It can be daunting to understand how to protect yourself and your organization with effective cybersecurity measures.
Especially when seemingly infallible organisations such as Uber, Under Armour, Hudson Bay Co. and Facebook are successfully attacked by faceless individuals. With data being one of the most important assets an organization has, and ransomware extracting thousands of dollars for information held hostage, it’s important to ensure you’re saving yourself, and your organization from vulnerabilities with cybersecurity efforts.
The average company tends to spend $3.7 million in direct and indirect costs to recover from security breaches, and in smaller organizations, the average cost of a breach per employee is $12,392.
Furthermore, Canadian legislation is changing November 2018 to ensure customers are notified of cybersecurity breaches in a matter of days after the event has occurred. Without following proper cybersecurity measures, consumers will lose trust in the ability of the organization to protect their personal information and follow basic security principles. The result could be more cases of Canadian consumers suing companies that fail in their responsibility to keep personal information secure.
To ensure cybersecurity success at your organization, follow these six simple tips.
Have strong and unique passwords.
It is no longer recommended to replace words in your favourite phrase with symbols, such as hello → he11O. These short, hard-to-read passwords look complicated to humans but very simple to computers. Instead, use a very long string of words. A random phrase that you can remember is particularly good to achieve strong cybersecurity. If you add capital letters, special characters and numbers, you’re golden. Adding a symbol to the first letter of the password increases the security even further.
For example Dark Side of the Moon → #@rks!de0ftheM00n
Whenever possible, use biometrics such as fingerprint readers and facial recognition. To test the strength of your password against a dictionary or brute force attack, try How Secure Is My Password.
Use a password manager.
These services can help defend against criminals by generating and storing a different password—one that’s long and complicated—for each of your online accounts. It’s common to use weak passwords or reuse passwords on multiple accounts because it’s hard to remember a new one for each online account. This creates great susceptibility to crimes such as identity theft. A password manager will generate, retrieve, and keep track of long, random passwords across countless accounts for you, while also protecting all your vital online info like PINs, credit-card numbers and their three-digit CVV codes, answers to security questions, and more. Plus, most password managers are more secure than banking websites. Even if the web access is hacked, the password lockers are encrypted separately.
To access the password manager, you’ll only need to remember a single password. Other security measures to guarantee effectiveness are also important, such as setting lock screens on all devices and using two-factor authentication on certain accounts. While password managers aren’t the silver bullet to 100% password protection, they’re a great way to avoid a cybersecurity scare and gain convenience that wouldn’t otherwise be possible.
Many free password managers are available such as KeepPass or LastPass. These managers typically have apps for mobile devices (phones, tablets) and use biometric passwords (fingerprint, facial recognition) to access your encrypted password locker. Check out The Best Free Password Managers of 2018 for additional options.
Implement two-factor authentications.
With two-factor authentication, also known as 2FA, accounts can be accessed using not only a password and username but also something that only the user has or knows. This could be a piece of personal information or something they have on hand such as a physical token.
A piece of information could be “What was the name of your elementary school?” A physical token could be anything from a device displaying a password token momentarily, such as an AuthAnvil app, or even your credit card CVV number.
Update your software.
Ensuring software is up to date is paramount in ensuring no doors are left open for hackers to access your confidential information, which puts you at risk for security breaches and data theft. It’s a critical cybersecurity practice across all computer networks.
Software updates are important because they often include critical patches to security holes. In fact, many of the harmful malware attacks take advantage of software vulnerabilities in common applications, like operating systems and browsers. These programs require regular updates to remain safe and stable. While it may seem like a nuisance to stop working and complete the update during the workday, it pays off in the long run.
On mobile devices such as tablets and phones – OS updates typically include patches for security vulnerabilities. Also, updating apps on a regular basis also include security patches.
The Equifax data breach, in which 146 million Americans were affected by the exposure of Social Security numbers, birth dates, and home addresses, could have been avoided with a security update. The hackers were able to access the credit reporting agency’s data through a known vulnerability in a web application. A fix for this security hole was available two months before the breach, but Equifax, unfortunately, failed to update its software.
Only download apps from trusted sources.
Downloading apps from third-party sites (e.g. not Apple Store, Google Play, etc.) can be tempting. However, to do so is to put your device, and therefore yourself and your company at risk.
Third-party app stores are dangerous because they can operate via malicious advertising or code. The ads or codes are “injected” into popular apps users purchase through these stores instead of legitimate options. While not all third-party apps are “bad,” many stores bait users by offering popular apps for much cheaper prices and subsequently put user privacy at risk. Examples of sensitive information extracted through third-party app stores include phone numbers, device information, and email addresses.
Check your social media privacy settings!
Social media users tend to overshare life details to feel connected to friends, family, and coworkers. But these private details can be used maliciously by cyberthieves to access sensitive accounts, create fraudulent identities, and compromise careers.
Ensure this information is kept safe on your personal social network by regularly checking that your privacy settings are iron clad and haven’t shifted over time.
Find SysGen’s IT support and managed IT services in Calgary, Edmonton, Red Deer, Vernon, and Kelowna. Learn more about SysGen’s cloud offering, cybersecurity services, and digital advisory team by clicking here.