This Week In Nerd News (TWINN) – January 2, 2023

TWINN #105 SME New Year’s Resolutions
Happy New Year 2023! I am doing something a little different today from most Monday mornings. Instead of sharing doom and gloom cyber security stories, of which there are plenty, mind you, I thought to share some potential New Year’s Resolutions for small to medium enterprises, and if you can checkmark all 5 of these, then you’re well on your way from a cyber security point of view!

Let’s jump right in.

New Years Resolutions for Small & Medium Enterprises

1. 1. Use a Password manager. Password management isn’t going away despite the bad year at LastPass. 1password, for example, has stood the test of time; it’s made in Canada and has proven resilience beyond any other tool we’ve seen. It handles passwords and has a built-in token feature for services that support one-time tokens. To make it reasonably affordable, there are Teams and Family plans available.

1. 1. MFA everything. If an online or internal service supports multi-factor authentication, use it. With proper password management, it does make it extremely elegant. 1password, for example, can auto-complete your MFA tokens for you, and you don’t need to open up your authenticator app.

1. 1. Disable unnecessary accounts and access. Disable old email accounts, any rarely-used services, computer accounts, and server accounts for people no longer at the company, and then follow it up with an official offboarding process that is as detail-oriented as the onboarding process. If you offer any API keys to integration points, those need to be reviewed.

1. 1. 3-2-1 Rule for Data Backups. Three copies of your data are on two different media, and one is off-site. It is simple to understand, and its value will be clear in your future incident response project.

1. 1. Zero Trust connectivity. When your thermostat is hijacked, make sure it cannot do any damage. Even advanced persistent threats cannot reach their Command and Control infrastructure when a network is properly segmented and egress controlled using automated, AI-driven Zero Trust connectivity. Furthermore, it is the only way to kill all phishing links from ever working.

Suppose you can put a checkmark across these five New Year’s resolutions. In that case, you’re well on your way to focusing on building the more exciting aspects of your business: growing your topline, growing your bottom line, maintaining a leading-edge status, and helping your family!

Did you know?

I didn’t mention endpoint security in the above list because you already have that, right? Right?