Cybersecurity Awareness Month 2019 Series – Part 2

Securing Your Digital Presence

Welcome back for part two of our Cybersecurity Awareness Month series, where we’ll be taking a detailed look at the best practices for keeping your network and devices safe from cyberattacks.

Cybersecurity Awareness Month has taken on a more prominent role within the last few years, largely due to a concerning increase in cyberattacks targeting businesses of all sizes.

This includes SMBs, which account for nearly half of all attacks and have largely had to bear the brunt sophisticated methods devised by cyber criminals.

These developments are worrying many, particularly as many SMBs are underprepared for the consequences of an attack and don’t know where to start to defend themselves.

Last week, we examined the idea of “owning” your presence online. This week we’ll be looking at securing yourself from harm, whether it’s a password for your phone or the credit card details you enter while shopping online.

If you want to read Part 1 and catch up, click here!

Passwords & MFA

Weak passwords are a dream come true for cyber criminals. Brute force attacks—the practice of hackers compromising servers by using algorithms to input as many passwords as possible—are surprisingly effective.

This is owing in large part to people often using default or weak passwords that are easily hackable for a criminal with some bots and patience.

Multifactor authentication (MFA) is helping to address these concerns. It requires more than one means of authentication, drastically reducing the chances of someone using common cyberattack techniques gaining credentials or entry to an account.

Combining secure password protocols and MFA goes a long way to securing your information and keeping it out of the hands of malicious actors.

Secure Your Credentials

Use complex and unique passwords: Something that’s difficult to guess, contains a mix of characters, and unrelated to your personal life—like pets or relatives. Keep your passwords unique to respective accounts; use an encrypted password manager to keep track of them.

Keep your lips sealed: Don’t tell your password to anyone. With every person who knows your information, you’re opening another unnecessary avenue for cybercriminals to exploit.

Enable MFA whenever possible: Close to 100% of automated attacks are shut down by using a simple multifactor authentication process. This will typically mean adding two or more layers to your security—for example, a password and fingerprint or verification text. MFA goes a long way to keeping cyber criminals at arm’s length

Phishing

It’s an unfortunate reality that cyberattacks don’t really target computers or devices, but people. Cybersecurity Awareness Month is as much about making sure your anti-virus is up to date as it is educating people to be aware of threats and to know what to look out for. Cyber criminals work tirelessly to perfect their ability to hoodwink an unsuspecting victim into falling for one of their traps.

There is no better example of this than phishing. This is where criminals will send you an email posing as a legitimate entity—often a co-worker or an organization like a bank—in an attempt to ask for sensitive information like account numbers, Social Security numbers, or passwords.

These kinds of attacks have risen in popularity—64% of organizations experienced a phishing attack in the past year.

Secure Yourself From Phishing Attacks

Be vigilant: Phishing is primarily reliant on the targeted person’s lack of vigilance. If anything seems strange on an email—typos, generic greetings, etc.—be extra careful. Contact the sender directly to verify the integrity of the email if you’re suspicious—better safe than sorry.

Think before clicking: Phishing scams almost always require you to either open an attachment or click through on a link. Cyber criminals will often attempt to instill fear and urgency in the target—for example, the email might inform you of a “recent purchase” and redirect you to a site where you are encouraged to enter your bank account details for “verification”.

Protect your personal information: Many Americans share their personal information on social media. Be wary of scams that contain detailed info—full name, job, address. Spear phishing scams target individuals directly, with criminals using every detail they can find in their efforts to trick you. Careful what you share with the world, you never know who’s looking.

E-Commerce

Just over three-quarters (76%) of adults in the US shop online in one way or another. Younger generations use the internet for e-commerce purposes more than ever—millennials do 60% of their total shopping using the internet.

A key theme of Cybersecurity Awareness Month is understanding and having control over your data. Making purchases online means customers have to enter a wealth of personal information before checking out—full name, address, credit card details. This is a process that is ripe for targeting.

E-skimming is a technique used by hackers to obtain this information; it is primarily done by exploiting the e-commerce sites of legitimate businesses. Criminals will find a vulnerability, inject their scripts into the checkout phase, and record all the information entered by customers.

For businesses, this means they must be vigilant to ensure that customers using their platform can be confident and safe in the knowledge that their information will be kept secure.

Secure Your Checkout

Keep an eye out: Watch out for warning signs. If there are complaints of fraud of customer accounts, irregularities that can’t be explained, or noticing that the JavaScript code has been altered. These are all signs that should have alarm bells sounding.

Secure your network: Code associated with e-skimming is complex and often varies significantly from one to another, making it difficult to account for specific identifiers when e-commerce pages are attacked. Properly secure your network if you feel it’s vulnerable and segment it to avoid more exposure and hackers from moving laterally within it.

Minimize risk: Reduce your chances of having your network exploited by doing everything you can to keep your security protocols up to date. Regularly update and patch your payment software if necessary; check your code regularly; monitor web activity logs; and have a response plan in place if the worst should happen.

Workplace

Cyberattacks are devastating to organizations of any size, and SMBs in particular. 80% of SMBs that experience downtime as a result of a breach incur losses of $20,000 an hour, on average.

The majority of small and midsize businesses are not properly equipped to deal with the consequences of attacks, which are increasing in prominence and sophistication.

In short, it’s becoming more and more vital for SMBs to adequately protect themselves from these attacks, and equally as important for decision makers to have practices in place which encourage the safety-first when it comes to data.

Secure the Office Environment

Business data is personal: Data held by businesses often involves personal information, whether it’s customer or personnel information. Employees can be identified through business records like payrolls—this information must only be shared via secured networks with known parties.

Update: This might go without saying but is often overlooked. Keep your network and antivirus up to date and running the latest versions of software. Businesses that use managed security services have the advantage of their networks being monitored 24/7 by their partner. For businesses running their own security, it’s important to monitor the network as often as possible and take nothing for granted. It only takes once.

Stick to the network: Avoid conducting business through channels and networks that aren’t known quantities. For example, employees should use their company email rather than a personal email, and it is best to avoid sharing company data on platforms you have no control over.

Impact Networking’s Managed Security program provides vital cybersecurity protection for clients, keeping their minds at ease in the knowledge that their IT infrastructure is being monitored and maintained by our security experts.

We’ve vetted 100s of vendors to ensure that our program utilizes best-in-class solutions for our clients. In today’s landscape, a comprehensive cybersecurity program has never been more important. Learn more about Impact’s offering here.