It can be scary out there in the digital world. It seems like not a week goes by where we don’t hear about phishing emails, unpatched vulnerabilities, or the latest strain of ransomware exposing the data of millions of people and businesses to the prying eyes of malicious actors.
Every person and every business are potential targets with some of the largest companies in the world susceptible to the same vulnerabilities as the average Joe at their home computer (phishing being a prime example).
But all is not lost as October is National Cybersecurity Awareness Month! What better time to review your cybersecurity practices, discover where you can make improvements, and seize the chance to make positive change? Consider it a fall “spring cleaning” for your digital life and business.
As a Halloween treat for you, we’ve compiled cybersecurity tips from our security savvy in-house experts to help make sure you don’t come across any wicked tricks this October:
Create and Use Strong Passwords
Password strength and best practices was most frequently mentioned by our talented team. With recent reports claiming that nearly half of businesses struggle with password issues – such as password sharing – it’s no surprise that it was at the top of their lists. Beyond not sharing your passwords with anyone and not re-using passwords, here are some other tips:
Use a pass phrase instead of a password and consider using a password manager to generate secure passwords. Change your password to important accounts and don't write passwords in clear text.
– Matthew Butler, Systems Engineer
Use strong passwords and change them regularly. The use of a “strong” password vs. a “weak” password should be a requirement for all companies. A weak password could be the users last name or a pet’s name (such as Smith or Fluffy). Your passwords should change every 90 days at a minimum.
– Rob Backus, Systems Engineer
Using sentences as passwords is hard to guess and easy to remember. If uppercase/numbers/special characters are required, you can simply integrate them into the password.
For example, “iamafanofthegametetris” is a stronger password than “YgN5#t” because the longer your password is, the exponentially harder it is to brute force.
Spelling words incorrectly is good too along with adding numbers and special characters. This would be an even stronger password: “Iamafanofthagaim*45Tetris”
– Myles Winiski, Systems Engineer
Further Securing Your Accounts
The second most popular topic from our experts related to taking your account security a step further:
Use multi-factor authentication when available.
– Matthew Butler
If you use your cell phone for two-factor authentication (like when you log into your bank’s site and they text you a code you need to type in), make sure that you don’t have text messages show up on your phone’s screen when it’s locked. Pretty much defeats the security of 2FA when the secret is visible to anyone who steals your phone.
– Jonathan Stone, Chief Technology and Operating Officer
The Best of the Rest
Round out your Cybersecurity Awareness Month security strengthening with the rest of these tips ranging from protecting your home network to employee training:
Keep your security software at home current – especially software on your internet router.
That router/firewall is your first line of defense on your home network. Since work machines are frequently connected to home networks, it makes sense to keep software updated for both personal AND business security.
– Jonathan Stone
Start considering a “zero trust” architecture for your environment. More and more we see threats on “trusted” devices, in what’s considered a “secure zone” (such as behind a firewall). Assume other devices, even in your “secure zone”, are already compromised and harden systems to defend themselves against other “trusted” devices.
Harden your system defenses by using the OS's firewall to control traffic to and from the endpoint. Turn off unnecessary services and uninstall unnecessary software. Make sure everything is patched and current (OS and apps). Use good endpoint protection (and keep it updated) such as BitDefender and AMP for Endpoints. Use Windows 10 features like Device Guard, AppLocker, and Credential Guard.
– Matt Kozloski, VP of Professional Services
Double check the address bar and make sure it has a green lock icon when browsing personal sites such as email and banking.
If there is no such icon you should: contact your IT department, close the web browser in case of malware, and disconnect from the network you are on because it may have been compromised.
– Jim Araujo, Senior Consulting Engineer
Provide users with ongoing security training so they know what threats to watch/look out for. Make sure to use a trusted partner for your training as well as a well-known training platform such as KnowBe4.
– Tushar Dadarwala, Systems Engineer
Log out of your online sessions when you're finished and lock your computer when not on it. Use access control when available. If you have to use public Wi-Fi, use a VPN and don't submit data to sites that don't have valid security certificates in general.
– Matthew Butler
Be diligent and think before clicking on a link. If it’s not something you were expecting, it could be malicious. If you click on a fake link your machine can become compromised and even trick you into providing sensitive information. Malicious software can be installed and, for example, could capture your keystrokes to gain access to your accounts.
– Mark Lepak, Network Engineer
Digital and cyber security has never been more important or demanded more attention than it does today. By using these tips and others to toughen your defenses, you’ll be doing more to protect your own data as well as that of your business, clients, partners, and others.
If you’re looking for more ways to strengthen your businesses’ cybersecurity, check out our eBook for 10 simple ways you can improve your cybersecurity posture. Or for a more thorough dive into your company’s cybersecurity procedures, policies, and defenses, ask about our no-cost security assessment that can find vulnerabilities in your defenses before hackers do.
