In this article, we delve into the best practices for strengthening cybersecurity measures, as shared by eight industry leaders, including co-founders and managers. From adopting a Zero Trust security model to conducting regular cybersecurity training, these experts provide a wealth of knowledge to help you feel more secure in cybersecurity decisions.
- Adopt a Zero Trust Security Model
- Shift to Passwordless Authentication
- Implement a Cybersecurity Games Program
- Ensure Regular Software Updates
- Monitor Terms of Service Changes
- Introduce Multi-Factor Authentication
- Mandate Third-Party Tools
- Conduct Regular Cybersecurity Training
Adopt a Zero Trust Security Model
One best practice that my organization has implemented is adopting a Zero Trust security model. Zero Trust assumes that no user or device can be trusted by default, and it requires all users and devices to be authenticated and authorized before they can access any resources. This approach has helped us improve our security posture and reduce our risk of attack.
A specific step that we have taken to implement Zero Trust is to micro-segment our network. This involves creating multiple virtual networks within our physical network, each of which is isolated from the others. This makes it more difficult for attackers to move laterally within our network and access our critical systems.
Omar Masri
Software Entrepreneur and Founder, Mamori.io
Shift to Passwordless Authentication
In the digital era, cyber threats have rapidly evolved, with passwords becoming a major vulnerability. Over 81% of breaches reported in the media are due to weak, stolen, or cracked passwords.
At Corbado, we recognized this and follow a passwordless authentication approach for our SaaS solution, centering around passkey authentication. This move doesn’t just prevent phishing and other password-based attacks (e.g., social engineering, brute-force attacks), but it also dramatically enhances the user experience. Users do not need to go through the hassle of creating and remembering passwords, which makes the passwordless approach a win-win situation for security and UX alike.
Vincent Delitz
Co-Founder, Corbado
Implement a Cybersecurity Games Program
By implementing a cybersecurity games program, our organization has strengthened its cybersecurity measures. This program makes cybersecurity training and awareness more engaging and effective for employees by gamifying it. The program includes a number of challenges and activities designed to teach employees about various cybersecurity threats and how to protect themselves.
One challenge could be a phishing simulation in which employees must identify and report malicious emails. A social engineering simulation in which employees are asked to identify and avoid common scams could be another challenge.
We can help employees learn and retain information more effectively by gamifying cybersecurity training. This reduces the possibility of human error, which is a leading cause of cybersecurity breaches.
Yogini Kuyate
Digital Marketing Executive, Matrix3D Infocom Private Ltd.
Ensure Regular Software Updates
This year, we faced a major challenge when we suffered a cyber-attack. This incident was a wake-up call for us, highlighting a critical flaw in our cybersecurity protocol—we had fallen behind on software updates.
In response, we have taken proactive measures to strengthen our digital security. A key step we have implemented is to ensure that all our software is always updated to the latest versions. This practice isn’t just about patching known vulnerabilities; it’s about staying ahead of potential threats.
Yevhen Koplyk
Head of Marketing, WiserBrand
Monitor Terms of Service Changes
Read the Terms of Service and Privacy Policy language for the tools you’re using, and stay aware of changes. We have changed our virtual-meeting provider because our prior provider can now access meeting content, putting confidential and proprietary information at risk. This is all the more important as vendors incorporate AI features into their product offerings, often modifying usage agreements to allow the vendor to use your data in their AI models.
Meghan Anzelc, Ph.D.
Chief Data and Analytics Officer, Three Arc Advisory
Introduce Multi-Factor Authentication
In the face of an ever-changing digital landscape, our organization has prioritized cybersecurity measures to safeguard our assets and data.
One significant step we’ve taken is implementing multi-factor authentication across all sensitive systems. This added layer of security has proven instrumental in fortifying our defenses and ensuring the integrity of our operations in today’s dynamic digital environment.
José Moya
Outreach Manager, We Are Capicua
Mandate Third-Party Tools
Understanding that hackers are more prevalent than ever, and with the rise of AI and its potential negative use cases, we have begun to require all members of the team to turn on two-factor authentication for anything pertaining to our company.
By leveraging third-party tools like Authy and Google Authenticator, we are adding an extra layer of protection not only from people who are nearby in person but also from anyone around the world who may be trying to gain unlawful access. This also ensures that there is trust within the organization, as no one other than the admin has the ability to get into something that they shouldn’t.
Isaac Mashman
Founder, Mashman Ventures
Conduct Regular Cybersecurity Training
One way we’ve bolstered our cybersecurity plan in recent years is by conducting training sessions for all our employees. Typically, we hold these classes twice a year. I believe most breaches are preventable. If your team doesn’t understand the evolving digital landscape and what they can do to prevent a cyber-attack, they could fall victim to a hacker and compromise sensitive information.
We use these training sessions to explain best practices, discuss new types of attacks, and ensure our team members have everything they need to keep company data safe and secure.
Syed Balkhi
Founder, WPBeginner
