Securing your information and protecting your privacy go hand in hand. In today's constantly evolving digital landscape, nobody can compromise when it comes to security, because breaches and constant attacks don't discriminate between large organisations or small businesses. As business decision makers, are you taking the necessary steps to make your systems more difficult to be breached and, are those steps enough to make you immune against the cascade of malicious attacks that might come tomorrow?
Our advice is, don’t learn the hard way! Here are some basic, but important steps that you should always adhere to.
1. Regularly Update Your Password
Ensure your first layer of protection; your passwords, are constantly being refreshed with stronger combinations of symbols, upper case and numbers. We have tendencies to be simplistic when we choose passwords because we want to keep it easy for to remember. Unfortunately, we are also making it easier for the digital prying eyes that are always SCOURING to access information illegally. This is where we can leverage password managers (like lastpass) to track, manage and access all our passwords. This type of software will not only store the password but will also generate complex passwords and automatically fill the login details for the sites you want to access so you don't even have to create or remember them! The best practice here is to setup a complex master password for the password manager that controls all other passwords.
2. Install Anti-Malware and Anti-Virus Protection
All new computers are pre-equipped with basic Anti-Virus software. There are some free ones out there, but like everything in life you get what you pay for. Many of the free ones will not include Anti-Malware or real time protection. You want to have an application that is always scanning and protecting your computers. With the introduction of the Modern Workplace, we now work from different devices; laptops, mobile phone and tablets which means the work boundary is no longer limited to a physical office space. So organisations are now faced with new challenges such as: how to centrally and efficiently manage, track and protect all their staff and devices.
3. Activate Two-Factor Authentication
Two-factor authentication is an added layer of security that forces you to go through a verification process to confirm and match the identity of the legitimate owner of the information. The verification process is linked to your personal mobile phone via a text message or a token code generated through an enrolled application. Most businesses are adopting this type of security layer as policy within their organisation.
4. Back up & Test Your Data Systematically
Back up, back up and BACKUP!
Can you afford to lose your data and never be able to retrieve it? If you are reading this blog the answer to that question is no! Ransomware attacks were notorious in 2018 and 2019 will not be any different. Have a Backup strategy to ensure your data is being protected and the data integrity is being maintained. The only way to confirm what you have been backing up is 100% reliable, is to perform random test restores. The restore strategy should also include different types, sizes and locations of files along with the frequency of the restore process.
5. Be Careful with Links and Attachments in Emails
Credential harvesting is one of the common attempts to access an individual's private information. Fake emails with phishing links are sent, and when clicked they can steal that users personal information. Whenever you receive an email, even from someone you recognise, be careful of the contents, links and related attachments. If you have doubts about the legitimacy of an email, just delete it without trying to explore any of its contents.
The digital age is constantly evolving, and viruses are mutating, trying to evade and outsmart the tools developed to mitigate them. Never compromise when it comes to security. Securing your information is not a one-time act, an unwavering mindset and group of processes is needed to maintain the security and integrity of your data.
The Missing Link offers Security Awareness Training to educate your employees about the types of attacks to look out for, password security, and what to do in the event of a breach. The training can be preceded by a simulated phishing attack, or a password audit, to show employees how easy it is to fall victim to an attack. Security Awareness Training and simulated attacks should be carried out yearly at a minimum.
These eleven steps will help to keep your organisation free from social engineering attacks. It’s important to remember, however, that new kinds of attacks appear on a relentless basis. For more information about assessing, improving and managing your IT, or about Security Awareness Training; reach out to us at The Missing Link.