I sound like a broken record some days: security, security, security. Despite our increased awareness of the ever-growing number of cyber threats each one of us face when we turn on our internet connected devices, I continue to be surprised by the number of people that do not take basic steps towards protecting themselves (and their companies) online.
Perhaps the sheer number of spam emails, social media scams, and malware infested banner ads inundating our employees has made them feel so overwhelmed they simply ignore the threats. Others may incorrectly think they aren’t a target because they work in a small town, or for a small company, or in a role that that does not have a high degree of visibility or influence. Apathy by just one single employee in your company puts your entire business at risk. Resolve to improve cybersecurity in your business this new year by making cybersecurity part of your culture. Here are 5 tips to get you started.
1. Require Sophisticated Passwords or Passphrases.
Require sophisticated passwords be used on all devices and all accounts. Better yet, aim for the use of passphrases. A passphrase is simply a lengthy password that is easy to remember, easy to type, and naturally complex.
When choosing a passphrase, avoid the use of:
- Your name in any form or any abbreviations
- Your username or any abbreviated form
- The name of close relatives or pets
- Birth dates or anniversaries
- Well known phrases or famous quotes
- Important numbers such as license plates, SSN, etc.
Choosing a passphrase is not as difficult as you might imagine. Here’s an example:
- Select a phrase: Today will be the best day ever
- Convert it to a passphrase: Todaywillbethebestdayever
- At a minimum, substitute letters with random numbers and/or characters: Tod@ywillbethebestday3ver
- For added security, make it stronger by adding complexity (e.g. First two characters with a number): Towibethbeda3v
2. Enable Two Factor Authentication (2FA).
Two factor authentication (2FA) provides an added layer of protection for your accounts. 2FA requires a second piece of information be provided in addition to your password before access to your account is granted. Examples of 2FA include answering a security question or entering a verification code that is sent to your mobile device or email address. Many companies provide 2FA for users: Google, Microsoft, Facebook, LinkedIn, and Amazon, for example. If 2FA is available to you, enable it. Look for advanced security settings within your online account profile settings or contact your online service providers to determine if 2FA is available and how to enable it.
3. Be Careful with Public WiFi.
Who doesn’t love free WiFi? With so many of us working remotely or while traveling, public WiFi networks are convenient and keeps us productive. Taking advantage of public WiFi comes with risks. Hackers can exploit weaknesses in public WiFi networks to distribute malicious software that can be silently installed on your computer. Sniffers can intercept network traffic giving other people access to all information you transmit while connected to the public network. To minimize your risk of a security incident, use a Virtual Private Network (VPN) secure the connection between your computer and the public WiFi network. If you are going to use public WiFi without a VPN, keep your activity to a minimum. Do not conduct any activity that might compromise your sensitive information like online shopping or banking.
4. Maintain Your Systems.
Do not neglect basic PC hygiene. Keep your antivirus and antimalware software current. Make sure your operating system, web browser, and software applications are updated as new patches and versions are released. Software developers issue updates not simply to add functionality. These updates also address vulnerabilities that can be exploited by hackers looking to attack your systems.
Be aware of the applications you install on your mobile devices. Research apps to determine if they are safe before downloading them. Be mindful of what information you are allowing the app to access before accepting terms and permissions.
5. Train Your Staff.
Your employees are the single weakest link in the security of your business. It’s imperative that you train staff to be aware of online security risks so that they become better informed about the consequences of their actions online.
Review your company’s acceptable use policy as part of your new employee onboarding process. Educate your employees about best practices with regard to internet safety and security. Include training about email scams and phishing attacks. Also, teach your employees what types of information you deem to be sensitive and how to properly handle the disclosure of that sensitive business information to others.
The National Cyber Security Alliance offers free resources to get you started with your training. Access their materials at www.staysafeonline.org.