12 Cybersecurity Essentials: Build a Secure Foundation for Your Business

Pete Hoff

October is Cybersecurity Awareness Month, a global effort to raise awareness about online safety and empower individuals and businesses to protect themselves. In the spirit of this initiative, and building on the momentum of our recent “Google Security Basics: Establishing a Strong Foundation” webinar, we’re sharing 12 essential actions you can take to bolster your cybersecurity. With data breaches costing companies an average of $4.45 million, and a staggering 88% stemming from internal errors, implementing these proactive measures is no longer a choice, but a necessity.

Let’s get started with 12 ways to enhance your cybersecurity:

1. Implement Strong Passwords & Multi-Factor Authentication (MFA)

Action: Upgrade your password practices!  Memorable passphrases (like “CyberMonth2024 SecureNow”) are actually more secure than complex passwords with symbols and numbers.

Why this matters: Strong passwords are the first line of defense against unauthorized access. Weak or reused passwords are easily cracked by hackers.   

How to do it:

  • Use passphrases with multiple words and over 12 characters.
  • Set up MFA for all users and choose authentication methods beyond just text messages (e.g., authenticator apps).
  • Consider Google Passkeys (still in beta), which will use biometrics like facial recognition for simpler, passwordless logins.

During our webinar, we highlighted that many organizations struggle with enforcing strong password practices, even though Google provides the tools to make it easy. By combining Google’s security features with clear communication and awareness initiatives, you can significantly improve your password security.

2. Enforce Least Privilege Access

Action: Don’t give everyone the keys to the kingdom! Grant users only the permissions they need to do their jobs.

Why this matters: Limiting access reduces the risk of unauthorized data access or system changes, even if an account is compromised. 

How to do it in the Google Workspace Admin console:

  • Go to the Admin console > Users.
  • Select a user and click on Account.
  • Under “Admin roles and privileges,” assign roles based on their job responsibilities.   
  • Regularly review user permissions and revoke any unnecessary access.

3. Disable Link Sharing for Files

Action: Control the flow of sensitive information by disabling the “share with a link” option for file sharing.

Why this matters: Sharing files via links can lead to unintended access and data leaks.   

How to do it in the Google Workspace Admin console:

  • Go to Apps > Google Workspace > Drive and Docs.   
  • Click Sharing settings.
  • Under “Sharing outside your organization,” set the sharing options to restrict link sharing or require explicit permission for each user.

4. Configure Secure Email

Action: Properly configured, Google Workspace is 99% effective at stopping email threats, spam, and phishing.

Why this matters: Email is a primary attack vector for cybercriminals. A strong email security configuration is crucial to protect against phishing, malware, and other threats.

How to do it in the Google Workspace Admin console:

  • Go to Apps > Google Workspace > Gmail > Spam, phishing, and malware.
  • Configure settings for:
    • Spam: Adjust spam filter settings, create allow/block lists, and customize spam handling.
    • Phishing: Enable phishing protections, including spoofing and impersonation detection.
    • Malware: Enable malware scanning and attachment blocking.
  • Consider advanced security features like email encryption and data loss prevention (DLP) rules under Security > Advanced security.

5. Secure Browsing with Chrome Enterprise

Action: Your browser is your gateway to the internet.  Chrome Enterprise has built-in security features to protect you.   

Why this matters: Browsing the web exposes users to various threats, including malicious websites, drive-by downloads, and browser extensions.

Key features:

  • Google Safe Browsing: Protects billions of devices by using machine learning to identify malicious sites, files, and extensions.   
  • Enhanced Safe Browsing: Gives users 20-35% extra protection against phishing attacks.   

6. Customize Chrome Policies

Action:  Take control of your browser security! Chrome Browser Cloud Management lets you customize over 900 policies.

Why this matters: Custom policies allow you to enforce security settings and control user behavior within the browser.

How to do it:

  • Manage browser updates to ensure users are running the latest secure versions.   
  • Control user access to specific websites and extensions.
  • Block unsafe downloads and websites.

7. Integrate Your Security Tools

Action:  Don’t rely on a single solution. Combine Google’s platform with specialized security solutions.

Why this matters: A layered security approach provides more comprehensive protection. Integrating different tools creates a stronger defense.   

How to do it:

  • Work with security partners like Wursta to identify and implement complementary solutions.
  • Ensure your security tools can share information and work together seamlessly.

8. Build a Security-Aware Culture

(Presented by KnowBe4)

Action:  Your employees are your first line of defense.  Create a security-conscious culture.

Why this matters: Human error is a major cause of security breaches. A strong security culture empowers employees to make smart decisions and identify threats.   

How to do it:

  • Assess your current culture: Understand how your employees think about security through surveys and assessments.
  • Use attack simulations: Run phishing simulations to identify vulnerabilities and provide just-in-time training.
  • Communicate and reinforce: Regularly remind employees about security best practices through newsletters, posters, and training sessions.   

KnowBe4’s Joanna Huisman highlighted the importance of this in our webinar. 

With cybercrime on the rise, it’s crucial to recognize that human factors like errors or susceptibility to social engineering can significantly increase security risks. That’s why it’s essential to understand your organization’s vulnerability to phishing. To learn more about how your industry fares in terms of phishing susceptibility check out KnowBe4’s Phishing by Industry Benchmarking Report.

9. Be a Human Firewall

Action:  Everyone has a role to play in cybersecurity. Be vigilant and follow security best practices.

Why this matters: Cybersecurity is a shared responsibility. By being aware of potential threats and following security guidelines, everyone can contribute to a safer environment.

How to be more security-aware:

  • Never make assumptions: Verify requests and information before taking action.
  • Stay alert: Pay attention to suspicious emails, websites, or activity.
  • Think critically: Don’t click on links or open attachments from unknown senders.
  • Report anything suspicious: Immediately report any security incidents or concerns.
  • Always follow security policies: Adhering to policies is crucial for maintaining a strong security posture.   

10. Secure Data in the Cloud

(Presented by Virtru)

Action:  Protect your data, even if your defenses fail.  Use tools like Virtru to secure data in the cloud.

Why this matters: Data breaches can happen despite your best efforts. Protecting the data itself with encryption and access control limits the damage in case of a breach.

How Virtru helps:

  • Encryption: Encrypts data so only authorized users can access it.   
  • Access control: Provides granular control over who can access data and for how long.
  • Data loss prevention: Helps prevent sensitive data from leaving your organization.   

Virtru’s Tony Rosales spoke about this in our webinar, emphasizing that even with strong perimeter defenses, data can still be at risk. He highlighted the need to shift from a purely defensive mindset to one that also prioritizes protecting the data itself. This means that even if an attacker breaches your outer defenses, they won’t be able to easily access or exfiltrate sensitive information.

11. Leverage Wursta’s 3C Security Framework

Action:  Implement a comprehensive security strategy with Wursta’s 3C Security Framework.

Why this matters: A structured framework helps you identify risks, develop a plan, and strengthen your defenses.   

Wursta’s 3Cs:

  • Clarity: Identify hidden risks through assessments and analysis.
  • Control: Develop a strategic security roadmap to address vulnerabilities and improve security posture.   
  • Confidence: Strengthen your defenses with the right tools, policies, and training.

12. Get Expert Support

Action:  Don’t go it alone!  Seek expert guidance to improve your cybersecurity.

Why this matters: Cybersecurity can be complex. Expert advice can help you navigate challenges, implement best practices, and optimize your security strategy.

How Wursta can help:

  • Security Health Check: Identify vulnerabilities and areas for improvement.   
  • Virtual CISO (Chief Information Security Officer) support: Provides expert guidance and leadership on cybersecurity matters.   

We’re here to help you navigate the complexities of cybersecurity. Contact us to learn more about how we can support your security journey.