Effective data security is critical in our modernized digital world. Preparing today for the threats of tomorrow is an absolute necessity .In our last blog, we discussed why cybersecurity should matter to more than just the IT department: it must matter specifically to the CFO, as he/she is the one accountable to a company for its financial health and best suited to allocate resources toward security. Cyber defense must be prioritized across an entire organization.
There are 7 tips of which cybersecurity experts agree you need to address in order to ensure your data is safe:
1
Keep Software Updated
Make sure all the software solutions you employ are updated regularly. Software companies provide patches for vulnerabilities by releasing updates. Therefore, you will want to make sure that you take advantage of those updates from any software you use, including Chrome, Safari, AirMail, FileZilla, your ERP system, your financial reporting tools, etc.
Remember the huge Equifax data breach in 2017? It impacted the personal information of approximately 147 million people. This data breach was caused by a known vulnerability in a web application. Apparently, the fix for this vulnerability was released two months prior, but Equifax failed to update its software. That’s a hefty price to pay for not staying current with updates.
2
Avoid Phishing Emails
Phishing is a cybercrime in which a target or targets are contacted by email, telephone, or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data, such as personally identifiable information, banking, and credit card details and passwords. The information is then used to access important accounts and can result in identity theft and huge financial loss.90% of all successful computer attacks start with a phishing email. Some common features of phishing emails include:
- Too Good To Be True – Lucrative offers or attention-grabbing statements are designed to get your attention right away. For example, you've won a trip to the Bahamas, the lottery, or some other lavish prize. Do not click on any suspicious emails. Remember, if it seems too good to be true, it likely is.
- Sense Of Urgency – A popular tactic amongst cybercriminals is they ask you to act fast because the amazing deals are only for a limited time. When you come across emails like this, it's best to simply ignore them. Remember, most reliable organizations will never ask customers to update personal details over the Internet. When in doubt, visit the source directly, rather than clicking on a link within an email.
- Hyperlinks – Links aren't always what they appear. If you hover over a link, it will show you the actual URL where you will be directed if you click on it. It could be completely different, or it could be a popular website with a misspelling. So, look carefully.
- Attachments – If you see an attachment within an email you weren't expecting or if it simply doesn't make sense, do not open it. Those links often contain ransomware or other viruses. The only file type that is safe to always open is a .txt file.
- Impersonation – Many emails look like they're from a person or company you know, oftentimes with requests to fill out legitimate forms with personal data. However, if anything looks out of the ordinary, or just plain and simply suspicious in general, do not click on it.
Remember no computer is immune from phishing. And it only takes one mistake of a click to become a victim of a cybercrime.
3
Be Careful Where You Click
As discussed above, best practice is never to click on anything of which you aren't 100% certain is legitimate.
4
Password Management
You can no longer be lazy in creating and using passwords. Some strong password ideas include:
- Use at least 10 characters
- Do not use directly identifiable information
- Use a unique password for each separate account
- Avoid common dictionary words
- Use a phrase
- Use a combination of letters, numbers & symbols
Some weak password examples include:
- March 101977
- P@ssword123
- 123456
- Qwerty
- Welcome1
- Pass
Some additional recommendations to keep in mind as you work toward best practice password management:
- Use a reputable password manager, such as LastPass, KeyPass, etc. to help you keep track of all of your passwords.
- Change your passwords frequently.
- Employ two-factor authentication, also known as a security mechanism that requires two types of credentials for verification. This adds an extra step to any basic log-in password procedure & provides an added layer of security to your online accounts.
5
Don't Leave Devices Unattended
While you may think to yourself that you're only stepping away from your desk for just a minute, anyone can walk into your office during business hours and thereby put your devices and confidential information at risk. Be sure to:
- Lock your screen anytime you leave your computer, even if it's just for a few minutes.
- Treat your devices like you would a wallet or purse containing a lot of money and personal information.
6
Protect Sensitive Data
You must safeguard both your personal and company. Here are some tips for protecting both:
Personal Data:
- Keep sensitive information inaccessible from prying eyes
- Use strong passwords
- Keep security software up to date
- Be careful when storing data on USB drives
- Prepare for disaster by backing up your computer regularly
Company Data:
- Secure database servers
- Backup all vital information
- Limit access to sensitive data
- Use strong passwords
- Keep servers in a secure area
7
Ransomware
This is a type of malware that threatens to publish your data, encrypt your files, and make your system unusable until you pay a ransom to the cybercriminals behind the scam.71% of ransomware attacks in 2018 alone targeted small businesses, with an average ransom demand of $116,000. Back in 2017, Maersk, a Danish shipping company, lost a whopping $378 million to ransomware alone. Not only did they lose a significant amount of money, but they were forced to halt operations, and reinstall their entire infrastructure of 4,000 servers and 45,000 PCs.
This was a wakeup call for Maersk and should serve as one to all of us. Make sure ransomware protection is part of your cybersecurity plan. There are many credible service providers out there that focus on affordable ransomware protection.
Implementing cybersecurity best practices doesn't guarantee your systems and information will be safe 100% of the time. However, it drastically reduces the likelihood and frequency of breaches and infections. No longer can companies exist with just average cybersecurity. It must become an integral part of your competitive advantage.
