The Internet has greatly transformed our everyday lives in many ways. However, as this vast network and the emergence of our interaction with everyday technologies grow, so do security threats and attacks. The best way to effectively combat and protect yourself from is to have cyber security practices in place. Failure to do so could result in the business being out of business. Here are a few important practices that can be done to ensure that your business is protected at the highest level.
Password Improvement/Management
Passwords are at the forefront of the cyber security defense. Everyday, accounts are at risk and can be breached due to weak/common passwords. By having strong and unique passwords, it will be a good layer of protection.
What makes a strong password:
- Create passwords as complex and as long as you can (10 character minimum)
- Passwords that are not similar to a previous one or have common words in them
- Upper-case letters (A-Z)
- Lower-case letters (a-z)
- Numbers (0-9)
- Special Characters (!,@,#,$,etc.)
A good rule of thumb, passwords should be changed every 90 days in order to be secure.
For an extra layer of protection, you can also set up multi-factor authentication (MFA) if possible, a combination of requiring something you know (password), something you have (mobile device) or simply adding a pin. This way, any unauthorized user will have a hard time gaining access to an account. (Read Jim’s article on two-factor authentication for more on that subject). A password manager is also a great investment if MFA is difficult to set up and maintain. (Leigh blogged about this; you should read her article, too.)
Phishing Tips
Phishing is a scam that lures users in an attempt to steal their personal information - such as passwords, bank account info and credit card numbers. They are usually poorly written and clearly false; sometimes phishing emails have malicious files attached or contain weird web links. Contact can even be done via a phone call or text messages as well. To the untrained eyes and ears, this can really take advantage of an individual and/or business and make them fall victim to it.
What to look out for:
- Look for websites that have “https” at the beginning of the internet address or a padlock icon to identify the website as secure. If neither of these show, the website may not be legit
- Check the suspicious web links by hovering over it—if the link does not match the sender, do not click
- Too many grammar mistakes? Wording may not sound right? Skip on clicking it
- Someone calling or texting urging you to provide financial info or private details? Hang up or delete the message. Keep in mind no institution will ask for this; contact your technical department immediately
By having a proactive approach, you can reduce the risk of phishing attacks that can occur.
System Maintenance
If your systems are running an older OS, you should plan to make an upgrade with all the updates as soon as possible. It is highly recommended that any system connected to the internet should be hardened quite frequently. In addition, your software applications should also be updated so that they do not have any vulnerabilities. By having these up to date, you can easily avoid security threats.
What you can do:
- Have your system upgraded to the latest OS. Have your technical Dept help if you need it
- Update any older browsers and software applications to the latest version
- If you have anti-virus software, run weekly scans
- Run weekly updates and/or patches for your systems
Training your team
Educating your team on how to identify and defend against these security threats and attacks will ultimately be the difference between your team being compromised or not. Most times human error can cause the most damage. One of the best things you can set up for your team is a security awareness program.
Here’s what you can do:
- Teach team how to identify security risks and threats vs human error
- Ensure that mandatory training is provided to all teams at least twice in the calendar year
- Ensure that everyone on your team understands to focus on themselves rather than just the security of business; that this can happen to them too and how to protect themselves and others
- Create in-house security policies for your team
Tactile hopes that these baseline practices help get you and your team prepared for cyber security. Stay informed and stay safe!
#BeCyberSmart
#CyberSmart