15 Best Cybersecurity Practices for 2024
May 02, 2023
Well begun is half done. But in far as cybersecurity is concerned, ‘half done’ just doesn’t cut it.
We spoke to CEOs, Founders and Business Heads from companies across industries to understand how they plan to cyber secure their business in 2023. The result is a gold mine of information!
From filling security gaps to using a maturity model, here are 15 answers to the question, “What is your 2023 resolution for maintaining your organization’s cybersecurity posture?”
Read on for a detailed look at what business leaders had to say on each of these. Reflect on your current state of cybersecurity and consider what else you can do to improve your defenses against online threats.
1. Empower Employees to Thwart Hackers
“No matter how secure your cloud infrastructure is, one weak link will always be there: your employees. Unless they are aware of the threats that exist, they will never be properly equipped to fight them.
Therefore, my 2023 resolution for maintaining my organization’s cybersecurity posture is to train my employees to be cyber ninjas. Employees are often the first line of defense with cyber-attacks.
Moreover, cybersecurity is not just a headache for the IT department; it affects everyone. Every single employee has a role to play in protecting their organization’s assets.
No amount of monitoring will save your assets unless the employees understand their responsibility.
Cyber attacks are getting more and more sophisticated, and 2023 won’t be any different. Social engineering is also easier now that people can take help from AI tools like ChatGPT. As cybersecurity is a growing concern, it is more important than ever for employees to understand its importance.”
2. Include Cybersecurity Teams in All High-Level Meetings
“In 2023, I want to ensure that we include our cybersecurity team in all high-level meetings regarding the company’s security overall. In the past, these meetings would often only involve the CEO, myself, and a few other board members.
However, as time goes on and security threats become more palpable, organizations must prepare for anything that might come their way.
Including the cybersecurity team in these meetings seems to make the most sense. Their experience, insight, and input can help us make better, more secure decisions in the future with how we interact with technology.”
3. Use a Multi-Factor User Authentication Function
“We will implement user authentication across all systems to protect data from attackers because of weak passwords. Multi-factor authentication for online systems access will help prove digital identities to enhance authorized access only to the organization’s data.
Focusing on the data protection fundamentals such as multi-factor user authentication will help the organization stand firm in data security to prevent instances of phishing and unauthorized access.
The organization will also conduct training and awareness campaigns among the employees to emphasize the areas of data attacks and how to avoid them.”
4. Complete Log Outs
“Something I’m totally guilty of, as well as most of my employees, is staying logged into accounts and devices after I’ve left them. This is the exact opportunity hackers look for when trying to gain access.
If you’re already logged in to an account, and a device or profile falls into the hands of a hacker, you’ve made their job insanely easy! There’s no password-busting or firewalls in their way—they’re already in.
That’s why my resolution for 2023 is to completely log out of every device after I’m done with it. Every time. And the same goes for our employees.
This is a company-wide update for the New Year, and I plan to implement timed logouts wherever possible on all devices and accounts.”
5. Train to Spot and Prevent Cyber Attacks
“As part of my 2023 resolution, we plan to train all employees on cybersecurity regularly. This training will include identifying phishing and other social engineering attacks, knowing what types of data are sensitive and should be kept secure, how to spot a potential data breach, and how to report any suspicious activity to management.
We want to ensure that our employees are trained on how to use the cybersecurity tools and technologies provided by the organization, such as firewalls and intrusion detection systems, so they can spot malware, ransomware, and other forms of malicious software on time that could compromise our systems.”
6. Consolidate Vendors to Minimize Risk
“Scheduling regular cloud audits and consolidating software licenses around single vendors are proactive measures to minimize the risk of a cyberattack.
Cyberattacks are becoming more prevalent as the global economy is in flux. So, it’s crucial to review your company’s tech stack before thieves get a hold of sensitive data.
Because a business without digital protection can quickly grind to a halt when an attack hits, and playing catch-up can be lengthy and costly. But conducting cloud audits and minimizing software licenses reduces the number of entryways thieves can try to access.
Although this takes time and effort, the additional security is worth it these days. It enhances consumer confidence in purchasing from your brand online and encourages them to continue doing business with you.”
7. Have More Partnerships to Fill Security Gaps
“Not every company needs to be an expert at everything. For highly-specialized areas such as cybersecurity, it often makes more sense for companies to invest in a service than to hire and train an internal resource.
With cybersecurity monitoring, response, and remediation becoming a more recurring necessity than a one-time assess-and-fix—the approach and services required have shifted as well.
Some level of managed security services has become critical for mid-size and enterprise companies and is becoming more and more important for small businesses as well.
Cybersecurity in 2023 should center on identifying any holes in current security measures and selecting partners to help shore up the gaps. Look to managed detection and response services, vulnerability management services, and security awareness training, among others.”
8. Prepare an Incident Response Plan
“In 2023, we will prepare an incident response plan in the event of a breach. Just like a business needs a fire escape plan if the office building is on fire, an incident response plan will help navigate data breaches.
We’ll assign a few of our cybersecurity employees a role in an incident response team. They’ll be first on the scene when there’s a data hack, trying to contain the situation.
We’ll also outline standard investigation procedures and processes, so everyone knows their responsibility in a breach.”
9. Adopt Zero-Trust Security Principles
“My goal for 2023 is to follow the zero-trust security concept. Neglecting cybersecurity precautions could prove to be the worst decision of any organization.
The phrase “zero trust” refers to the practice of always authenticating and authorizing users based on all available data, such as user identification, location, device health, service or workload, data classification, and anomalies.
This is the best course of action to take in order to be cautious about cybersecurity issues that could jeopardize the organization’s overall security.
The regular occurrence of security breaches at well-known tech organizations around the world also justifies the inclusion of this resolution on the priority list.”
10. Update Passwords Each Quarter
“My 2023 resolution is to reevaluate, update, and strengthen our passwords every quarter. We often take password security for granted as something that only needs to be done once, but data shows this is not enough.
Setting the expectation of regularly refreshing passwords can help protect my organization’s intellectual property, customer information, and confidential files. I plan on instilling a quarterly password change policy that will work with other necessary security protocols to safeguard our online presence.”
11. Strengthen the Internal Team
“The best way to maintain and improve my organization’s cybersecurity is to build a strong internal team that works together with outsourced professionals. This approach will ensure that the resources and continuum of expertise needed to help secure our IT environment are available.
With this strategy in place, we can benefit from the guidance of security professionals while also strengthening our abilities to address potential issues quickly and effectively.
It is also important that any changes made will be integrated into our systems correctly and without sacrificing security measures or data integrity valued by our organization.”
Therefore, as I meet my cybersecurity goals for the coming year, building a robust team with internal experts and contracted support will be my top priority.”
12. Take advantage of AI
“Artificial intelligence has proven to be impactful in almost every industry segment, and in 2023, it only makes sense to leverage its advantages in cybersecurity, too.
While the ability of AI tools and platforms to keep learning from their environment proves to be highly impactful in a cyber world that is growing every minute, another advantage these tools offer is sped-up response times.
With real-time reactions that keep security threats at bay and enhanced vulnerability management that quickly secures networks, we have every reason to include AI solutions in our cybersecurity roadmap for 2023.”
13. Use a Software Assurance Maturity Model
While compliance does provide a baseline of security, it doesn’t guarantee it. And so, Software Assurance Maturity Model (SAMM) serves as a valuable tool to improve software security practices for better risk management.
Developed by an open community, OWASP, SAMM provides a set of best practices for assessing the current levels of security maturity and for further enhancement.
“OWASP SAMM helps focus our resources and determine which components of a secure application development program should be prioritized”.
Michael J. Craigue, Information Security & Compliance, Dell, Inc.
14. Conduct Due-Diligence and Research Software Vendors
“I plan to invest in software that is transparent about its cybersecurity precautions and use monitoring tools to detect any security breaches at these third parties. I will also research the software’s security policies and ensure they are up-to-date and compliant with industry standards.
Additionally, I will use monitoring tools to detect suspicious activity and alert me to potential security breaches. I also plan to use third-party vendors to provide proof of their security measures, such as penetration testing and vulnerability scans.”
15. Stay Up-to-Date With the Latest Security Trends
“Cybersecurity is an ever-developing field, and keeping up with the latest trends and threats can seem daunting. It’s important to stay informed and ensure your organization is prepared for potential threats.
To do this, we seek to invest in security solutions that provide real-time monitoring and threat intelligence to help identify vulnerabilities and enable proactive measures.
Additionally, it’s important to keep up with emerging malware or ransomware threats so that appropriate safeguards can be implemented.
That’s why we plan to create a culture of awareness and training around cybersecurity best practices, such as safe browsing habits, password management techniques, and more. This is essential for keeping employees aware of the most current threats and how they can protect the organization.”
Srividhya Karthik, is a Content Lead at Sprinto, she artfully transforms the complex world of compliance into accessible and intriguing reads. Srividhya has half a decade of experience under her belt in the compliance world across frameworks such as SOC 2, ISO 27001, GDPR and more. She is a formidable authority in the domain and guides readers with expertise and clarity.
Grow fearless, evolve into a top 1% CISO
Strategy, tools, and tactics to help you become a better security leader
Found this interesting?
Share it with your friends
Get a wingman for
your next audit.
Schedule a personalized demo and scale business
Sprinto: Your growth superpower
Use Sprinto to centralize security compliance management – so nothing
gets in the way of your moving up and winning big.