Tue. Nov 24th, 2020

Tech Tip Tuesday: Improve Cyber Awareness In Your Organization

Better cybersecurity starts with understanding that EVERYONE in your organization, regardless of their role, is a very important person (VIP). Why? Because all it takes is one person and one click to put your organization at risk. So, here are some essential tips:

Use the Latest Versions of Software

Whether it’s an on-premises software deployment or a software-as-a-service (SaaS) app, always run the latest version to ensure you’re protected against the newest cyber threats, and that you aren’t vulnerable to old code deficiencies (e.g., zero-day attacks).

Encrypt Data

Always do this for sensitive data such as payment cards, account passwords, and personally identifiable information. If a hacker somehow manages to access your network, they won’t actually be able to do anything with the stolen data if that information is properly encrypted.

Avoid Connecting to Public Wi-Fi

Hackers sometimes run “man-in-the-middle” and “evil twin” schemes where they create a fake network for a legitimate business (e.g., “Starbucks Wi-Fi 2”)–a common tactic for packet sniffing and data theft. Avoid using public Wi-Fi. And if you absolutely must, set up a virtual private network (VPN) and secure your sensitive accounts with two-factor authentication.

Create Complex Passwords and Change Them Often

Every business should have a password management strategy. Specifically, they should require that every employee change their password at a minimum of every three months. Passwords should be complex, using creative arrangements of numbers, letters, and special characters (e.g., “/@k3rs” as opposed to lakers”). This can help avoid falling victim to brute-force attacks that systematically guess passphrases. Do not use the same password for all of your applications.

Revoke Old Privileges
When employees leave, on good terms or bad, make sure you revoke access to all of their existing applications. This is vital to adhering to a policy of “least access,” which is precisely what it sounds like—granting access only when and where it’s needed.
Monitor Network Activity
Even with all of these steps, phishing scams and other advanced intrusion tactics are increasingly sophisticated. Leverage a managed security service provider (MSSP) to protect your network. Under this model, security analysts provide 24/7/365 threat detection and incident response. They also have teams based around your specific needs and provide adaptable, scalable technology at an affordable price.