How to Improve IT Security by Going Back to the Basics

With an increasing proportion of daily life being conducted digitally, having strong cybersecurity in place has never been more important.

At its essence, cybersecurity is the practice of protecting networks, devices, and data from unauthorised access or criminal use. It also involves ensuring the confidentiality, integrity, and availability of information.

However, because security tools and services are evolving so quickly, it’s possible to lose sight of the basic steps that must be taken to ensure effective protection is in place. It’s important to take the time to step back and review what’s been deployed and what may need to be strengthened.

Incidents, vulnerabilities, and breaches

When beginning a security review process, it’s important to understand the differences between incidents, vulnerabilities, and breaches as each needs to be tackled in a different way.

Incidents are compromising events that impact an IT infrastructure’s integrity, availability, and information security.

Meanwhile vulnerabilities are any weaknesses that can lead to a security incident taking place. These could be anything from a flaw in coding to the misconfiguration of a tool or application. Even the smallest vulnerabilities can provide an entry point for a cybercriminal.

At the same time data breaches are compromising events that lead to the leak or public exposure of confidential information. It’s important that an organisation has the ability to detect breaches and knows how to respond to avoid or at least minimise the fallout.

Industry research shows that the volume of incidents and data breaches is continuing to grow at an alarming rate. According to WatchGuard research, there were 69% more data breaches in 2021 than in 2020. During the year, ransomware attacks alone were experienced by 80% of businesses.

Securing a hybrid business

In the wake of the global pandemic, many businesses continue to operate in a hybrid mode, with staff working from home for at least a portion of each week. This situation has made things more challenging for IT security teams who need to protect users and resources that remain outside the corporate firewall.

There are four key strategies that can be taken to help to improve the overall security of a hybrid working environment. They are:

  1. Educate your users:
    Despite the large number of high-profile security incidents that occur every year, some people are still tricked into clicking on suspicious web links or opening attachments that contain malicious code. Conduct regular education sessions for all staff that explain the threats that exist and how they can reduce their chances of falling victim to them.
  2. Apply software patches as soon as they are released:
    Attacks often take advantage of weaknesses in software so it is vital that any patches released are deployed as quickly as possible. This will ensure attackers are unable to take advantage of known vulnerabilities to gain access to a target IT infrastructure.
  3. Choose DNS protection:
    Adding domain name system (DNS) protection is another step that IT security teams should undertake. This allows them to have much better visibility and control over internet traffic and ensures that unauthorised traffic can be prevented. This is particularly important when an organisation has remote or hybrid workers.
  4. Deploy effective security tools:
    The fourth step is to ensure the organisation has in place an effective mix of tools that provide protection. These tools fall into a number of categories including network security, multi-factor authentication, Wi-Fi security, and endpoint security. Together these tools can be deployed and configured to protect both users and digital resources.

At the end of the day, the goal for IT security teams is minimise risk in the work environment. This can be achieved by fostering an organisational culture of security awareness and deploying a mix of technologies that can protect, prevent, detect, and respond to incidents when and if they occur.

The security challenges faced by organisations are going to continue to evolve and increase in number. Checking you have the basics in place now can help to avoid unnecessary disruption and loss in the future.

Anthony Daniel
Anthony Daniel is Regional Director – Australia, New Zealand and Pacific Islands at WatchGuard Technologies. He has more than 15 years’ sales and senior account experience in the IT and telecommunications industry and is responsible for leading WatchGuard Technologies’ regional sales growth and business expansion while overseeing all aspects of management, including channel partner development, distribution strategy and revenue growth. He was previously Senior Regional Sales Manager for Australia, New Zealand and the Pacific Islands at SolarWinds and has also worked in senior sales management positions at Oracle, Vocus and Vodafone.