October is Cybersecurity Awareness Month. This month highlights the importance of safeguarding critical infrastructure from malicious cyber activity, ransomware, and more. This has become increasingly important as security incidents continue to rise.
According to Splunk, 65% of organizations worldwide report an increase in attempted cyberattacks. Just this week, hackers knocked over a dozen public-facing airport websites offline. Earlier this month, hackers also knocked US state government websites offline. Bad actors, malicious entities, and state actors know the value of your business-critical data. They spend countless hours working to gain access to your systems and data.
This October, we wanted to share some helpful tips and reminders to help you keep your teams and systems safe and secure. Start with our top tips below for passwords, proactive scanning, and professional services. Validate your cybersecurity processes and protocols before it’s too late.
1. Password Best Practices
Now more than ever, maintaining password security is important to protect your systems and infrastructure. The best place to start is by establishing company policies to maintain consistency.
Passwords should always be used to access your network, business-critical assets, and any other proprietary information. These passwords also need to be updated regularly, specifically every 60-90 days. Your business should institute forced password updates for default passwords. These recommendations should be applied to internal teams and to any third-party contractors or temporary staff.
According to the National Institute of Standards and Technology (NIST), other password policy complexity best practices include:
- Passwords at a minimum of six to eight characters in length
- Passwords should not contain the user’s account name or parts of their full name that exceed two consecutive characters
- It must also contain characters from three of the following four categories:
- Base 10 digits (0 through 9)
- English lowercase characters (a through z)
- English uppercase characters (A through Z)
- Non-alphabetic characters (for example, !, $, #, %)
Managers can designate password policy settings in a single accessible repository. Be sure to follow up with team leaders to ensure team members are following established password protocols. Sysadmins should also organize automated password expiration policies. For example, at Connectria we use our secure customer portal which encrypts all communication between our engineers and customers.
It’s also not just about leveraging passwords but also about storing and sharing them securely. If you must share a password, do so verbally, either over the phone or in-person. You can also send a password through an encrypted email source or simply use a password vault to store and share usernames and passwords safely and securely.
Want to ensure 24×7×365 security and compliance in AWS?
2. Proactive Scanning and Monitoring
According to a 2022 IBM survey, the average cost of a data breach in the United States is around $9.44M. Some of the most common attacks include unknown vulnerabilities and phishing attacks. The average cost of a vulnerability in third-party software amounts to $4.5M, and as much as $4.9M for a phishing attack. From bad actors to phishing, serverless attacks, and more, getting started on the right path to safe and secure management can seem overwhelming.
A great place to start is with regular Proactive Vulnerability Scanning. At Connectria we offer proactive scanning services which include scans of your server and/or website. Customers can also add additional website scans as needed. Once the scans are complete, our customers receive a documented results report that includes a security risk rating, potential vulnerabilities, and recommended prevention actions as a final deliverable.
3. How Professional Services Can Help
Maintaining security and compliance for your data can be challenging. Sometimes your team may lack the bandwidth to do what you want to do, instead focusing time on the day-to-day management of your infrastructure.
Here, professional services like those from Connectria can provide additional support for things like application updates, server health checks, and more. Our Professional Services handle project-based work, with predetermined goals and objectives. These activities are typically driven by a project manager who works with the customer to set scope, success criteria, and establish a project timeline.
For example, our on-demand development services leverage engineering support, as needed, for specific projects. Our professional services are helping customers stay safe by ensuring applications are up to date with patching and upgrades. Another key factor in keeping systems secure is proactive scanning and monitoring.
Safe and Sound
These days, we know you want to do everything you can to be safe and secure and we want to help. At Connectria, our dedicated security team is focused on supporting your security needs from annual audits to continuous monitoring. We offer layers of protection from vulnerability scanning to proactive 24×7 continuous monitoring and threat prevention. These services ensure the integrity of your systems.
Ultimately, our team is dedicated to protecting what is most important to you and your business. Contact us below to be connected with one of our security experts who can answer your questions and address your concerns.