How to protect your company from cybercriminals!
It’s not a matter IF you are going to be attacked. It's a matter of WHEN.
Most think that there is a silver bullet for cyber security - but that is just wishful thinking. Instead of focusing on all the bad - here are some valuable tips to how you can strengthen your company’s cybersecurity posture.
The best we can do this is to incorporate due diligence and due care into our cybersecurity culture. This will give you a head start on any future security related incidents or data breaches.
Teach employees how to keep data safe
Data breaches often happen due to human error. If you can train your staff on potential scenarios that might lead to a data breach, you can reduce the odds of an issue related to human actions. We really believe that one of the most important actions a company can take in terms of cybersecurity is end user training – this can’t be stressed enough. Awareness is power! Before you even log into a computer you should have a basic knowledge of cybersecurity and the expectations of your employer. All security policies must have a top down approach when being implemented in a company. Senior Management support in this is very critical and most times overlooked.
Multi factor authentication
Start enabling MFA - Multi Factor Authentication. It’s a simple but effective solution. For example, it could mean that you use another device to confirm your identity when logging onto the company network. A strong password policy should always come first but MFA gives your organization an extra layer of security.
Passwords: complexity = security
Using strong passwords and changing them regularly makes it harder for cybercriminals to access information. This is a huge problem for companies that must be addressed through the development and implementation of strong password policies. Never share your password with anyone. Make sure that your passwords are at least 20-25 letters, 2 upper case letters, 2 lower case letters, 2 special characters oh yeah and 2 numbers. We know this sounds complex, but you may want to implement a solution like LastPass. These password managers are becoming more and more common as the complexity requirements and policies become stringent. And please don’t use the same password for all of your applications.
Be aware of phishing schemes
Phishing is an attack that uses fake email as a weapon. The goal is to trick the email recipient into believing that the message is something they want or need — a request from their bank, for instance, or a note from someone in their company — and to click a link or download an attachment.
What really distinguishes phishing is the form the message takes: the attackers are disguised as a trusted entity of some kind, often a real or legit person with some type of authority from within the company.
Awareness is power!
Stay on guard while traveling
Portable devices, including laptops, tablets and smartphones, can be easier to lose and a target for criminals. Be aware when logging into secure systems in public places so others cannot see your username and password. A good tip here would be to use USB data blockers for charging only. This will prevent any unwanted or unauthorized data transfers over the connection especially in publicly accessible charging stations like those found in Airports.
Back up your data
We always need to continuously back-up our end points and servers. If you are using a laptop, we recommend you to back-up your data to an external storage device where encryption is enabled. If you are not using this data all the time, there is no need to have the backup connected and susceptible to attack. You should also practice restoring from your backups to verify it can in fact be used.
Companies should have SIEM solution in place. All organizations must invest in cyber security technologies which are continuously updated and well equipped to identify the latest malware circulating the internet. Of course, companies also need people who can monitor the systems you choose to go with. Either on permanent or consultancy basis.
Hire people to check your systems
There’s also the option of hiring people known as ‘white hat’ hackers. Such individuals will look for ways to hack your systems and gain access to your data via Pen testing. These people can let you know what vulnerabilities exist in your system and how you can fix these issues.
When we talk about social engineering there’s just one thing I’ll write here. Stay vigilant and don’t discuss sensitive work-related issues with people that are not authorized to learn about these things. That’s rule number one and probably the most important. We will dig deeper into social engineering in the future, stay tuned!