Top Five Best Cybersecurity Best Practices
By Ryan Zatolokin
With so many devices and systems capable of connecting to networks and integrating with each other, cybersecurity today is a critical consideration for every organization. With each device that’s connected to a network representing a potential entry point for hackers, it’s important to ensure that all devices are protected to the highest possible level in order to avoid damaging fallout from a cyberbreach.
There are a number of best practices organizations should follow to ensure the highest level of cybersecurity for their devices and systems, the top five of which are discussed below.
Creating a strong password is a simple thing to do, yet it’s often overlooked in lieu of more complex technologies and practices to protect a system. However, a strong, unique password is not only a great first step in cybersecurity, but it’s the simplest, easiest way to prevent unauthorized access to a system. For the highest level of protection, passwords should have no fewer than eight characters (a mix of upper and lowercase letters, numbers and symbols) and should not include words that would normally be found in a dictionary. Consider using passphrases, such as a made-up sentence, to help remember increasingly complex passwords.
Passwords must also be changed on a regular basis, particularly if several people have access to a system. With contractors, employees who are no longer with the company and others needing access to a system at various times, passwords tend to spread like wildfire. This brings us to a second password management best practice, namely to control who is given passwords in the first place. At the end of the day, a password that provides admin level access should only be given to a very small group of people, who can then issue temporary accounts to anyone who may need to work on a system, for example to configure a video management system or camera. Those accounts can be easily deleted once the work is done.
A second cybersecurity best practice to adopt is to follow manufacturers’ recommendations for how devices should be deployed. Additionally, deployments should also adhere to established IT policies within the organization.
For example, if an IT department doesn’t allow FTP or discovery services on its network, those capabilities need to be disabled. In addition to services that are not permitted under IT policy, disabling any services that are not being used or that aren’t required will reduce the footprint through which someone could compromise a device and, by extension, the overall network.
Updates and Patches
Another simple but often overlooked step in cybersecurity is keeping device firmware and software up to date. Updates provide patches against security threats that may exist, as well as patches for bugs in the software. By updating software regularly, organizations get more secure, more reliable and more efficient systems.
Device patching and updating isn’t something that can simply be applied to one part of the overall system. It needs to be applied to all devices across the network, whether that’s IP cameras, switches, servers, video management system. All of these devices must be regularly updated, but it’s not always necessary to do this immediately when a manufacturer issues a new update because that update may not yet be aligned between the camera, VMS and other manufacturers. Rather, it’s better to create a schedule your organization can adhere to, perhaps monthly, quarterly or twice a year depending on the size of the system, and the available time and resources. All of this must be included in a policy to ensure that updates actually do get applied on a regular and consistent basis.
Secure the Ecosystem
All devices and systems are part of an overall ecosystem, so securing the network and everything that connects to it is another step toward maximizing cybersecurity. This includes software and firmware updates, adhering to manufacturers’ best practices and following IT policies, but it also means regularly switching out devices and software.
If a device or software is no longer supported by a manufacturer, its software can no longer be updated or patched for cybersecurity. From a software perspective, a solution that was purchased five years ago may not be as relevant as modern software that offers certified integration with other devices and systems that the previous version simply wasn’t capable of providing. In these cases, it makes sense to upgrade to solutions that remain fully supported by manufacturers to take advantage of the latest security packages as well as performance enhancements.
Replacing devices with newer technologies offers several advantages in terms of processing power and greater efficiencies in how they store video, for example. Newer devices may provide better compression technologies, faster hard drives, increased hard drive performance, higher storage capacity and more – all of which creates a more effective, efficient and secure ecosystem.
In many cases, particularly with regard to IP cameras, the actual lifecycle of a product will far exceed its economic lifecycle, because of the availability of new and improved features and capabilities available in newer models. Where a camera might typically last 10 to 15 years, it still might make sense to take advantage of those new technologies by switching them out on a regular basis every three to five years, and to develop policies around that practice.
Ongoing Management and Maintenance
Cybersecurity is not a one-time consideration; it’s an ongoing process. Therefore, it’s critical to continually engage in password management, properly deploy devices, apply updates and patches and replace components that may no longer be supported by the manufacturer. It’s also important to look at components that may wear out over time, such as hard drives, workstations, laptops and even IP cameras. All of these practices contribute to a better-functioning system overall.
Having policies in place to support these practices is critical. To meet your organization’s needs, make sure your technology and practices are addressing the cybersecurity threats that exist and determine whether you have the right layers of security in place to mitigate those threats. Like everything else related to cybersecurity, policies can’t be static. They have to be continually evaluated and re-evaluated to determine what changes need to be made to keep them relevant and make sure adequate protection is in place.