10 Tips to Protect Your Organization Against Common Cyber Attacks

Cristian Cornea
3 min readApr 11, 2021
Photo by FLY:D on Unsplash

Here are 10 actionable tips that you can use to improve the overall cyber security posture of your organization, and also to protect against some of the most common attacks out there.

  1. Train your employees about security awareness. Humans represent the weakest links that attackers take advantage of, that’s why Phishing is one of the most popular delivery methods of malware and ransomware.
  2. Watch out for weak, default, or compromised passwords. If you haven’t done yet, you should enforce password policies for all the systems within your organization, which includes complexity and reusage checks. As soon as you deploy new technology, software, or device, you must immediately change its default password according to the defined policy. Also, you can check for compromised passwords here.
  3. Limit the exposure of sensitive protocols. Before opening a port to the Internet, ask yourself: Is it really necessary to do so? If yes, ensure that only the allowed personnel will be able to access it, by creating proper protection mechanisms, for example, Firewall rules, Access Control Lists, and VPN tunnels. Some examples of network protocols and services considered sensitive and dangerous to be exposed are Remote Desktop Protocol (RDP), Database Logins (MySQL, MariaDB, and so on), Simple Network Management Protocol (SNMP), Virtual Network Computing (VNC).
  4. Backup, backup, backup! If you have a good backup strategy, that transfers and stores the data in the cloud, then you should get rid of the fear of getting ransomware. Try to move the backups in the cloud, if you still keep them within the network, then there’s a higher chance of those becoming encrypted as well.
  5. Enforce Multi-Factor Authentication where possible. Besides passwords, you should enable one-time PIN, biometrics checks, smart cards, or USB tokens for all the accounts.
  6. Apply the Principle of Least Privilege. “The principle means giving a user account or process only those privileges which are essential to perform its intended function.” (Source: Wikipedia). It means that you should not give domain administrator rights to Ben, which is part of the sales and marketing department.
  7. Review from a security perspective. You…

--

--

Cristian Cornea

🇷🇴 Founder @ Zerotak Security & Cyber Security Training Centre of Excellence (CSTCE)