With Covid-19 hitting hard earlier this year, and seemingly on the move again today, the need for corporate office jobs going remote has increased nearly overnight putting a strain on IT Security teams. Continuing our conversation around Cyber Security awareness and how we can help you with best practices, we want to remind you of some things that you can do on your part to take active steps on being proactive and aware. There are 8 important items recommended by the National Cyber Security Alliance that you should be aware about. Today we will talk about four of them. Click on the subscribe button to get the other four in our monthly newsletter.
Cyber Security Best Practices
Just taking a few of these steps can dramatically reduce the risk of compromise
- Password Manager – There are many to choose from that are free. They can assist in automating the fixes of the possible threats mentioned below.
- Don’t write passwords on Sticky notes and stick to the back of your laptop.
- Use 10 characters, (hackers use 16 minimum) and random passwords.
- Don’t use the same passwords for every login – If a certain company gets hacked and the hacker gets a hold of your password, they now have the password to all your accounts you use that same password for.
- Use Multi-Factor Authentication where possible such as face ID, fingerprint biometrics, adding a mobile number – If a password is found out then these tools will add another layer of protection.
Sharing information should be on a need-to-know basis. For example, you get a mass email addressed to all the employees from HR to reply with W2 information, and you reply all to ten employees with your personal information which includes name, birthdate and your social security number. What now? IT damage control – we can recall the message but that will only work with the emails that weren’t opened. What about the ones that opened? A previous employer of mine had to go to all ten of the computers individually and erase that particular email.
Having something stolen from you is just an awful thing. Let’s say you work at a doctors office and have remote capabilities to log in from your home laptop. You have an easy password like 123456 set up and leave your laptop in the car because you were headed to pick your kids up. Unfortunately; your car has been broken into and you forget you had left your laptop in the car overnight. Your laptop is gone and all of the sensitive client medical records are at jeopardy being tampered with. This kind of negligence not only puts you at risk but your employer, their practice, their clients and all of the HIPPA compliance laws that you have been maintaining go out the window. Stolen data is much more damaging long term then the loss of the physical device. There are countermeasures that can be taken to help protect your data.
- Use strong authentication to access your device. Don’t let convenience get in the way.
- If you’re able to, encrypt your data.
- If possible, enable remote wiping capabilities. (Learn more about this TEKMATE offering below)
- The most important thing – BACK UP YOUR DATA!
Phishing and Ransomware
Phishing is a method an attacker uses to try to get people to click a link that takes the user to a malicious site or automatically downloads an attachment on their computer in the background without your knowledge or acceptance. It can come through email, text messages or even instant messenger applications.
Ransomware is software that locks data by encrypting it and won’t be unlocked through decryption until a ransom is paid. Here are some preventative steps you can take to protect your self from Phishing and Ransomware attacks:
- Look for suspicious emails – If Amazon is sending you an email to update your credit card information because your card has expired for your prime membership it would be from the amazon.com domain. Some tricks scammers use usually have a public domain like firstname.lastname@example.org to trick the end user. Also be wary of @amazon.co or @amazon.org
- If you’re unsure at all, it’s probably not important enough to take the risk.
- Make sure your Anti-virus software is up to date.
These are just a few simple security measures you can take to avoid becoming a victim of a Cyber Security attack. Be aware when entering sensitive information into websites and keep things on a need-to-know basis. Although these are precautionary measures, there is nothing like having a professional Managed Services team help you and your company prevent an attack from happening while improving your overarching security posture.
To learn more about how TEKMATE’s Managed IT works for hundreds of users, email us at email@example.com or give us a call at 941-946-7800.