With our society’s ever-increasing reliance on technology, personal and business information is nearly always stored on an electronic server or hard drive.
This means the information about businesses, clients, and individual employees is at risk of being stolen by cybercriminals. Every person has a responsibility to maintain safe and secure practices when handling sensitive or private information belonging to themselves and others. If everyone does their part, we can ensure a safer environment for ourselves and our data.
Marty Coolidge, CEH, an IT Security Administrator for Builders Mutual Insurance, provides a few basic tips focused on key areas to help keep information safe from cybercriminals.
Cybersecurity Basic Tips
- Cybercriminals use any number of attack methods – including phishing, social engineering, specific account-related attacks such as brute force attacks, exploitation of network and system vulnerabilities, and so on – to gain access to sensitive information. This sensitive, or non-public information, is known as personally identifiable information, or PII, and it consists of health information, credit card data, social security information, and, in some cases, insurance account numbers. PII could be related to you personally or to another individual or company. The risk of this information falling into the wrong hands is high when PII is shared electronically. You should refrain from sending PII via unsecure or unencrypted means. Personal data is meant to remain private. Keep it that way.
- Phishing: The vast majority of cyberattacks occur through email scams known as “phishing,” and these emails have been proven to be very convincing. Phishing emails use very crafty, deceptive techniques that attempt to trick the recipient into giving up specific information, including PII. If you receive an email that you were not expecting, especially from a source you aren’t familiar with, you should automatically be suspicious. If that email contains a link, hover your cursor over the link (without clicking on the link) to verify the address is what it states. If the link points to an address that you aren’t familiar with, google it without the .com or .net, etc. Remember, it’s always best to confirm with the sender if you weren’t expecting an email or if the contents seem to be a bit unusual.
- Associated attachments: Another way your system could get infected is through associated attachments. Save an attachment (without opening) and scan it for viruses after confirming with the sender that the email is legitimate. This will decrease your chances of a system infection.
- Account passwords: According to the 2018 Data Breach Investigation by Verizon Wireless, 63% of data breaches are the result of password insecurity. This could involve anything from a weak password to a stolen one.
- A simple way to decrease your exposure to attacks is to make sure you don’t use the same passwords for your various work and personal accounts. Even better, if the option exists to utilize multifactor authentication (also known as two-factor authentication, or 2FA), you should go that route. Multifactor authentication adds an additional step (such as a fingerprint scan, a pin, or a security code sent to your phone) as verification for the login process, which ultimately makes it nearly impossible for an attacker to infiltrate your system or device.
- Using strong passwords should be your first step in moving toward a secure space for your data and personal information. Passwords that include symbols, numbers, uppercase letters, and lowercase letters are strong. Complex passwords are often difficult to remember, which is why it’s best to use a passphrase, a long sequence of words. As a general rule, use 15 or more characters, because the longer the phrase is, the more difficult it will be to crack. Also, don’t be afraid to use the spacebar
- Device updates: Performing regular updates on your device(s) is imperative to ensuring a secure environment for your data. Failure to patch critical system vulnerabilities and update software has led to major data breaches. Most devices can be set to perform automatic updates that require little to no effort from the user. This is a simple yet effective way to keep your information secure. Update everything on a regular basis.
- Secure networks: Telecommuting has grown more popular in recent years as it has become easier for employees to work from their homes or from public workspaces. As part of working remotely, employees often must access public Wi-Fi networks and hotspots. Although these locations are convenient, they can be dangerous because there is normally no security control configured into these public access points and routers. This creates basically a buffet for cybercriminals. It’s quite simple to access devices through these unsecure networks, potentially allowing the theft of personal information.
- If your business uses a virtual private network, commonly called a VPN, you should always connect to it when working remotely. This will encrypt your data, making it difficult for others to access. If you do not have VPN availability, be cautious when you connect to public Wi-Fi networks. Make sure you are always connected to secure Wi-Fi.
- This includes the Wi-Fi network in your home. Always use complex and long passwords (or passphrases), strong encryption, and security controls for home routers. Have a guest Wi-Fi network that has more security controls or firewall rules in place (filtering adult content, downloads, and any site not suitable for children) for home guests and children to use. This will decrease the likelihood of cybercriminals accessing your information.
- Suspicious activity: If you suspect potential malicious behavior, or if your device has been lost or stolen, communicating quickly with your service provider will help safeguard sensitive, non-public data. Some measures may already be in place to lock or even track down your device.
Cybersecurity is an important aspect of safe business practices and is growing in importance each day as technology becomes a larger part of business structures. While there are specific processes, technologies, and other methods implemented by cybersecurity professionals, the unfortunate fact remains that the weakest link in any network is created by human error. Most of the time, these errors are completely inadvertent with no malicious intent. This is why user education, awareness training, and simply being “cybersecure” are vital to all organizations.
Here are a few resources you can use to help create a cybersecurity strategy for your business:
Though these tips will assist in increasing the awareness of some cyberattack methods and showing the importance of maintaining proper security of data, they are not a complete guide to being completely secure. Always contact your local IT professionals regarding any efforts associated with creating a secure architecture for your network.