In recognition of National Cybersecurity Awareness Month, Weaver is launching our Cyber Fundamentals series. Throughout the month of October, we’ll be sharing content that will give you a basic understanding of cybersecurity and the key information you need to be aware, prepared and protected. This is the second post in the series.
These days, we’re all cyber—and we must all help keep our organizations’ information safe. Staying safe requires more than changing your password every three months. Technology can help, of course, but every organization’s security heavily relies on the human factor. With a few simple tips and techniques, even non-IT specialists can help combat potential threats and increase overall protection.
Create strong passwords
You know the advice for creating strong passwords—make them long and complex and use special characters. Unfortunately, many of us still create easy-to-hack passwords. Hackers know our tricks: They know that a dollar sign is a replacement for the letter “S”; they know that we use the same passwords on multiple sites; and they certainly know how to find our mother’s maiden name.
How should you approach passwords?
First, understand how to store them safely. We all have too many passwords to memorize, and a sticky note on your laptop or under your keyboard (yes others know this trick) is asking for trouble. Instead, use a reliable, secure password manager that requires two-factor authentication to access.
Next, think about what websites store your passwords. It can be tempting to use the “save login” feature, but don’t; in fact, disable that option in your browser. Those few extra seconds can be the difference between a stolen identity and a protected one.
Finally, don’t reuse passwords across accounts. If you must share passwords, use a tiered approach, with the strongest passwords on the most important accounts. If your library account is discovered, you don’t want the hacker to have the password for your bank accounts. Your bank, social media and e-mail accounts should all have unique, long passwords that are changed often.
Steer clear of phishing attempts
If you receive an e-mail asking for sensitive information, be suspicious. Some phishing attempts are easy to spot, with odd syntax, a suspicious sender domain (@irs.com versus @irs.gov) or false urgency (“do this, or else!”). Others require some sleuthing. Hover over the hyperlinks in the e-mail – where would those links take you? Were you expecting to receive an attachment from this sender? Does a quick search of the company’s name raise any red flags? If something doesn’t pass the smell test, report it. It is far easier to take more time to analyze an e-mail and get help investigating rather than clicking a malicious link and letting the proverbial worms out of the can.
Phishing scams can also happen over the phone. If you were not expecting the call, don’t share identifying information. Instead, verify the caller by:
- Asking for details they should know
Your car insurer should know what type of car you drive.
- Searching the internet for their phone number
Is it listed with the organization they claim to be calling from?
- Calling the company back using its published contact number
If someone claims to be calling from your credit card company, asking for personal information, hang up and call them back at the number on the back of your card.
Beef up your wireless networks
At home or in a small business, use strong encryption on your wireless router. The original security standard, WEP, can no longer hold its own; use WPA2 instead. Also consider segmenting your network for personal and guest use. The wi-fi password you provide to your guests will be distinct from the one you use all while using your existing hardware, which helps keep sensitive logins secure.
While traveling, be even more careful. In fact, you should consider all public wi-fi to be compromised and unsafe to use with sensitive information. (No shopping or banking, for instance.) If you need to access sensitive accounts while traveling, set up a VPN (virtual private network) to encrypt your traffic. A VPN is fairly easy to set up; if your company doesn’t automatically create one, look for a reliable app.
Back up your information
Be prepared for the fallout if your information is compromised. Frequently back up your most sensitive information so you can recover it, and make sure the backup is saved on a different server in a different location. It’s best to schedule your backups on an automated schedule. Make the process as simple and straightforward as possible, so you won’t have any excuses.
Once your system is in place, test it — don’t let the first test run be during a live incident. You may discover that some of your response plan fails without access to the original system, you may have lost key login information, or need to update contact information for involved personnel. Test, improve and test some more.
Be conscious of threats and continue learning
No one in the modern business world is immune from cyber threats — we’re all connected, and we’re all vulnerable. The good news is that you’re probably savvier about cybersecurity than you realized. Everyday solutions are easy to make part of your routine, and they are essential as threats multiply. Prepare yourself, so when the next cyber attack hits the news, you’ll be confident in your proactive security plan.
To learn more about cybersecurity best practices and how you can protect your organization, download our cybersecurity resource kit.