Top 10 Cybersecurity Tips

It’s no secret: data breaches are expensive. In 2021 the average breach cost businesses $4,240,000 USD hitting a 17 - year high. These include both hacks of customer personal information (with resultant commercial and reputational loss), as well as theft of proprietary data and property, with immediate and potentially catastrophic financial impact. As work environments evolve and security threats increase, we have assembled a top 10 Cybersecurity tip list that can protect your business and personal systems.  

‍

1. NO PHISHING ZONE

Phishing scams occur when a cybercriminal attempts to trick you into providing private information such as login credentials, banking or credit card information, or sensitive identification data such as your tax ID number. Remember to be suspicious of any “official-looking (or sounding)” email, text message, or phone call asking you to divulge sensitive data or financial information. Always validate the requester prior to fulfilling their request.

‍

2. CLICKER BEWARE

Do not open attachments or click links from email addresses you do not recognize. Avoid visiting an unknown website or downloading software from unknown sources. Cybercriminals often use email attachments to send malware that once downloaded, can compromise your computer and all internal systems connected to the infected device.

‍

3. P@SSW0RD STRENGTH

Create strong passwords using a healthy mix of letters, numbers, and special characters. Avoid using the same password for multiple websites and internal systems. When it comes to sharing, treat your password like your toothbrush; (1) do not share it with others, (2) be sure to replace it multiple times a year,  and (3) if it has been compromised immediately change it for a new one.

‍

4. KNOWLEDGE IS POWER

Educate yourself and all team members on security threats and best practices to minimize exposure. Remain up-to-date with trending threats and pay close attention to data breaches impacting your industry. Establish an Internet Security Policy and implement monitoring and testing schedules to monitor the continued effectiveness of your control environment.

‍

5. FIREWALLS

By now you probably know that firewalls are implemented to prevent outsiders from gaining access to data on your company’s private network. However, if you and your staff access operating systems from home devices you must also ensure firewalls have been established to protect home systems.

‍

6. LIMIT ACCESS

Administrative privileges should be limited to highly-trusted staff members. Every employee should be provided individual user profiles and access levels sufficient to fulfill their job functions, no more or no less.

‍

7. BACKUP TO GET BACK UP QUICKLY

Critical data such as transactional records, human resource files, and financial records should be backed up at least weekly according to the Federal Communications Commission (“FCC”). The FCC further advises the implementation of automatic data backup solutions. In the event of a debilitating malware attack, backup data will help your business get back up and running quickly.

‍

8. LOCKDOWN

Be sure to password protect all your devices. If you need to step away from your phone, laptop, or tablet, lock the device before leaving the area. Mobile devices hold a great deal of sensitive data and are easy to steal, so invest in downloading data encryption tools to protect your device: for implementation information consult your device’s documentation.

‍

9. PUBLIC WI-FI

Public wi-fi is great, you can access the internet in cafes, airports, and many restaurants. But just as as you can connect to a public wi-fi easily, bad actors can access data to harvest. If possible, always deploy a Virtual Private Network (VPN), especially if you are accessing personal or sensitive data. 

10. TWO FACTORS ARE BETTER THAN ONE

Two-factor authentication (2FA) provides added security to key accounts like company email, financial applications, and systems housing medical data. 2FA is essentially like having two deadbolt locks on a door that each requires a separate key to unlock. If a bad actor uncovers your password, they will be unable to access the protected environment without the second key. The second key is often a code, which is sent directly to the confirmed user via SMS messaging, Authentication apps on your device, or delivered via to the user’s confirmed email account.  

As breaches and cyber-attacks show no signs of slowing down; your best defense is an active offense, make sure you incorporate the above tips into your business’s cybersecurity program today.

‍