2016 October

October, 2016

National Cyber Security Awareness Month

Each year, we recognize October as National Cyber Security Awareness Month. In our current world of increasing connectivity, it is important to take the necessary steps to secure and protect our information from the growing threat of malicious attacks. Here are a few recommendations to better secure your personal & business information:

Use simple, but strong, passwords. We recommend using a combination of different-cased letters and numbers, with a few non-alphanumeric characters (i.e. ?, !, ^, %, etc) thrown in for good measure. Aim for a strong password that is easy to remember—you don’t want to have to write it down or store it on your Notes app. Try to use different passwords for your various accounts to limit exposure in case one of your accounts is compromised. An encrypted password manager such as Keeper is very helpful for keeping things organized. Multi-factor authentication is always a plus and we highly recommend it when available.

Stay up-to-date on your software versions. Employ a vigilant patching schedule to make sure you have the latest protection from viruses and malware (this goes double for our Industrial clients!). Automatic software updates are great for passive updating, but it’s important to perform scheduled checks to make sure everything is current. New weaknesses are discovered all the time, so it’s important to stay on top of things.

Encrypt! All backups, sensitive data, confidential emails, and any key files should be encrypted. Encryption protects you in the event of device theft and provides an extra layer of verification when electronically transmitting sensitive data to another party. With the rise of Ransomware and similar types of malware, having encrypted backups can save a person or business from a very costly recovery process.

Be mindful of phishing attempts. Phishing scams are growing increasingly complex and can seem very legitimate to many people. If you have the slightest bit of apprehension regarding an email, ensure that you know the sender and can verify that they sent it. Don’t blindly click any links, and be sure to report any suspicious activity to the proper department, as well as the FTC.

Ensure that networks are properly segmented and that non-industry-specific software is avoided. This is directed more towards our industrial clients, but the principles ring true for many types of businesses, as many industries are adopting increased connectivity measures to support Corporate IT and other external networks. If networks are not properly segmented and isolated, a motivated attacker can infiltrate multiple layers of a network and wreak havoc on various aspects of a business.

Exercise good practices regarding USB drives. Encryption is always recommended when passing a USB drive between people and can provide an extra layer of security in the event of theft or loss. Many attackers are using infected USB drives to infiltrate a network as well, so employees should know better than to insert unknown USB sticks into their workstations. Curiosity often pervades logic, so enact a strict policy to mitigate risk.

Have your systems tested by a trusted cybersecurity firm to ensure that everything is secure. At minimum, a vulnerability assessment should be conducted once per year to ensure the operational integrity of your system. It never hurts to be too careful, though, so multiple assessments are encouraged.