Tis the season of giving and the year of cybersecurity, so we’ve pulled together a top five list of gifts to (not give!) your friendly internet hacker – even though we’re sure they’d love them.
1. Unchanging Passwords: Cha-cha-changes
Whether you’re safeguarding your PC, mobile device or online presence, password security is the first and arguably most important step you can take to protect your sensitive information. And unfortunately, users often don’t put the necessary effort into creating strong, unique and secure passwords. Read up on the five hallmarks of a strong password strategy, including Diversity (different passwords for different sites), Frequency (change every 90 days) and Complexity + Length (make it hard to guess).
2. Outdated Patches
WannaCry is back in the headlines as the US blames North Korea for the massive May 2017 ransomware cyberattack that spread itself within corporate networks, without user interaction, by exploiting a known vulnerability in Microsoft Windows.
This attack demonstrated the importance of effective patch management programs and services (think Eze Castle!) that ensure the timely implementation of system updates. As Brad Smith, president of Microsoft, wrote, “As cybercriminals become more sophisticated, there is simply no way for customers to protect themselves against threats unless they update their systems. Otherwise they’re literally fighting the problems of the present with tools from the past.”
3. No Backups = Ransomware Payouts
Speaking of ransomware - hackers initiating attacks aren’t exactly looking to spread the holiday cheer. After they’ve stolen your files and demanded a ransom, they claim files will be decrypted and restored – but those promises are typically dishonest. Odds are, even if you pay a ransom (which you shouldn’t!), your files won’t be decrypted. That means backups are the only way to successfully recover your data. Ensure you leverage a secure and reliable backup and recovery tool that will de-duplicate, compress, encrypt and securely transfer your data to an offsite data center.
4. Untrained Employees: Hello Phishing Target
Social engineering schemes are getting more sophisticated as hackers do their homework and craft targeted phishing emails that appear legitimate. And while security layers from email security to next-generation firewalls act as security barriers to targeted attack emails, some emails are still going to get through and pose a threat to your firm’s security posture.
That’s why ongoing employee awareness, education and training are so very important. Through training, employees will know how to identify suspicious emails or calls and respond according to company policy.
5. Unprotected Mobile Devices
Hackers recognize that a user’s life is virtually encapsulated on his/her mobile device. From contacts and email to documents, passwords and banking apps, mobile devices now hold as much as or more personal information than PCs or laptops. And most devices do not have anti-virus/malware software installed.
Companies must ensure employee devices have mobile device management software that allows for centralized, standardized control including password requirements and the ability to remotely wipe.
As a final thought, the most commonly infected file types are PDF, Flash and Java so make sure you install updates when they are rolled out by the vendors. Also, never open an attachment from a sender you don’t know.