The line between our online and offline lives is indistinguishable. In these tech-fueled times, what happens on the internet shapes our home life, societal well-being, economic prosperity and even the nation’s security.
“With ever-increasing advancements in technology, our world becomes even more digital every day,” said Paul Tucker, chief information security officer at BOK Financial. “The Internet of Things (IoT) that connects everything from home appliances, wearable technology, toys and even our cars, to the internet has created an even larger threat landscape that cybercriminals are targeting relentlessly.”
While these connected devices make our personal and professional lives easier, they require good cyber practices to keep our valuable data safe. Cybersecurity is about being diligent, aware and responsible. Follow these eight best practices to protect your organization—and yourself—from cybercrime.
1. Have employees make long, unique passphrases and change them frequently.
A strong passphrase is a sentence that is at least 12 characters long, containing upper and lower case letters, numbers and special characters. Focus on positive sentences or phrases that are easy to remember but not easily guessed.
2. Strong passphrases may not be enough.
Whenever offered, two-factor or multi-factor authentication provides improved security. Multi-factor authentication is often the last hurdle that threat actors can’t overcome. There is no target too small, and the assumption that you won’t be a target is the mistake the cybercriminals are counting on.
3. When in doubt, throw it out.
Links in emails, tweets, texts, posts, social media messages and online advertising are the easiest way cybercriminals can infect your device with malware or steal your data. Do not click unknown or untrusted links or open attachments.
To report phishing to the government, visit this channel. It collects phishing email messages and website locations to help people avoid becoming victims of phishing scams.
To report phishing to a specific company, go directly to the company’s official website from a separate web browser and find their phishing report channel.
4. Keep a clean machine.
Keep all software on internet-connected devices—such as personal computers, smartphones and tablets—up to date to reduce the risk of infection from malware.
5. Back up your data.
Backups should be performed regularly and stored separately on a different network to help protect data and networks. These allow you to restore data if your device is lost, stolen, infected with ransomware or otherwise compromised.
The Federal Communications Commission (FCC) offers a Small Biz Cyber Planner and cybersecurity tip sheet that helps small businesses create customized cybersecurity plans.
6. Own your online presence.
Immediately configure privacy settings for all new accounts, downloaded apps or new devices. Check your settings regularly and as updates occur.
7. Get savvy about WiFi hotspots.
Public wireless networks and hotspots are not secure, even if they are password protected; the passwords are generally widely known and easy to crack. Remind employees that cybercriminals can easily see and record any activity, including sites you visit and passwords you enter.
Avoid accessing email, banking, social media or other accounts with sensitive data while on public WiFi channels. Consider using a personal/mobile hotspot or VPN (Virtual Private Network) if you need to get online outside of your home or work WiFi network.
8. Stay safe while staying home.
With many employees still working from home, remind them of the importance of cybersecurity outside the office. Encourage them to rename their home network’s default ID and change the password to a unique, strong password or passphrase.
“Both individuals and organizations have a role in protecting their part of cyberspace,” Tucker said. “We must make sure everyone—citizens, businesses, government entities and schools—understands that cybersecurity is a shared responsibility and creating a safer online environment requires engagement from the entire community.”
How hackers get inside your business
Cybercriminals use a variety of methods to gain access to your business network.
According to One Source, malware is the most common attack method. Commonly used to steal information and extort money, this malicious software can cause extensive damage to a company’s online systems. In addition, small and mid-size businesses should be on the look out for:
- Ransomware. Hackers use specific malware to access a victim’s computer systems and then block access until a ransom is paid.
- Phishing. This method tricks victims into sharing sensitive data, such as login credentials; malware is typically installed once the attacker accesses the system.
- Credential theft. Attackers use phishing or other attacks to access a company’s database to steal personally identifiable information.
- Security infrastructure misconfiguration. While not directly a type of attack, this lack of security highlights vulnerabilities within a company’s network, leaving it insecure and easily hackable. Work with your cloud provider to ensure your company has the proper security settings to protect your data.