As the circumstances surrounding WannaCry, Petya/Goldeneye, the Shadow Brokersand exposed voters' records have shown, cybersecurity eventscontinue to cripple companies no matter their size or industry.

Related: 5 big cybersecurity lessons to learn from theEquifax data breach

Although cybersecurity is both broad and complex, some bestpractices can help prevent hackers from successfully infiltratingyour customers' operations. A mature cybersecurity program relieson a layered security approach — meaning that no single control isthe only source of protection for a corporate asset. Three controlsthat make up a layered security approach are secure passwordpractices, multi-factor authentication and security awarenesstraining.

Secure password practices

For many people, it's difficult to remember unique, complexpasswords for every website — a complicationthat leads to password reuse. Unfortunately, cyber criminalsrecognize this as a normal occurrence. When your credentials arecompromised on one site, they will take that username and passwordand try it other places, with success.

As a solution, use a password manager tool. These services askyou to remember one master password and, through a browserextension, will automatically log you in to all of the websites youvisit using a longer, more complex password that you don't need toknow. What's the advantage? If a company, such as your bank, iscompromised, the stolen password only allows access to your bankand nowhere else.

Related: 3 wise cybersecurity solutions for2017

Steps to multi-factor authentication

Multi-factor (or two-factor) authentication (MFA or 2FA) is morestraightforward than how it may initially seem. MFA is acombination of two of these three factors:

1. |
   1. |
      1. |
         1. |
            1. Something you know: a piece of informationthat you have memorized, such as a password.
            2. Something you have: Historically, this wasa physical token that displays a 6-digit number, whichchanged every 30 seconds. Today, this method uses app on a user'ssmartphone. In either case, it is not necessary for the owner tomemorize the multi-digit code, provided that they have the deviceor app with them when logging in.
            3. Something you are: biometrics, such as asmartphone's built-in fingerprint reader.

It can be difficult for many people to remember unique,complex passwords for every website. (Photo: iStock)

When MFA is used, it becomes much more difficult for an attackerto gain unauthorized access to an account. Not only would he or sheneed to steal your password, but the criminal would also need tophysically steal, or hack into, your token device or biometricdata, both of which are far more difficult tasks. An additionalbest practice is to use MFA on all remote connectivity, and for anyactivity requiring administrator-level access.

Creating security awareness

Your customers can be their companies' strongest security assetsor weakest links. Employees who click on malicious links and openattachments can easily bypass other cyber protections. Phishingattacks, situations in which an employee receives alegitimate-appearing, but actually malicious email, are one of thetop causes of data breaches.

Related: Uncoveringsilent cyber risk

Ten years ago, phishing attacks came from a "Nigerian prince"and were easy to identify. These days, attacks are much moresophisticated and are timed with current events, such as businesstransactions or the April 15 tax day. Attackers also will take timeto create "spear phishing" attacks, in which a specific person orcompany is targeted. Spear phishing uses information from a user's LinkedIn page or other social mediaaccounts to appear plausible.

Your customers should regularly conduct security awarenesstraining for employees. Training should include regularcommunications on current security events and in-house phishingcampaigns performed on a frequent basis. The in-house campaignstest employees with seemingly realistic phishing emails that,thankfully, are anything but.

Criminals will always be thinking of new ways to attackbusinesses and consumers, which forces businesses to constantlyevolve their cybersecurity practices. It is only through constantvigilance that we can continue to protect ourselves in thisever-escalating environment.

Nick Graf serves as Consulting Director ofInformation Security for CNA's Risk Control unit. He can be reachedby sending email to [email protected].

See also:

What to expect: the cyber liability insuranceapplication process

5 trends and factors that continue to impactcybersecurity in 2017