Posted by Joe Vigorito + Vito Nozza on Jan 19, 2021 10:00:00 AM
In the previous installment of this blog series, we shared seven cybersecurity tips to prepare your organization for 2021. This blog post includes seven more tips to help protect your organization from cyber-attacks.
Cyber Tip 8: Attackers gain a foothold of your information by investigating your habits, actions, favorite things, and the names of your family and friends.
When it comes to social media, own your online presence. Share only to your comfort level, not beyond it. Why make cybercriminals’ jobs easier by giving your information out freely on social media? This allows criminals to guess your passwords that could contain items of significance to you (e.g., your favorite car, your wife’s name, your kids’ birthdates, etc.) and break into your personal and financial data. Remember to be a good online neighbor. Post only what you would have someone say about you—not more—and always operate under the premise of “don’t know you, don’t trust you.”
Cyber Tip 9: Are you protecting your home environment from cyberthreats? How many times have you ventured to a sketchy website?
Place a new DNS (URL) address on your router that points to a filtering system, protecting your family’s web surfing. Open DNS (Cisco Umbrella) for home use will provide you with a range of protective measure. You will be able to control what is seen (inappropriate content) and be secured from risky sites.
Cyber Tip 10: We are a “clicky” society. Train yourself to think before clicking on a link or opening an attachment in an email.
At times, we open email attachments without looking at who sent them or details in the email header. We’re distracted by current events like COVID-19 or the election, so we tend to open emails to retain information—and at times are opening up a pandora’s box. Always be aware of the source and information being sent.
Cyber Tip 11: Know what’s going on under your nose. “Dwell time” is a saying meant to describe how long an intruder is sitting within your network and collecting information before you notice it.
The average dwell time is 180 days before you even realize that a cybercriminal has infiltrated you network! By employing a Managed Detection and Response (MDR) plan into your environment, you can be made aware of traffic that is outside the normal range (anomalies) and increase your threat hunting capabilities. This will allow for visibility throughout and will help you take action when needed.
We also often see Remote Access Trojans (i.e., a RAT) included with ransomware that are hard to locate and eradicate. A RAT is malware that includes a back door for administrative control over the target systems. RATs are usually downloaded invisibly with other malware, like ransomware. Once the host system is compromised, the intruder may use it to distribute RATs to other vulnerable computers and establish a botnet or use it as a future entry point even after the ransomware portion of the payload has been thwarted.
Cyber Tip 12: Credit card and financial data extraction are on the rise. The handling of data is as important as credit card information.
PCI-DSS is a standard that merchants must follow. In fact, three states (Nevada, Washington, and Minnesota) have made it law. More will follow. The handling of data is as important as credit card information. Both physical and electronic handling should be taken into account, in terms of who has access to the information and what they are doing with it.
If there is no need to house customers’ data, then ensure that once the transaction has completed, no information is kept on the network. If there is a need to house credit card data, ensure proper masking techniques are employed. Only the last four digits should be visible, and these should only be used for authentication and authorization purposes. Clients should be aware that they should never share this information over the phone, and that four digits should be the normal request.
Cyber Tip 13: Are you practicing basic password hygiene?
At times, we forget that passwords should not be our favorite cars, children’s name, ages, pets, or birthdates. We should be vigilant in ensuring our passwords are not easily guessed in order to keep our data private. An important factor is to NOT reuse personal passwords with corporate assets or vice versa. If a cybercriminal were to break into a personal Gmail account with the same password that is being used for your database at work, they will have access to critical company assets. If you’re thinking to yourself, “I could never remember that many passwords,” then use a password manager that encrypts the information on your device to keep it away from prying eyes.
Cyber Tip 14: Do you use different profiles when you are on the internet? Remember to compartmentalize.
Don’t let a compromise of one account lead to a compromise of many. Use different names and random word passphrases for:
- Work-related activity
- Social networking sites
- Shopping and e-commerce
- Banking, finance, and stock trading
Check back for the final part of this blog series for the seven more tips. Can’t wait? Download the full white paper below.
[WHITE PAPER] 21 CYBERSECURITY TIPS FOR 2021
As you prepare for 2021, you should prioritize building a cyber-aware culture within your organization and proactively follow a number of steps to keep your information and people protected from cyber-attacks. Download this ConvergeOne white paper to receive all 21 cyber tips to get your organization started.