By Michael Bosnar
October is cybersecurity awareness month and while following best practices are important every month of the year, this a good opportunity to remember we should all take a collective role in organisational security and risk mitigation. When it comes to cybersecurity, a healthy dose of paranoia goes a long way.
With introduction of the General Data Protection Regulation (GDPR) in Europe, the Notifiable Data Breaches Act (NDB) in Australia and CERT NZ’s critical controls 2018 organisations that suffer a data breach are obliged to report it within 72 hours. This means that more than ever they should ensure they’re well equipped with technology and skilled professionals to demonstrate that all precautions have been taken to avoid a data breach, but also to reduce the damage in case of any attack.
Therefore, the onus is on the organisations to focus equally on user education along with the technology and training. The cyber hygiene starts at home and as the lines between our work and daily lives become increasingly blurred, it is a necessity to be smart and vigilant when it comes to cybersecurity.
It is key for organisations to teach the entire business to put security at the top of their list of priorities and educate them on the importance of prevention, detection and remediation technologies. When attacks are user-focused, you can never be 100 percent sure that one of your users will not click on a bad link or open a bad file. After all, the organisation’s online safety and security are everyone’s responsibility.
Here are six key tips which every employee should follow to stay safe and mitigate the cyber risks:
- Always Use Password Best Practices: Every user should change passwords often and create unique passwords with 13 characters or more that use a combination of words, numbers, symbols and both upper and lower-case letters. Never use a network username as a password or easily guessed terms such as “password” and avoid simple combinations such as “1234.”
Tip: Try using an unusual passphrase or the first letter of each word of a song lyric or memorable quote mixed with a few numbers and symbols. It can help you remember long passwords.
- Be Cautious When Using Public WiFi: When travelling or working at your local coffee house or even in a hotel room, always be aware that public WiFi can be easily compromised. Proceed on public WiFi as if someone is watching and don’t make purchases or login to sensitive accounts such as a bank account.
Tip: When working out of the office, immediately connect to your corporate VPN before connecting to email or opening your browser. Your VPN will add an extra layer of encrypted protection from prying eyes.
- Regularly Update All Applications and Operating Systems: No endpoint device should go without regular patching and updates to the operating system and applications used. Be sure that all computers used to connect to the corporate network – both company-owned and personal – have the latest software installed.
Tip: Turn off or restart your computer regularly to allow updates to install and download new updates for your applications as soon as they become available.
- Protect Your Money. Just like you wouldn’t leave your cash on the table in a crowded restaurant, you need to be careful where you use your debit and credit card information. If the information falls into the wrong hands, it can result in credit card fraud or identity theft.
Tip: Use a protected credit card when shopping online. If you use a debit card, be sure that your bank offers strong fraud protection policies and be aware that your account balance could be temporarily compromised until the bank policy kicks into action.
- Don’t click until you’re sure. Phishing is a cybersecurity attack that uses a deceptive email or website to steal personal data, such as your login or credit card information. It’s one of the most common ways cybercrime is committed and anyone can be a target.
Tip: Never click on a suspicious website pop-up or email link and don’t open an attachment from an unknown sender. Suspicious emails can often look very legitimate. Carefully check the domain name of the sender to see if it aligns with the company they say they are from. It’s also a good practice to hover your mouse over a website link before clicking to see the destination so you can double-check that the link is going where it says it goes. If you do click a phishing link, alert IT right away so they can contain the attack quickly before other systems are compromised.
- Backup your Data. To ensure that your company data is protected, be sure that it is part of the company-managed backup and recovery process. Without proper backups, your data could be lost for good in the event of a cyberattack.
Tip: Load your vital data onto corporate file shares or in company-sponsored cloud storage where it will be a part of the enterprise data protection process. Thus, if your data is part of a ransomware attack, the company can recover it.
The importance of cybersecurity should cover all layers in an organisation; from users to C-Suite. If the board doesn’t understand cybersecurity or why it is a priority, an organisation cannot defend itself against cyberattacks because ultimately these people control business purse strings. It is also valuable for other technical teams to have security understanding so that they can flag anything anomalous, which could indicate a cyberattack, in their daily work. In short, cybersecurity is everyone’s responsibility, in one way or another.
