October is National Cyber Security Awareness Month (NCSAM), and there’s no better time to discuss the importance of cyber security for your team.
That’s right; cyber security isn’t just for your IT manager or company executives to worry about—cyber security is a team sport.
Hardly a day goes by that we don’t see another high-profile security breach breaking in the news. And the truth is that most of the time, these breaches could have been avoided with some basic anti-hacking protocols in place, along with a little employee education on web safety best practices.
From LinkedIn and Dropbox to Yahoo and Ashley Madison, no company is too big to fall for a well-timed hack. How can your team protect themselves? Follow these tips, and you’ll reduce your risk significantly.
Don’t use the same password for everything.
Over the years, you’ve probably made dozens of accounts. Some you still use, many you’re no longer active on. If you’ve been using the same password for every account since high school, it’s probably time to mix things up. The second you get hacked on any one of these accounts, all a hacker has to do is use the same credentials to login to a few popular websites to see if you have an account, giving them access to your email, social media, banking information, and more.
I know; who can memorize 50 different passwords of jumbled letters, numbers, and characters? No one. Except maybe this guy. But luckily, you don’t need to.
Password management services like LastPass or Dashlane will not only keep track of all of your passwords but also generate highly-secure passwords each time you set up a new account online. This means you only really have to remember one password: the one to get into your password management service.
Create strong passwords, and change them regularly.
According to data compiled by Bloomberg, it only takes 10 minutes for a hacker to crack a six-character password that’s all lowercase letters. Add uppercase letters and some symbols, and you’ve extended that time to 18 days. Extend your password to 9 characters, and it would take over a lifetime for a hackers computer to guess the right answer.
Remember, all it takes is that one guy who still uses “password1234” to ruin things for everyone. Don’t be that guy.
Start with strong passwords, and change them every few months. A strong password should:
- consist of at least nine characters
- contain a combination of letters, numbers, and symbols
- combine uppercase and lowercase letters
- not match any previous passwords.
Use authentication systems.
Nowadays, we need to go beyond just usernames and passwords when logging into our accounts online. According to data compiled by the White House, as many as 62% of successful data breaches could have been prevented with the use of authentication systems such as biometrics or dual-factor authentication.
For every account that allows it, make sure to set up dual-factor authentication. Also, add a backup email and phone number, so if a hack does occur, you can regain access to your account as quickly as possible.
Keep all software up to date.
Any device connected to the Internet is inherently vulnerable. Update your operating system and computer software as soon as new updates are released. This will ensure that you have the best protection available against any discovered weaknesses the company operating the product/service may have found.
Be smart about email.
It seems like people should know how to use email safely by now, but many of us still fall for some pretty basic tricks.
First, don’t click on any links or attachments unless you recognize the sender. Even then, don’t click links directly in your email. Instead, copy/paste the URL into your browser. This will prevent any involuntarily redirects to unsafe websites.
Hackers usually start out with common techniques such as phishing/spear phishing targeting employees, partners, contractors, or even customers in an effort to gain access to the system. If you see an email or text from an otherwise trusted source (like Apple or Google) asking for your username or password, take this as a red flag, and don’t oblige. And if you’re ever unsure about an email, contact the real company directly. The extra effort could save you and your place of employment a lot of time and money.
Always encrypt data, including on-premise, in the cloud, and via email.
Using encryption can help to prevent some of the most common types of security breaches. Encryption provides an extra layer of protection that makes it unreadable to anyone without the encryption key.
Create strict access policies.
Employees should only have access to the systems and data they need when they need them. Protocols should be put in place to grant and revoke access in a timely manner. It’s far too easy for employees to compromise data accidentally. Cached copies of sensitive information get saved to their personal workstations, important files get moved or deleted, and people end up emailing something they shouldn’t have. Plus, the fewer people that have access, the easier it is to pinpoint a breach.
Your sys admin should create and enforces a strict access policy, and make folders inaccessible by default until the employee requests and is approved permission. While this may not be the most convenient solution for your employees, it’s worth the hassle to avoid an enterprise data security breach.
Avoid public computers and wi-fi.
Hotels, airports, libraries, etc. offer public computers for people to use on the go, and coffee shops, bars, and restaurants are increasingly offering wi-fi to patrons. Unfortunately, when you sign into a public computer or wi-fi network, you have no way to know how strictly these things are monitored or what users before you may have done to compromise the system.
Hold off on checking your work email until you get to a protected device and network. And especially avoid open wi-fi, where your data undergoes no encryption whatsoever before sending. Your username/password can easily be “sniffed” by anyone else using the same access point.
Keep track of all on-premise visitors.
Another common hacking method is social engineering in which hackers dress up like maintenance persons, guests, or visitors, slip past your front desk, and plug a thumb drive into an empty workstation.
Make sure you establish protocols for allowing visitors, clients, interviewees, and maintenance crews in and out of your building. Make sure each guest is checked in, verified, and kept in a designated reception area with a receptionist or office manager watching nearby until they are met by the appropriate employee.
Pay attention to breaches in the news.
When you hear that there’s been a security breach of LinkedIn or Dropbox and you know you own an account with them, be sure to log in and change your password immediately. Notify your IT administrator if you’ve been accessing the account on your company computer to ensure they are aware of any potential threat to security.
Once a hack occurs, there’s no telling how much damage it will do. The best tactic when dealing with the potential of cyber threats is a good defense. Put safety plans in place, update them regularly, and keep your employees educated about web best practices. It takes a village to keep your company’s data secure.