FBI cybersecurity directors’ key tips for your SMB strategy

General advice and strategies from an FBI security specialist

Mike Lovernick is an FBI cybersecurity specialist with some key tips and resources for anyone looking to strengthen their cybersecurity posture. While his suggestions can aid SMBs and businesses, they’re useful for individuals too. Information, he points out, is always consumed by someone. Furthermore, someone will always want to get your data if it’s valuable, and a majority of the time – it is. A good rule of thumb is “if it’s valuable to you, it’s valuable to them,” referring to cybercriminals.

So, what advice does Mike have to offer us?

Tip 1: Always maintain and update your security patches

Software and services are offered by numerous vendors. In a company setting, you could have dozens of different apps utilized for normal operations. But each of these programs must be updated to their latest version when available. Outdated software creates numerous security holes in a network, giving threat actors enough space to potentially compromise it. From there, they can siphon login details or other data to further use in an attack.

Unpatched systems are always vulnerable. Hackers are fast to sniff out unsafe systems and will respond quickly. Mike points out that it no longer takes hacker teams weeks to find unpatched software or systems, locating them in as little as 10 hours.

Tip 2: Limit Access Control

Account and access privileges, specifically for administrator accounts, must be segmented to prevent serious damage. Segmented networks only grant permissions to specific users. That way, in case of a breach event, intruders only have access to limited parts of the network.

Tip 3: Multi-factor Authentication

We’ve mentioned it many times, and Mike reinforces the point: enabling MFA is important for an effective, cost-free upgrade to cybersecurity posture. It’s standard for popular websites, apps, and services. MFA comes in different forms, like near-factor (using a BYOD device for access) or single-use token generation.

It’s a standard cybersecurity recommendation that everyone should use at some point.

Tip 4: Set awareness regimen

Cybersecurity training and awareness are important for a healthy security posture. In fact, a complex understanding of cybersecurity is not required for a strong defense. Common sense and a healthy dose of skepticism can prevent even the worst kind of disaster. It’s why zero-trust policies are growing in popularity where emails and messaging are normal parts of workflow.

If not already, you consider an awareness and training regiment for your workforce.

Tip 5: Establish a BDR resource

Surprisingly, not all organizations have a backup disaster recovery plan in place. These days, a BDR is critical for data and infrastructure protection. It’s another emphasized point the FBI director because numerous threat-events can compromise data. Cyberattacks, disaster events (storms, facility accidents), and even hardware failure can terminate valuable data.

Some utilize a documented plan. Others invest in third-party resources to transfer data or maintain it in external data services. Cloud and virtualized services are also versatile options for BDR.

Tip 6: Use federal resources and advice

Finally, using the information found from federal resources like the FBI and CISA can provide you with essential resources for healthy cybersecurity practices. It can include guides for building secure networks, what to do in case of breach events, and goals your enterprise should have for cybersecurity.

Conclusion

Even tips from FBI security experts should sound familiar. In fact, you will notice they’re in line with the advice offered by Bytagig. These tips are simple to manage because improving cybersecurity is primarily about building safe habits.

Of course, even the best of us make mistakes. If you’re struggling to find the resources or time to build a comprehensive cybersecurity strategy, you can always get help.

For more information, contact Bytagig today.

Share this post:
No Comments

Sorry, the comment form is closed at this time.