Practical Cyber Security Tips from the Top

Jane Di Noto , Founder of the cloudyBoss group, is an accomplished entrepreneur with an extended skill set in business, engineering, cyber-security, ironed out over 4 decades of global senior executive experience across aviation, hospitality, health, Industrial Distributed Ledger & Cloud technology sectors.

Within an ever uncertain, highly variable and multi-polarized geopolitical context, her down-to-earth practical top 10 cyber security tips for 2023 are very timely and a reminder of the importance of governance, compliance and risk management.

Here they are:

TIP 1. SMALL MIGHT BE BEAUTIFUL BUT THERE’S NOTHING LITTLE ABOUT IT

Think Big irrespective of company size! Be aware of context and embrace governance best practices, especially with cyber-security. Research & understand cyber-security jargon, anatomy of cyber-attacks, the meaning of terms such as reconnaissance, vulnerability, threat, exploit, campaign, hacking, other terms, the broader laws & risk management contexts.

?

TIP 2. FOLLOW THE DATA

Data must remain safe even when it leaves your devices, systems, infrastructure, networks, or if compromised, stolen, or lost. Study data flows, classify data, always know where it is stored, including when in transit or in backup storage. Know the value of data: think of it as an asset vs something used to describe or operate assets.

?

TIP 3. PLAN, DO, CHECK, ACT

Write your own policies on security of information. Derive from your policies control procedures about all data aspects. Regularly check your security metrics. Manage cyber-security risks within your risk appetite & tolerance. Have contingency plans, run drills to test if they’ll work should incidents occur, and train often all around you.

?

TIP 4. TOUGHEN UP ALL WEAKEST LINKS IN YOUR VALUE CHAIN

Choose and regularly check best-in-class anti-virus. Toughen up passwords: 10 characters with numbers, symbols & casing are the norm as of 2023; anything else lasts a few hours. Secure communications. Encrypt data: plan recovery from data losses. Use multi-factor authentication which stops 99.9% of threats. Understand & practice zero-trust & segregation of duties. Recognize, outsmart, and filter out social engineering attacks.

?

TIP 5. DISTRIBUTE YOUR EGGS OVER MANY BASKETS

Beware of over-hyped big tech and rely on more than one cloud provider: vendor's size does matter as it provides what’s otherwise unattainable (speed, reach, on-demand scalability/capability, built-in security), but this sizing strength also is a worst weakness as highly visible larger vendors are primary targets for threat actors. Avoid being "caught in the middle" as collateral damage.

?

TIP 6. JOIN CYBER-SECURITY ECOSYSTEMS AND FIGHT FIRE WITH FIRE

The romantic notion of "single hackers in hoodies breaching large-scale organizations" is now an exception: modern threat actors operate as vast, well organized & funded criminal networks, often state-sponsored. Single cyber-security units, including large corporate ones, are unable to respond or defend against threats from much larger nefarious networks. Choose & join ecosystems & wide-scope cyber-security clusters vs relying on single vendors.

?

TIP 7. TIME IS OF THE ESSENCE

Know how much time can elapse from the moment an incident occurs before your business becomes irremediably compromised: a business continuity plan shall match time-based risk tolerances. Know the period between latest backup & incident for which a business remains viable, to guide data recovery & backup strategy.

?

TIP 8. STAY INFORMED

Information is business blood & technology the cardio-vascular system allowing it to flow. Irrespective of sector, business & technology are nowadays indistinguishable. Technology evolves fast: what seems a solution today might become tomorrow’s nightmare. Stay informed about business, technology & cyber-security. Filter out fake news, propaganda, meaningless marketing spin, regularly question & assess your sources’ integrity.

?

TIP 9. BUSINESS HEAVILY BASED ON TECH MUST HAVE A SECURITY-BY-DESIGN CULTURE

Secure software means quality. If a business depends on or is built upon its own technology, and employs its own software engineers, ensure security is part of culture by applying security-by-design principles. Make sure best practices such as safe coding, peer reviews, frequent security audits/scans are adhered to.

?

TIP 10. A BOUNTY MIGHT BE THE ULTIMATE TEST

When a tech organization reaches superior cyber-security levels at engineering cultural level, put it often to real-world tests with crowd-sourced bug bounty campaigns, leveraging online ecosystems of ethical hackers.