Here’s what you can do today to better your security posture FREE
1. Protect your data all the time
With the record number of ransomware hits this year and companies closing their doors because of catastrophic data loss impact, one should be backing up critical data regularly. It might sound like tautology and it may seem like a hassle, but everyone should be doing it. No exceptions!
It’s easy to take the posture that you won’t ever lose your data because you’re careful and have reliable staff. You could not be more wrong. What would you do if you were suddenly a victim of ransomware attack? It’s a matter of when not if.
Surprisingly, too few small businesses have backup and business continuity plans in place. Even fewer verify and test their backup validity on regular basis. Even if you don’t a budget for a true business continuity solution today, there are many cloud-based backup solution available to SMBs, like Backblaze, Carbonite, SOS Online Backup, Sugar Sync to name a few.
Keep in mind that just having a backup in place isn’t enough, so be sure to test your backup system to regularly verify it is backing up critical data and that it can be restored when needed.
2. Use strong passwords and security codes
Per recent studies, many security breaches nowadays are carried out with help of brute force software, which utilizes dictionaries to guesses every combination of letter, numbers, and characters possible. In theory, every password is breakable and it’s only a matter of time when it can be cracked.
Here’s a scary stat for you: 9 out of 10 login attempts to your account aren’t done by you and rouge actors keep refining their methods to guess the credentials to your account. Making your passwords strong and changing them regularly is the very thing you can implement today to protect access to your accounts from cybercriminals. Use strong passwords and make a habit of changing them periodically. It may sound like hassle but it’s not all that hard.
A few tips for making a strong password
- Combine capital letters, numbers and special characters
- Utilize mnemonics to remember complex passwords. Here’s how
- Use password manager software like KeePass to make safer and it easier
- Don’t use dictionary words, personal information as part of password
3. Do not share more info than you have to
With the omnipresent social media channels today people tend to share way too much personal information online.
Social engineering is one of the most powerful tools cyber criminals have been exploiting to steal or compromise our data. Humans are social and tend to let their guard down by sharing personal information that should not be shared online to begin with i.e. birth dates, names of relatives or pets, etc. These very elements can lead hackers to uncovering usernames and passwords or secret codes and ultimately compromise your account access.
4. Keep your antenna up when opening email
Be very vigilant when surfing the web and reviewing emails. It is common for attackers to send phishing emails in which they create links and buttons to authentic looking sites. Usually, the victim will be required to login. If they do so, their credentials will be in the hands of the attacker. One commonly known attack of this kind is the Google Docs Phishing Attack. An attacker will send the victim a link to a Google document and asks them to open it. When the victim does, it’s usually all over.
Here’s a few pointers and examples to avoid falling victim to a phishing attack:
Examine the URLs embedded in email closely. Attackers like to use URLs that are so similar to the real one that the victim doesn’t notice that it’s not. A hypothetical example would be that you get an email from email@example.com (instead of firstname.lastname@example.org )
An email contains external links and prompts user to click them. This is a big giveaway. Be cautious of links in emails. If you not sure, consult with your IT support personnel before clicking.
Do not fall for CEO spear phishing schemes. Always talk to or call your superiors directly before carrying out “their” unusual email requests, specially when it comes to moving money.
The message appears to be from a government agency, i.e. IRS. Phishing attackers tend to play on human weaknesses. One that they try to play on is a sense of intimidation. The attackers will send a message appearing to be from the FBI or the IRS, for an example, stating that you are going to be arrested because you owe money and need to pay. They may even have legitimate information about you such as your address, relatives, etc.
5. Stay vigilant when surfing the Internet
Cybercriminals continue to use the fascination of consumers with celebrity culture to drive unsuspecting users to potentially malicious websites that can be used to install malware, steal personal information and even passwords,” read a statement from McAfee, whose list also includes data regarding the chances that a search for one of these celebrities will arrive at a suspicious site.
McAfee has released its annual report on the most dangerous celebrities to search for online, with singer Avril Lavigne topping the list. The report, which “reveals which celebrities generate the riskiest search results that could potentially expose their fans to malicious websites”
It’s imperative users exercise caution, common sense and consider the risks associated with browsing the web. Thinking before clicking goes a long way to stay safe online.
6. Educate your staff about data security and promote security awareness
With all the fancy technological security measures in place, one of the greatest vulnerabilities and the weakest link continues to be humans. Most people are unaware of the risks of their actions. Hackers are fully aware of and use it to their advantage.
Here are a few things that you can focus on training your employees so that your organization’s network is not compromised.
- Make strong, distinct passwords and protect them
- Delete any suspicious emails, especially those with links or attachments
- Change device default passwords
- Be suspicious of emails, calls, or visitors encouraging action that is outside of the normal procedure
- Exercise caution when connecting to public WI-FI networks