8 Internal Cybersecurity Best Practices


By Matt Blackmore, on 26 Jul 2021

Make sure you follow these cybersecurity best practices internally or risk an attack that compromises your system and, ultimately, your clients.

1. Use a password manager.
Every day, hundreds of stolen credentials are put on the dark web. Leverage a password manager to generate and organise unique passwords for every application your team uses.

2. Require MFA everywhere possible.
Multi-Factor Authentication (MFA) is key to combating unauthorised access to sensitive data. You should use MFA within your RMM and PSA tools, and it should be required for admins of Microsoft, backup, and security tools.

3. Manage updates and patches.
Keeping Windows updated is crucial, but you need to look beyond the operating system. Make sure your applications and tools, especially your RMM and PSA tools, have the latest patches.

4. Lock down endpoints.
Implement an endpoint protection solution that leverages next–gen detection engines and provides automated remediation capabilities. You’ll likely want to disable the use of USB drives and the execution of script files, as well as prevent users from running specific applications and block inappropriate/malicious websites.

5. Harden email services.
Layer additional security with more advanced functionalities, such as URL scanning and attachment sandboxing, onto Microsoft Exchange Online. Configurations should also be set up to filter malicious file types and extensions, or non-business-related IP addresses. Configuring SPF, DKIM, and DMARC records can combat spoofing techniques used against your organisation.

6. Create an incident response plan.
Formally define an action plan for security incidents. Examine current assets, evaluate your potential risk, and establish clear guidelines to analyse, contain, and remediate threats. A post-breach inquiry should be conducted to confirm the attack isn’t repeatable. Consider forming an Incident Response Team and formalising a communications plan to inform clients and business partners when an incident occurs.

7. Require security awareness training.
Initial security training should be required for all new hires, as well as recurring, company-wide security education. It’s critical that your employees know how to identify attacks and understand what to do after a potential threat is discovered.

8. Apply and test backups.
No solution promises 100% protection, which makes having backup across all workloads so crucial. Backing up cloud data is just as important as on-prem data. Don’t overlook recovery responsibilities when crafting a redundancy strategy. Testing your backup is critical to make sure all data is recoverable.

Tech solutions to support and automate cybersecurity

These internal cybersecurity best practices will protect your company’s data and give your team experience with these solutions, which can help increase sales and improve support. Talk to a member of the JTSecurity to learn more about the security solutions you should implement internally. Telephone: 01277 523133 Email: hello@jtsecurity.net


Prevent Tomorrow's Attack. Today.

Get in touch to speak to an expert today...