[BreachExchange] 7 Tips to protect yourself and your business from hackers in a time of cybercrime
Audrey McNeil
audrey at riskbasedsecurity.com
Mon Oct 9 19:17:07 EDT 2017
https://www.itproportal.com/features/7-tips-to-protect-
yourself-and-your-business-from-hackers-in-a-time-of-cybercrime/
With the ever-increasing amounts of technology embedded into our lives,
there is no question that cybercriminals are moving in on targets. Often,
these individuals know more about technology than you - the user. Equifax
is a recent and prime example of at-risk data being exploited by hackers
from a corporate level. Cyberattacks cannot be irradiated altogether, but
fortunately, there are precautions that can be taken. The following seven
tips enable businesses and individuals alike to ward off potential
cyberattacks:
1. Develop a company culture around smart cyber-sense
Don’t wait to address a breach until after it happens. Beat the culprit to
the punch with a culture of cybersecurity awareness. Address topics of
cybersecurity in meetings regularly. Avoid installing overly complex
technologies. Make sure to educate your employees on the systems you have
in place. Utilize a philosophy of good practice within your company
culture.
Hold meetings and workshops frequently to update and educate your workers
on cybersecurity systems. Depending on your business, this content can
range in complexity. Many criminals study the staff of the intended target.
Establish yourself and your company as one of no tolerance for cybercrime
to discourage criminals from striking. If you have a staff of prepared,
observant and alert employees, a cyberattack can be extinguished at the
first step.
2. Carefully evaluate your security systems
It sounds dramatic, but going through your systems with a fine-toothed comb
is a necessary method when avoiding cyberattacks. Determine the usefulness
of your security controls, and see if they are updated with the most
current software. Leaving programs in archaic form presents loopholes in
the software for cybercriminals to take advantage. Have a system that makes
risk-based decisions and implements notifications properly in a timely
basis to an attack.
This process is similar to that of an audit. Whereas an audit is driven by
a framework, the digital process is propelled by potential threats and
operational order. Seek to patch conditions that lie vulnerable to
exploitation. Any weaknesses in technical and administrative programs
should be addressed immediately. If you do not have an internal security
expert, it is worth investing in a security specialist on a consulting
basis. You need a professional to address your security vulnerabilities on
a regular schedule.
3. Take necessary precautions
Make yourself and your staff aware of the basics in fighting cybercrime.
Holding regular seminars with guest speakers or panelists is one method of
updating your employees on emerging cyber-threats. Study the laws for
governing cybercrime and make sure your systems operate within the legal
framework. Obey required operating procedures and update your security
programs regularly. Set notifications for patches and updates to
automatically install for the most up-to-date security protection.
Inform employees about the risks of their own personal data held within
their own hands and the company’s. If any blackmail or extortion is
attempted, educate your staff on the proper channels of legal notification.
4. Don’t set expectations too high
It is hard to grasp, but by participating in a technological world, you are
never totally protected. Everyone needs to be realistic about their risk
for attack. Even if you have state of the art security systems, there are
still potential gaps for criminals to utilize. Cyber-hackers specialize in
understanding how to breach software, and honestly, many of them worked to
develop such systems. Their one-step ahead attitude allows them to prepare
techniques for even the most secure systems.
Read up on new tactics and techniques of these cybercriminals.
Understanding the mind of the potential culprit can help you nip their
plans in the bud. If you learn of new attacks taking place, update your
employees on this and move forward with modernizing your computer systems.
You can never fully avoid attacks, but you can do your best to make it an
overcomplicated job for the hackers.
5. Be smart about passwords
Never use the same password twice. As inconvenient as it is for you,
consistently change your passwords every month or two. This method of
constant change allows for your accounts to stay on the cutting edge. If a
hacker happened to access your account once, they cannot come back at a
later date with the same password knowledge.
Never use passwords that incorporate your child’s name or a spouse’s name
in any format. Also, never use birthdays or pet’s names. This information
can easily be obtained from various searches and social media websites.
Complicate your passwords with misspelled words, long phrases, numbers,
special characters and both upper and lower-case letters.
Do not keep a compilation of your passwords in a digital form. Hackers
consider this a heyday, especially if you keep multiple passwords in one
location. Write down your passwords on a piece of paper in your house or in
a notebook you keep in a safe. If someone was to hack your app or the
document where you store all the passwords, it would be very bad news for
you and your information.
6. Lock your credit for safe keeping
After all the cyberattacks occurring as of late, it is best to keep a
consistent long-term lock on your credit. Sign up for fraud alerts and
credit monitoring from a reputable agency. Contact your credit agency and
request a lock be put on your credit. You will need to remove the lock for
large purchases, such as a home, car or lavish vacation. Programs such as
LifeLock provide credit monitoring that is cost effective and operates as
identity theft protection as well.
7. Awareness is everyone’s responsibility
All cybercrime has a human responsible for the act. Cyberattacks, although
committed through computers, must be battled with another human on the
other side. Discuss your company and personal relationship with
cyber-hygiene. Computers and security systems require regular maintenance
to run smoothly and ward off potential attacks. Develop a procedure for
reporting suspicious activity. Even if it is nothing, it is better to be
safe than sorry.
Many individuals are so overwhelmed with technology today they cast away
information as out of their league. No matter where you come from, you are
utilizing technology in your daily life in some manner. When using these
systems, one must exercise vigilance to the best of their ability. Taking
basic steps towards awareness is the most realistic way to take
responsibility for your information and avoid cybercrime.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20171009/fbd6bb57/attachment.html>
More information about the BreachExchange
mailing list