Halloween Checklist: Tricks and Tips to Avoid Spooky Cyber Incidents
National Cybersecurity Awareness Month is coming to a close, and what better holiday to play it out than All Hallows' Eve? Cyber breaches are no treat, but you don't have to be that one character in every horror movie that decides to just go check out those eerie basement noises real quick. This Halloweek, consider some of these acheivable, proactive measures you can take to keep yourself, your firm, your clients, and your data so safe it's scary.
Don't Open the Door to Social Engineering and Phishing
Social engineering attacks are hack attacks that occur on the human level. Hackers try to convince humans by various methods to simply give them access to the assets they hope to steal. The most common of these methods is called phishing, because criminals use emails to try to lure the recipients into giving them what they want.
Like overplayed horror movie tropes, once you know what to look for, phishing emails aren't too hard to spot. If you aren't paying attention, however, it might end poorly. The solution? Think before you click! This is a learned behavior, and companies that implement phishing training programs, where users receive phishing emails at random intervals to test their response, generally see a significant increase in employee email savviness. Your cooperation with phishing scammers is their entrypoint to success, so, as any avid horror film fan will tell you, "Don't open that door!"
Everyone knows the best part of Halloween is dressing up in disguise as someone you're not. For many hackers, this is a daily reality. Spoofing is another social engineering tactic that involves the hacker trying to pass themselves off as a trusted entity. You receive an email from your boss asking for a money transfer or sensitive company information, or with a weird looking link for you to click, but something doesn't feel quite right. You push a little further, and--lo and behold--it's not your boss, but a criminal in disguise. If something feels off, try calling the sender to confirm what they've asked you to do. Or, if the entity being spoofed is a company, call the number listed on their real website.
Get into Character with Vulnerability Assessments and Penetration Testing
If hackers get to play make-believe, so should you. A valuable way to protect your firm is to make sure you're aware of its weak points. Vulnerability assessments scan your infrastructure for back doors, loopholes, and other weak links in the chain of defense, and generate a report on known susceptibilities. The fun doesn't stop there, though, because with pen testing, you get to really play the bad guy. Putting yourself in the shoes of a hacker, you (or a contracted third party) seek access to your own firm's assets, recording and remedying the places where your nefarious attempts find success. Consider performing tests like these regularly to beat the real villains at their own game. Costume optional.
Sharing is Not Always Caring on Social Media
Bad actors will do anything to get their hands on your data, because the more they know, the more easily they can get access to your stuff. Don't make their job easier by putting sensitive information out there for just anyone to find. Your fame may end up being their fortune.
Experts recommend that you don't share any personal or work information on a publically visible account, especially if you work in an area that might make you a target for cyber attacks. Make your social media accounts private, and keep sensitive work information to yourself. If disclosure is like candy, don't be the house that gives out king size Butterfingers to every hungry cyber criminal on the block.
Ward Off Cyber Vampires with Multi-Factor Authentication
As the cyber criminals have gotten more advanced in their mischief making, a strong password alone may not be enough to keep them out of your organization's accounts. Treat these hackers the way you would treat a vampire that wanted to come into your home. Would you be satisfied with only the garlic in your pantry? No, you'd probably be happier with a vial of holy water and a couple of stakes in hand as well. Two-factor or Multi-Factor Authentication (MFA) acts as the second and third lines of defense against malicious entry into your users' accounts. With MFA, more than one means of identification is required for a user to log in, and it increases security exponentially. It is highly recommended that you establish MFA protocols at any access point to sensitive data or financial assets.
Avoid Zombie Infrastructure with Patch Management
An infrastructure system with out of date patches is a lot like a zombie: slow moving, gradually losing integral pieces, and the more it decays, the greater the threat it poses to your safety. The good news: automating patch management wherever you can enables your IT team to focus on other issues, and lets you rest easy knowing that no software or system vulnerabilities are coming back to bite you.
Who you gonna call? A trusted partner!
If there's something strange in your neighborhood, you don't have to go it alone. The true meaning of Halloween is, of course, time spent with friends you trust. Finding a partner who can help you feel safe in a sometimes scary world makes a big difference.