Last week, we shared the scoop on current issues in cybersecurity. In this article, we’re arming you with the knowledge to avoid falling victim to cyber attacks and threats. Since many cybersecurity issues arise from the “human factor,” educating yourself is one of the best steps you can take to protect both your personal and business presence.
What are a few things you recommend people do to better protect themselves when it comes to cybersecurity?
- Use a password manager. One of the biggest downfalls people have with their personal security is reusing passwords and using weak passwords. The rationale for doing this is usually that it’s hard to remember a bunch of unique or complicated passwords to a bunch of different accounts. That’s where a password manager comes in. It’s essentially an encrypted password vault that stores all your passwords for you and offers functionality to generate secure passwords. By using a password manager, all you have to do is remember one password: the password to your vault where everything is stored. If I had to recommend one thing people can do to improve their security, this is it.
- Enable multi-factor authentication. This is the feature that requires you to verify login attempts via an app on your phone, text or email. Typically, you want to use strong multi-factor authentication over weak multi-factor authentication. That means using a multi-factor app like Microsoft or Google Authenticator in lieu of using email or text message multi-factor, simply due to the inherent vulnerabilities that exist in text messaging and email protocols. If everybody used multi-factor authentication and a password vault, there would be a huge reduction in cybercrime.
- Minimize your digital footprint. Ideally, you want to have a very small online footprint. Attackers do something called “open-source intelligence” using your social media, which means they look at your social accounts in search of ways to exploit you. They figure out what you’ve been doing, where you’ve been going, what your interests are, who your family is, then use that data to scam you or attack you. Lock down your social media channels and limit access to people you know and trust.
The other aspect of your digital footprint is essentially every website beyond social media. The more websites you provide information to, the more likely someone may be negligent with that information and leak it to an attacker. Being mindful about who you give your information to goes a long way in making sure that your data stays out of the wrong hands.
What are some best practices businesses can employ to better protect themselves from cyber threats?
- Limit privileged access. If someone doesn’t need privileged access, they shouldn’t have it. Only give the necessary permissions that an employee needs to do their job. This ensures that if one account is compromised only a subset of your network is at risk rather than the entire thing. Also, if you have employees who are no longer at the company, make sure that you disable those accounts. You may also want to preemptively disable employee accounts when someone gives their two-week notice.
- Backup everything. If your business gets hit by malware or ransomware, having backups secured and off your network is a saving grace. If your computers and data get locked and encrypted as part of a ransom, you may be able to pull your backups and essentially rebuild without paying the ransom. Only around 8% of companies who pay the ransom get their data back. It’s safer and smarter to have backups, test them regularly and know how to restore everything should you ever find yourself in that situation.
- Get educated and stay aware. Going back to the government contractor story shared above, 70-90% of all cybercrime starts with social engineering or phishing attacks, and a staggering amount of that is attributed to the human factor. Do your due diligence by educating your employees about user awareness. Check out Cybersecurity Infrastructure & Security Agency (CISA) for a great resource.
- Stay up to date on updates. Around 20 to 40% of cyberattacks are made possible by outdated software. You can easily avoid becoming a statistic by ensuring that your software is updated. Make someone on your team accountable for regularly auditing your systems and updating as necessary.
- Have a plan in place. Most small businesses typically don’t have an incident response plan in place. If they were to be attacked or have a data leak, it would likely take some time to formulate a plan on how to proceed. Before an attack happens, sit down with IT and your business leadership to map out an incident response and continuity plan outlining exactly what to do and assigning responsibilities for different aspects of your post-attack business. This is something nobody wants to think about happening, but it is extremely important that you know what to do if and when it does.
Interested in more? Learn about Central’s Cyber Protection & Coverage
Central writes both personal and commercial cyber coverage.
On the personal side, we offer identity recovery insurance, which covers the costs incurred in the event that your identity is stolen. Personal cyber coverage offers protection against things like cyberbullying, including the costs of psychological support, or getting hacked. Learn more about both here. Central’s Cyber Suite Coverage is a great option for businesses that maintain data on clients or employees. It covers everything from data compromise response expenses to cyber extortion, data compromise liability to identity recovery. Learn more about Cyber Suite here.
The information above is of a general nature and your policy and coverages provided may differ from the examples provided. Please read your policy in its entirety to determine your actual coverage available.