Cybersecurity Best Practices
Educate your Employees on Cyber-hygiene and Phishing Signs
In the cybersecurity war, your employees are the frontline soldiers. They can be your greatest asset – but can also be your largest liabilities. One of the most important cybersecurity best practices is to keep your team informed on the dangers they will face every day.
To put an example to the metaphor, here are two scenarios:
Suppose it’s Monday morning and Lucy in sales receives an email about an urgent update on the upcoming quarterly reports. Suppose in one timeline the company held a cybersecurity seminar the month before about recognizing the signs of a phishing scam. Lucy, now educated in common phishing techniques, would notice that the email’s “from” address is an external email outside of the company. Additionally, she notices several spelling errors uncharacteristic of her supervisor and that the report has an odd file-name. Recognizing this, Lucy strays away from the download link and sends a separate email to her supervisor Jenna, who confirms that no such report was sent out. Lucy promptly deletes the phishing email.
Now suppose in a second timeline that no such seminar was held. Lucy would more likely react as any other enthusiastic employee would and download the attachment. Her heart sinks as she realizes that that the document had been a fake, so she swiftly drags the file into the garbage bin and empties it.
Unfortunately, her computer has already been infected by a worm-capable malware. Over the next 48 hours, the malware scans for unprotected or out-of-date software on the company network and propagates itself, infiltrating all vulnerable PCs. Lucy comes into work Thursday morning to the entire office being hit by a ransomware virus.
An employee educated on cyberthreats knows of the signs to look-out-for and is significantly less likely to be a security liability to your company.
Keep your software up-to-date
Software is never fully secure. Cybersecurity researchers and software developers are constantly working to discover and repair vulnerabilities in their code that would allow cyberattackers to exploit your computers. These fixes are rolled out to end-users through patches. It is essential that you remain diligent of new security patches for your software and promptly install them to keep yourself protected.
Multifactor Authentication (MFA)
Even the most sophisticated passwords can be cracked. With computer processing power increasing exponentially, brute-force attacks have also seen a rise in popularity. A brute force attack uses trial-and-error to guess every possible combination of characters to break into an account.
While slower and more archaic that other methods, computers work tirelessly and our accounts are constantly under fire.
To combat this, set up multifactor authentication (MFA) for your accounts. This links a second email address or phone number to your account and sends you a one-time-use code whenever you log in from an unfamiliar device. With MFA, an attacker cannot gain access to your account even if they have the password, increasing security.