consider whether they need an update. For example, have you been using firewall and VPN gateways for a while? Maybe it's time to update or replace them. 
 

One of the risks that is often underestimated, is that you might be so busy that you don't have time to keep your knowledge about security up to date.

It's understandable that you're focused on your duties. However, you should stay updated with the latest changes also for the field of security, an area for which there are always more things to learn. Cybersecurity topics, such as risk assessment, computer threats and threat detection apply to many different areas and can be vital for data protection.

Internet access is now available everywhere, but security threats are always present and vary from place to place.

When possible, use private networks, instead of public networks like the public Wi-Fi in your local bar. On public networks, your computer is directly exposed to attacks from the Internet. Private networks, like your home network, use a firewall, an Internet router or another device to block attackers from directly connecting to your mobile device and other devices. Choose private networks to reduce risk.

Even if all necessary precautions are taken, harmful activities can reach your computer.

You should always be prepared, using antimalware software and keeping your operating system and applications always updated. This allows you to have tools ready to face new threats.

However, if some attacks are successful, you must also be prepared for this. For example, some attacks can make your data and your computer inaccessible. Make sure your data has an accessible backup, according to your company's policies, and check from time to time that your backups are working properly. This helps to ensure that your information is protected, even in the event of attacks.