It seems like we read about or see new stories of cyber security breaches and hacking on a regular basis nowadays. A cyber-attack can lead to financial and reputational losses from which it can be very difficult to recover. A cybersecurity breach can negatively impact your business continuity and force the organization into disaster recovery mode. Sometimes simple preventive measures can help mitigate such risk, before disaster strikes. Virtual Corporation wanted to share 6 simple hacks you can try to help your organization avoid getting hacked.
- Stop insider attacks
- “Gone phishing”
- Password security
- Defend against intrusions at the device level
- Avoid band-aid security fixes
- Mandatory cybersecurity education
1. Stop insider attacks
Studies estimate that between 40-90% of cyber-attacks originate from inside the organization. This can either be a hack savvy IT professional, a disgruntled employee, or even an accident caused by an uniformed employee.
Hack: Ensure Accountability and Security via Password Policies
Avoid having a universal company passcode to any device, network, application or internet site. Make sure each employee has an individualized login and password to ensure accountability and the give you the power to revoke an individual’s access, without disrupting the rest of the company’s access. Having separate logins also helps you monitor, just who made a change or mistake, regardless of whether it was deliberate or accidental. Immediately cancel network access and passwords when employees leave the company, to avoid them using passwords to remotely access the network in future.
2. “Gone Phishing”
Social engineering is getting more advanced and creative every day. Hackers use sound effects, role play, or whatever it takes to get the information they need to access your secure data. This can be over the phone, in person, via email or through social media tools.
Hack: Don’t take the bait
The same holds true for phone calls. Don’t be fooled by sob stories, threats or name dropping. Stick with the rules of cyber security.
Reinforce with your employees that they shouldn’t provide their password to anyone (even the IT department) over the telephone. Educate your staff to help recognize a phishing phone call, conversation or email. Ask that they not open any suspicious emails, and advise them to contact the IT team immediately. These types of messages are becoming increasingly sophisticated, as they can include personal details, or even make references to specific company projects or products. It is very easy to name drop members of the team, as so much of this is available via social networking and the internet.
3. Password Security
I know, I know… you hear this all the time from your IT department, but let’s face it… the IT teams know it works.
Hack: Create strong passwords and change them frequently
This also includes never using the same password for all of your accounts – that’s just asking for trouble. As soon as these cyber criminals hack into one program or device, they will have instant access to all of your personal and professional data, and worse it provides an open window into your companies network. Try to create diverse passwords that combine numbers, symbols and other factors to ensure it is safe and secure. You should also ensure that passwords are changed on regular basis. Try implementing a calendar reminder for every three months to be sent to employees.
4. Defend against intrusions at the device level
There is a famous story about an Apple Computer employee who mistakenly left his iPhone behind in a social establishment. The mobile phone happened to have top secret images of what the future release of the next iPhone model would look like. The iPhone and the images made it to a tech publisher who broke the story and shared the photos.
Let’s not forget about spyware, malware and viruses. Even legitimate software tools such as password keepers can be used as a means to hack a device or network.
Hack: Build a layered device wall
Layer one: A secure device begins at the password level (as stated in Hack 3). Insist that employees use complex password creation on both their work devices, as well as their personal devices that may be used to access email or the organization’s network.
Layer two: Encourage the team to pay attention to notifications regarding updates to device’s
- Device operating system
- Software updates or downloads
- Anti-virus software
- Web browsers
Although these system notifications can sometimes seem to be a nuisance, it is much easier to review them in the few seconds it takes versus’ dealing with the damage that can happen, should you end up with malware, viruses, ransomware or spyware. Avoid accepting automatic updates and review and approve each one. Have employees contact IT if they notice any suspicious software on their system.
Layer three: Run network surveillance often, but on an irregular schedule. Even though it is easier to automate, including extra unscheduled surveillance could keep your data safe if someone is aware of the schedule or surveillance routine.
Layer four: Report any loss of devices to IT immediately so they can be unauthorized from the network. ). It is critical for employees to understand that cyber-attacks can occur just by a cyber-criminal having access to an employee’s laptop, tablet or mobile device.
5. Avoid Band-Aid solutions
Many companies will quickly add more levels of security software if there is a breach. Although multiple layers of security software can be helpful, it won’t work until the source of the breach is resolved.
Hack: Fix the source of the breach before adding a firewall or filter
If you have already experienced any sort of network or devices security disruption, adding firewalls and filters to a platform that is already insecure is basically the same as putting a band-aid on a gaping wound. You need to fix the problem first. Hackers know just how to locate your vulnerabilities. You need to discover where the security problems are, and then have an IT profession fix the issue.