This is part one of a three-part series on Preparing for and Mitigating Potential Cyber Threats.
People are not perfect and are the biggest threat to a company’s assets and the possibility of a data breach.
Human error is almost a certainty when it comes to a bad actor walking through an open door in a network.
As more and more organizations face security threats, they are taking precautionary steps to ensure their safety.
Educating employees and having standard operating procedures to plan for what to do should some of the situations outlined below become a reality.
Increase Education and Vigilance
Organizations need to cultivate a culture of cybersecurity awareness. Since the human factor in the security of the network is a vulnerability, organizations need to make sure that adequate training and tools are available to employees are prepared should a bad actor dial in on them as a possible entry point for a breach.
The most recent Verizon Data Breach Investigations Report (DBIR) found that 85% of cyberattacks are due to human mistakes, such as clicking on malicious links, sharing passwords, or accidentally deleting files or data.
Do Not Take Chances With Passwords
As cyber threats continue to evolve, the importance of password security has become increasingly clear. In recent years, several high-profile data breaches have been linked to weak passwords, demonstrating just how vulnerable we are to attack.
If you want to keep your data and resources safe from attackers, there are a few things you need to do. First, never give out your login information or personally identifiable information (PII) to anyone. Second, be careful of phishing emails and infected attachments. If you think something might be suspicious, don’t open it. Finally, keep your sensitive information like credit card numbers and IP addresses in a secure place. By following these simple steps, you can help protect yourself from becoming a victim of identity theft or other cybercrimes.
Employ Multi-Factor Authentication Practices
Sometimes having a strong password is not enough to prevent a cyber-attack. As a result, it is essential that organizations and individuals have all the proper tools necessary to protect themselves against cyber threats. This includes using strong passwords and multi-factor authentication (MFA).
Using MFA will help prevent hackers from gaining access to your accounts if they are able to gain access to your username and password. It can also help reduce the likelihood that your account will be compromised in the first place.
MFA can include:
- Something you know – such as a password or PIN (personal identification number)
- Something you have – such as a device like a mobile phone or wearable device like Google Glass or Apple Watch
- Something we know – such as a security question, answer, or biometric identifier
It is important for organizations to implement MFA practices on all accounts that have access to sensitive information, such as customer records. The most common method for doing so is by using SMS text messages with a one-time code.
Be Vigilant With Email
“Hey Jackie, here is a spreadsheet with the latest forecasting numbers we tallied from the last board meeting. Thanks, Jim”
…Jim is on vacation and your team has agreed to use the central CRM to share data rather than spreadsheets.
Also, Rob’s email is email@example.com and not firstname.lastname@example.org.
Keeping an eye out for suspicious emails that may have been sent from a source you do not know is one of the best ways to avoid falling into that sandtrap.
Bad actors are becoming cleverer all of the time. Opening attachments is an easy way for them to run malware to infect a computer and potentially the company network.
If a suspicious email comes through, do not open any attachments —following an organization’s standard operating procedures, whether that is to flag the email as a phish or just delete it together.
Avoid downloading files from unknown senders and unrecognized sources, as they may contain viruses.
In addition to attachments, links within an email that have come from an unknown source is another way a bad actor can gain access to a computer and install malware.
If you’re ever unsure about whether a link is safe or not, there are a few things you can look for. First, check the URL to see if it looks suspicious. If it’s a long, nonsensical string of characters, it’s probably best to avoid clicking on it.
If you’re concerned about whether a website is safe to visit, there are a few things you can do to check. One is to use Google Safe Browsing, which will tell you if the site has hosted malware in the past 90 days. To use it, just go to the URL: http://google.com/safebrowsing/diagnostic?site= and type in the address of the site you want to check – for example, google.
Do Not Leave Accounts Open
Close background applications when you are not using them, and don’t leave accounts open for long periods of time. Additionally, make sure to keep your operating system up-to-date.
In The End…
In the end, there will always be people…
The potential for human error to lead to infiltrations and breaches is always a concern for businesses. However, by taking steps to educate employees and strengthen passwords and other security measures, the risk of a breach can be greatly reduced.
Organizations can reduce the risk of breaches by doing routine vulnerability scans and having next-generation network protection. By having a mature cyber security posture, organizations can further reduce the likelihood of breaches.
Part 2 in this series: Is Your Team Prepared?