Many business owners are in a hopeful mood right after the first of the year and are looking for ways to improve sales and grow their businesses. But no matter how much you grow, one ransomware infection or cloud account breach can mean devastating downtime.

A cyberattack costs a business an average of $200,000, which is more than many smaller companies can bear. Small businesses are also often targeted in these attacks, with over half experiencing a data breach within the last 12 months.

Mobile phishing threats soared by 161% in 2021.

New and more sophisticated cyberthreats are being developed and launched each day that endanger your company’s network security and business wellbeing. This makes cybersecurity one of the most important investments you can make to secure business continuity and growth. 

When making growth plans for your company for 2022, here are several New Year’s technology resolutions that you should include to ensure your IT infrastructure is protected.

Begin Transitioning to a Zero-Trust Security Approach

Cybercriminals are using AI and machine learning to improve the success of their phishing attacks. They continually come up with more sophisticated ways to steal user credentials and conduct insider attacks.

Just normal antivirus software isn’t enough to keep your on-premises and cloud assets secured. Zero-trust is a strong cybersecurity framework that is being adopted around the world. 

It takes a stance of not trusting a user or program by default until they can authenticate access privileges. Some of the tenants include using a safe list for programs that can run on your system rather than trying to identify and block those that can’t. This ensures that any non-approved program is blocked by default, no matter what it is.

Zero-trust is a strategy that is adopted across your entire cybersecurity environment. You can begin with a few zero-trust measures and then add more as time and budget allow to improve your security.

Adopt the Rule of Least Privilege

Credential compromise has risen to the #1 cause of data breaches globally, with stolen login credentials responsible for 20% of data breaches.

With most data now residing in the cloud along with things like business email accounts, hackers are going after usernames and passwords because having a legitimate user login is the easiest way to breach a company account.

Adopt the Rule of Least Privilege this year. This rule states that you should only give employees the minimum permission level in a system as needed for them to perform their daily tasks.

The fewer privileged accounts you have with admin access in a cloud account, the less risk you have of serious damage being done if a hacker steals one of your employee logins.

Implement Multi-Factor Authentication (MFA) Across All User Accounts

One of the tenants of Zero-Trust is multi-factor authentication. This is one of the strongest protections you can put in place to prevent account takeovers and insider attacks.

According to Microsoft, MFA is 99.9% effective at blocking fraudulent sign-in attempts on an account.

If you’re worried about employee pushback about MFA being inconvenient, then couple it with the implementation of single sign-on (SSO). SSO consolidates the employee experience into one login to access all work applications, which saves users time even if they use MFA.

Have Cloud Account Security Professionally Configured

Misconfiguration of security settings is one of the major causes of cloud account breaches. Today’s platforms like Microsoft 365, Salesforce, Google Workspace, etc. come with a lot of security flexibility, but the most secure settings aren’t usually defaulted.

For example, MFA is typically available, but not generally pre-enabled. Users need to enable it themselves, along with several other security features.

Resolve this year to have an IT security professional, like BrainStomp, configure your cloud platform security settings to ensure your accounts and data are properly protected.

Test Restoration of Your Data Backups

Do you have a recoverable backup of all your data in the case of a ransomware attack? If so, when is the last time you tested the data restoration process?

Many companies never do this, and it leaves them at high risk should they suffer a ransomware attack or other data loss incident. There are several cases of companies (like Colonial Pipeline) being hit with ransomware, and having a backup, but paying the ransom anyway because they never tested data recovery and aren’t sure how long it will take. So, they opt to pay the attackers because they think it will be faster.

Add at least two data recovery drills to your calendar this year as part of a business continuity strategy. This helps you ensure you have a backup and recovery system that can restore data quickly, gives you important timeframe details, and helps your team become familiar with the process.

Get Help Improving Your Cybersecurity This Year

Cybersecurity isn’t something to put off until “later.” BrainStomp can help your business target your most vulnerable areas and implement solutions that protect you from costly breaches.

Schedule a free consultation today! Call 260-918-3548 or reach out online.