Last week, we shared a scoop on current issues in cybersecurity. In this article, we arm you with the knowledge to avoid falling victim to cyber attacks and threats. Because many cybersecurity issues arise from the “human factor”, educating yourself is one of the best steps you can take to protect both your personal and business presence.
What are some things you recommend people do to better protect themselves when it comes to cybersecurity?
- Use a password manager. One of the biggest downsides people have with their personal security is reusing passwords and using weak passwords. The reason for doing this is usually that it is difficult to remember a lot of unique or complicated passwords to a lot of different accounts. This is where a password manager comes in. It is essentially an encrypted password vault that stores all your passwords for you and offers functionality to generate secure passwords. By using a password manager, you only need to remember one password: the password to your vault where everything is stored. If I had to recommend one thing that people can do to improve their security, it is this.
- Enable multifactor authentication. This is the feature that requires you to verify login attempts via an app on your phone, text message or email. Generally, you want to use strong multifactor authentication over weak multifactor authentication. This means using a multifactor app like Microsoft or Google Authenticator instead of using multifactor for email or text messaging, simply because of the inherent vulnerabilities found in text messaging and email protocols. If everyone used multifactor authentication and a password vault, there would be a huge reduction in cybercrime.
- Minimize your digital footprint. Ideally, you want a very small footprint online. Attackers do something called “open source intelligence” using your social media, which means they look at your social accounts in search of ways to exploit you. They find out what you have done, where you have been, what your interests are, who your family is, and then use that information to deceive or attack you. Lock down your social media channels and restrict access to people you know and trust.
The other aspect of your digital footprint is basically every website in addition to social media. The more websites you provide information to, the more likely someone is to neglect that information and leak it to an attacker. Paying attention to who you give your information to is a long way to go to ensure that your data does not end up in the wrong hands.
What best practices can companies use to better protect themselves against cyber threats?
- Restrict privileged access. If someone does not need privileged access, they should not have it. Provide only the necessary permits that an employee needs to perform his job. This ensures that if an account is compromised, only a subset of your network is at risk rather than the whole thing. If you have employees who are no longer with the company, make sure you disable these accounts. You may also want to deactivate employees’ accounts for preventive purposes when someone resigns in two weeks.
- Back up everything. If your business suffers from malware or ransomware, having backups secured and outside your network is a lifesaver. If your computers and data become locked and encrypted as part of a ransom, you may be able to back up and basically rebuild without paying the ransom. Only about 8% of companies that pay the ransom get their information back. It’s safer and smarter to have backups, test them regularly and know how to restore everything should you ever end up in that situation.
- Educate yourself and stay aware. If we go back to the history of the state entrepreneur shared above, 70-90% of all cybercrime starts with social engineering or phishing attacks, and a staggering amount of it is attributed to the human factor. Do your due diligence by educating your employees about user awareness. Check out the Cybersecurity Infrastructure & Security Agency (CISA) for a great resource.
- Stay up to date on updates. About 20 to 40% of cyber attacks are made possible by outdated software. You can easily avoid becoming a statistic by making sure your software is up to date. Make someone on your team responsible for regularly reviewing your systems and updating as needed.
- Have a plan in place. Most small businesses do not usually have an on-site action plan in place. If they were to be attacked or have a data leak, it would probably take some time to formulate a plan for how to proceed. Before an attack occurs, sit down with IT and your company management to chart an incident response and continuity plan that describes exactly what to do and assign responsibility for various aspects of your business after the attack. This is something that no one wants to think about happening, but it is extremely important that you know what to do if and when it happens.
Interested in more? Learn more about Central’s cyber protection and coverage
Central writes both personal and commercial cyber surveillance.
On the personal side, we offer an identity recovery insurance that covers the costs that arise in the event that your identity is stolen. Personal cyber coverage offers protection against things like cyberbullying, including the cost of psychological support or being hacked. Read more about both here. Central’s Cyber Suite Coverage is an excellent alternative for companies that maintain data about customers or employees. It covers everything from data compromise spending to cyberbullying, data compromising responsibilities to identity recovery. Read more about Cyber Suite here.
The information above is of a general nature and your insurance and coverage provided may differ from the examples provided. Please read your entire policy to determine your actual coverage.