Being Cyber Smart means having strong security practices & cyber hygiene. In this blog, you'll get 3 tips to be Cyber Smart without breaking the bank on products & services.
The National Cyber Security Alliance (NCSA) and Cybersecurity Infrastructure Security Agency (CISA) have designated October as Cybersecurity Awareness Month. If you ask me, there is no better time than now to focus on what we can all do to protect our business and personal lives from cyber threats.
DP Solutions has decided one way we can help support the initiative is by highlighting the themes of each week of Cybersecurity Awareness Month and giving some practical thoughts and ideas about how you can apply them! So, without further ado, let’s get into the theme for Week 1: Be Cyber Smart!
A Culture of Security
Don't ignore the human element of cybersecurity
One of the biggest challenges people face when it comes to managing cyber risks is creating a culture of security.
I have spent a lot of time over the years talking with business leaders who often ask me questions like, “What stuff do I need to get to make sure I don’t get hacked?” While the intent is good, it reinforces the bias that buying the right technology, or hiring the right IT people, or spending enough money will eliminate the risk. But the problem with this overreliance on products and services is that it completely ignores the human and management element of security.
Being Cyber Smart is about having strong security practices and cyber hygiene, which really means having overall discipline when it comes to security management.
Let’s review a few areas where you can be Cyber Smart without having to break the bank on products and services. Nothing is perfect when it comes to security. However, taking these basic steps will dramatically reduce your risks of incident and aren’t very challenging, no matter your level of technical expertise.
Strong Passwords and Multi-Factor Authentication
MFA dramatically lowers the risk of accounts being hacked and is often mandated by security compliance standards.
The easiest way to get into a house is through the front door, especially if you leave it unlocked. Well, using a weak password is just like leaving your door unlocked. It’s only a matter of time until that password is broken, either by brute force, a breach, phishing, or any number of other ways. To make a strong password, you will want to use a mix of letters and numbers, along with a few special characters without obvious patterns (see our Complex Password tip sheet).
While stronger passwords will help limit your risk, the truth is that even those can break over time, leading to credential abuse that allows hackers to get into your accounts and cause trouble.
If you really care about your account privacy, we recommend that you utilize Multi-Factor Authentication (MFA) whenever possible.
In addition to the typical username and password, MFA adds an expiring token that is required to get into an account. While a password may be broken, it’s very difficult to both break a password and break an expiring token that comes to an app or text message on your phone. If you care about what is behind the login screen, you should really take the time to figure out how you can utilize MFA to protect it. You won’t regret it.
Backing Up and Protecting Your Data
Be sure to have a plan to back up and recover your important data
You never want to be in a situation where something bad happens to your data. Whether it’s ransomware or something as simple as a hard drive failure, not knowing how to restore your critical business data, family photos, or even a letter you were writing, can be troublesome. Having a plan to back up your data is critical. You should always assume something will go wrong and be prepared to respond (and be happy if you never need to). As the saying goes, plan for the worst, but hope for the best.
To get started, you’ll first want to figure out what kind of data is important to you. Many people just want to back up an entire PC or their entire fleet of devices. Perhaps that’s appropriate, but the more you back up, the more costly it will be and possibly more difficult to maintain. Besides, you should still prioritize the data and items that are most important to you for the purposes of management and classification.
Once you know what you are looking to protect and how important it is, you can start thinking about things like how much time you can go without the data (recovery time objective or RTO) or how far back you may need to go (recovery point objective or RPO) which will help determine what kind of solution is necessary to back up and protect your data.
Keeping Your Technology Products Up To Date
Every device you use, from a standard desktop PC to the latest smartphone, even your smart TV or refrigerator, needs to be in a supportable state.
Oftentimes, new vulnerabilities are discovered that can be exploited in the wild and the vendors who create these products will issues patches and updates to address these flaws, just like how a car company may issue a recall notice on a car with a brake issue.
It’s important that you understand, both in your business and personal computing lives, what the process is to support and update these devices. While many items automatically update, you need to make sure that updates are applied to your devices and that the vendors who sold these products are still supporting them. You don’t want to be in a situation where you have a vulnerable device with no potential fix to address a security flaw.
This is just the tip of the iceberg. You probably will need to do more to have a solid grip on your cybersecurity posture, but to be blunt, if every individual and business in the United States did these three things effectively, we would probably have far fewer ransomware attacks and account compromises.
Thanks for taking the time to read this blog. We’ll be visiting the other Cybersecurity Month weekly themes, so stay tuned for more!