The Dos and Don'ts of Cyber Security Measures to Help You Protect Your Business and Assets
There are a few simple countermeasures you can take to protect yourself from cyber attacks. Here are five things to do to increase your security.
1. Keep all your software up-to-date.
Bad guys are continually looking for flaws in your software's programming code that will provide a point of entry. For robust software platforms like Windows or Apple, there's a never-ending battle between to fix those flaws; when the developers discover them, they'll write a correction to their code, or a "patch." These patches are then distributed to all users in the form of updates. You must keep your devices up-to-date and install the updates as soon as they become available. If you don't, you're leaving the door open for the bad guys to walk right in and take over your devices.
2. Back up everything, all the time; having one copy isn't enough.
To be safe, you need three copies of everything: the original, a backup for yourself and an off-site copy, which could be stored in the cloud. There are a number of affordable off-site backup systems that will continually monitor your data for changes and make copies of these changes as they occur, automatically and in the background. To maintain a local copy, you'll need a separate storage device, perhaps an external hard drive or on a separate computer. Flash drives are also an inexpensive way to store material. With your original data on your computer, your changes saved offsite continuously, and regular incremental copies of your data stored locally, you have a backup system that's relatively simple to implement and maintain, affordable and automated.
3. Become a limited user.
By default, most computers consider you an "administrator," which means you can do virtually anything to the computer, including installing and removing software. Most cyber attacks rely on you doing something to allow the bad guys in. That "something" may be as innocent as visiting a website that's become infected with malware so the second you land on that site, the malware goes to work infecting your computer. However, if you're not your computer's administrator, the malware won't work. Why? Because only the administrator has the authority to make changes to your system's software. Therefore, if you operate your computer as a limited user, the bad guys will have limited access to your computer and limited ability to make changes.
4. Use two-factor authentication.
Typically, we use passwords to provide some level of protection. The problem with passwords is they're difficult to remember, so often, people use the same easy-to-remember password everywhere. From the bad guy's perspective, this provides a tremendous opportunity because if they can guess your password once, they can gain access everywhere you've used it. And guessing your password isn't that difficult. By using social engineering to survey Facebook or other public sites, the bad guy can often learn your birth date, place of birth, high school and college, religion, work, affiliated social groups and the names of your friends and family and pets. This makes any passwords associated with this information vulnerable.
But, a password provides only one form of protection. Today, the perfect protection would require three things: something you know (a password), something you have (a device like a key fob), and something that's "you" (a fingerprint). More and more devices are providing the "you factor" form of protection. Others offer two-factor identification, which requires that you have something in your possession that provides you with a random code that changes periodically, possibly every few seconds. The bad guy may have learned your password, but without this device, your password is ineffective.
5. Use strong, long and hard-to-remember passwords.
To make things inconvenient for the bad guys, you should use passwords that are at least 12 to 15 characters and make use of capital and lowercase letters, numbers and symbols if allowed. You need to create a different strong, long and hard-to-remember password for every place you want protection.
The solution to remembering all these passwords is to use a password vault to safely and securely store all your passwords. Many of these vaults automatically enter your passwords when needed so you don't have to retype them. With the vault, you only need to remember one password -- the one that accesses your vault.
You're probably also doing a few things that could expose your information. Here are three you need to stop doing today.
1. Don't trust anyone. Always think before you act.
Bad guys will use your familiarity with friends, family or businesses to put you at ease and let your guard down. You may receive an email from a "friend" with a link in it or a document attached to it. Before you click on any link or attachment, ask yourself, "Am I expecting this email?" This form of phishing is rampant, and people fall victim to it every day.
Sometimes the bad guys will go to great lengths to disguise themselves, recreating corporate or bank logos to make it look like it came from a real trusted source. But, places like banks will never send you an email telling you there's something wrong with your password and they need your account number. Never respond to these emails. If you assume that all unsolicited communication may be bogus and take a second to think before you react, you'd save yourself hours of frustration.
2. Don't become complacent about cyber security.
Always assume you're continually under attack from outside threats. Never let your guard down.
3. Don't solely rely on antivirus programs to protect you.
They can't keep up with the threats and may, in fact, create vulnerabilities in your system that expose you to cyber security risks. They can also provide you with a false sense of security. You should still have them in place because they can provide warnings and block certain types of malware or attacks. You should update them regularly.
Follow the "dos" previously mentioned and avoid the "don'ts," and you will be well protected beyond that which can be provided by any antivirus program.