Given the ever-evolving range of cybercrime dangers that threaten your firm on a daily basis, it has quickly become evident that cybersecurity can’t be ignored. Where at one time any cybersecurity protection might have been sufficient, only the best is going to be effective in the modern digital world.
In 2015, law enforcement officials reported a spike in the number of ransomware attacks occurring in businesses around the world. In an FBI report, it was reported last year’s growth has continued through to today in 2017.
Cyberattacks are a serious threat and each of us needs to do our part by employing adequate protection and practices at home and in the workplace.
The fact is that standard perimeter defenses are weak. Consider the dilemma we face in trying to protect our private information such as our Social Security Number. It is virtually impossible to prevent identity thieves from getting your SSN, however, one can make it tough to abuse the number by freezing your credit. In cybersecurity, it is virtually impossible to prevent cyber thieves from penetrating your perimeter defenses but you can protect your valuable information through encryption.
There is a significant human element to cybersecurity. According to the 2015 Verizon Data Breach Investigations Report, 90% of all breaches involve a compromised user. People are the weakest link in cybersecurity and the best defense is user awareness training.
The Keys to Comprehensively Securing Your Home Devices
The first step to securing your perimeter is to define your perimeter by taking an inventory of your devices and connections to your network (computers, mobile devices, remote access.) This inventory is a list of the entry points to your network and will be the focus of your perimeter defense. Remember one open window is all a hacker will need to easily breach your system so EVERY entry point must be secured.
One of the most common breaches emanates from lost or stolen equipment. In particular, mobile devices and portable storage (flash drives) are highly susceptible so be diligent and develop good habits including not leaving devices unattended for any length of time and not placing a phone on the table at a restaurant where it could be inadvertently left behind. If your home or office is vulnerable consider upgrading the security which could be as simple as installing deadbolts on doors or an alarm system.
A firewall is a hardware or software system that creates a secure environment for network computing. This can be accomplished through some devices. We recommend Sophos’ Unified Threat Management (UTM) and iView tools. Using Sophos’ firewall solutions, we’ve helped clients gain a 40% boost in network performance, and savings of more than $180,000 in bandwidth expenditures in the course of a single year.
Wireless networks are inherently vulnerable but that must be weighed against the low cost and convenience. An open system is an open door so make sure you secure the wireless network. Here are a few steps that should be taken:
- If you have a router provided by your internet service provider it will often have a sticker with the password. Save the password in a password manager and remove the label.
- Change the Administration Password. The two most common wireless routers on the market are Linksys and Netgear and hackers know the default Admin passwords so make sure you change the password.
- Use WPA or preferably WPA2 Encryption. If you are required to enter a password to allow a device to connect to your wireless then you have enabled encryption.
- Change the Default Service Set Identifier (SSID)(Name your network). Again, if you have the factory default a hacker will target your system on the assumption that if you did not name the network you probably did not take other steps such as encryption. To see the name of your network go to: <Start><Control Panel><Network and Internet> If it needs to be changed consult the manual for your wireless router. If you have misplaced the manual, do an internet search on the name of your router and you should be able to find a manual online.
We trust and recommend Sophos Home for private users and families, and Sophos Enterprise + MalwareBytes for business environments.
Smartphones and tablets are a window to your network so make sure they are secured with Sophos Mobile security solutions:
- Password protect AND encrypt your data. This may be done via <Settings> in either Apple or Android systems. Although inconvenient, you should be required to sign in when turning on the device. Without the password, the encrypted data on the device will be secure. If your Smartphone does not have an encryption option, you can purchase a third-party solution.
- Install Sophos antivirus software.
- Only backup your data from mobile platforms if it meets corporate or personal policies.
- Have the ability to remotely locate or wipe the device if it is lost or stolen.
Browser Security – Many viruses are transmitted via websites so browser security is important. One browser does not preclude you from using another. You can install and use multiple browsers depending on the needs of the websites you are visiting, but for security purposes, we recommend Chrome, with the uBlock Origin plugin to stop unnecessary ads and potential advertising scams.
Consistent with the minimalist philosophy setup User Accounts without Administrator Privileges. This way if your user account is compromised the hacker will be restricted in what they can do. Be forewarned that setting up a user account will require that everything be reconfigured and this is analogous to buying a new computer. It is a lot of work so be prepared if you implement this protection.
<Start><Control Panel><User Accounts> Add User Account as a Standard User
Passwords are the most basic line of defense in cybersecurity these days, which is why it’s so important to ensure they are sufficiently strong to keep you safe. The bottom line is to make sure to use longer passwords – factoring out all other considerations (case, complexity, symbols, numbers, etc.) the bottom line is that the longer it is, the harder it is to crack.
Password managers are a highly recommend tool as they enable you to easily use different passwords on different sites by encrypting all your password in one application
requiring you to only memorize one password to access that application. Using the same password for all sites is a poor safety practice. Moreover, managers like Lastpass have features that are extremely convenient and make accessing password protected websites easier by securely storing the web address, user ID, and password and allowing you log in with a single click.
Finally, you should make use of multifactor authentication which is readily available on commonly used websites such as Facebook and Gmail. When you enable multifactor authentication you will be required to enter the password AND answer challenge questions or enter a token (six digit code) sent to your phone via text message. Email accounts get frequently hacked, however, one with multifactor authentication is less likely to become compromised. Furthermore, services like YubiKey provide physical two-factor authentication tokens, adding another layer of important security.
If you could do only one thing mentioned in this discussion it would be to back up your data in the cloud. The services noted below are well worth the cost and operate seamlessly and more efficiently. Hardware and software can be replaced but your data is critical so make sure you back it up. There are many services and most new computers come with a service pre-loaded however consider using Datto or Carbonite.
Encrypting your data is the second most significant protection behind backing up your data. Note: the two most important safeguards are interior defenses because the perimeter is tough to guard. We talked about encrypting the data on your smartphone and your computer. There are built-in encryption programs such as Bitlocker which will encrypt your entire hard drive.
This is a free open-source program and encrypts individual files and is a most convenient encryption program. Functionality is as simple as right-clicking on the file and the passphrase can be stored and need only be entered once. Note: if you leave your computer, it is recommended that you don’t enable this feature. In that case, you would be required to enter the passphrase every time you open a protected file. Entire folders can be selected so it is easy to encrypt or decrypt multiple files at once.
Flash drives a.k.a. thumb drives are handy (no pun intended) but vulnerable. Make sure all important content on flash drives is encrypted using AxCrypt or something similar. Also be aware of a hacker trick of leaving a flash drive to be found and a curious person inserts the drive into their computer and unknowingly downloads a virus. Don’t fall for this and if anyone gives you flash drive, even someone known to you, get in the habit of holding down the left shift key while inserting the drive. This will prevent any auto-executable files on the flash drive from running. Another option is to disable auto-play on your computer.
Social engineering is a methodology that hackers use to trick users into revealing sensitive information such as passwords or to unknowingly download a harmful virus. Your best protection is awareness.
Cybercriminals are smart – they adapt quickly and continually come up with new ways to take advantage of businesses like yours. A popular tactic among hackers today is “phishing,” a method in which they send fraudulent emails that appear to be from prominent company members to get recipients to reveal sensitive information and execute significant financial transfers. With only a surprisingly small amount of information, cybercriminals can convincingly pose as business members and superiors to persuade employees to give them money, data or crucial information.
For example, consider Verizon, who, a part of their annual effort in collecting data from investigations and various third party contributors, recently released their annual Data Breach Investigations Report (DBIR). The 85-page report details a vast range of data regarding the number of digital security breaches occurring in businesses worldwide last year, with notable findings that include:
- The vast majority of attacks (75%) were financially motivated.
- Phishing is the primary method of hacking that should concern non-retail businesses and organizations.
- Use of ransomware is on the rise and should be considered a growing threat to businesses.
- The rate of instances where the user or employee is victimized has doubled in the past six years.
Not only does the data show that financial institutions such as yours are at greatest risk, but furthermore that your employees are often what can make it so vulnerable to hackers. Ransomware and phishing tactics all rely on a member of the targeted business to (unwittingly) take part in the scheme by opening suspicious emails, downloading attachments, or performing other tasks on behalf of the hackers.
That’s why it’s so important to ensure your IT security measures — including employee training, awareness, and procedures — are up to snuff. The best possible way to do so is with a regular, comprehensive security assessment, and Brainlink wants to help you do just that.
Key tips include:
- Examine emails carefully, especially the sender’s email address. If the email domain does not match the sender’s company, it is likely fake.
- Examine any links by hovering your mouse over the link to see the linked address. This is not 100% reliable so the best policy is to not click on any links. Instead, open your browser and enter the address manually.
Public Wi-Fi such as free wireless at airports, hotels, and Starbucks is inherently dangerous and should be avoided if possible. Learn how to use your phone as a mobile hotspot by contacting your cellular provider. However, if you must use public Wi-Fi setup a Virtual Private Network (VPN).
Do not send unsecured emails containing sensitive information. Emails within the same domain are secure but between domains, the email will travel over the internet and could be easily intercepted. Many employers have secure email systems or a safe alternative is to utilize a file-sharing service, such as Dropbox. Dropbox has had high-profile security breaches in the past but has since made significant upgrades to security.
Email accounts are very susceptible to being hacked. In the password section above we discussed how to enable multi-factor authentication on email accounts. Take a look at your saved emails and determine if any contain sensitive information. If so, they should be exported, encrypted, saved and then deleted from the email client. For many people, their email account is their weakest link and they have not considered the consequences of getting hacked. Do not save emails on your email client that contain sensitive information.
Don’t Forget the Recycle Bin
Most people don’t know this but when you “empty” the recycle bin the file is still intact on your drive and could be easily retrieved. This is analogous to taking the trash out and having a dumpster diver pick out relevant information. To securely erase files from your system you need to use an eraser (sometimes called a shredder).
Malware includes viruses, spyware and other malicious programs that can be downloaded to aid a hacker or compromise your system. Unfortunately, many of these programs are not detected by antivirus software so you need to be careful.
For more information on secure practices for your family and your business, be sure to check out Brainlink CTO Raj Goel’s UNPLUGGED Luddite’s Guide to CyberSecurity: What To Teach Your Kids & Grandparents BEFORE They Access The Internet.
Not sure about social media either? Raj and Brainlink are long-time champions of scrutiny and restraint when it comes to social media both in personal and business settings – learn more by watching this video right away.
For comprehensive cybersecurity consultation, reach out to Brainlink right away at (347) 460-2238 or firstname.lastname@example.org.