You may have heard that October has long since been christened Cybersecurity Awareness Month by the U.S. Department of Homeland Security and the National Cyber Security Alliance (NCSA). Now in its 17th year, Cybersecurity Awareness Month is co-led by NCSA and the Cybersecurity and Infrastructure Agency (CISA) and is also leveraged and promoted by the Security Industry. The theme for October, 2020 is Do Your Part. #BeCyberSmart
A helpful way to think about security in the most basic terms is the first CISA statement for October: If You Connect It, Protect It. As the line between our work and home lives becomes more indistinguishable, it is imperative to always consider security and the best resources available to you.
This is especially true in our new normal of COVID-19, working from home, staggered school schedules and the increasing complexity of managing those changes efficiently and safely. As cellular communications are in a world-wide migration to 5G, we have yet another consideration.
The faster speeds and higher bandwidth of 5G translates to a larger attack surface for hackers to utilize. This means those active and would-be criminals can operate more quickly attacking more devices.
So, what can you do to protect yourself and your business? Below are a few best practices that we ask you to consider as part of your standard operating procedure:
- Use New and Better Passwords
- Having one primary password that you use from site-to-site is simply not safe. Many large online databases - such as Yahoo!, Marriot, Zynga, Equifax and UnderArmour - have been hacked in the past few years. Any password used on those sites has been off limits for current or future us.
- Refrain from what may be a typical password. For example, P@$$wOrd has been unsafe for years, but something more complex, such as %Tvb-387R JJ229--LP will keep the bad guys guessing! Now that this complex password is published in plain text, it is also unusable.
- Be Skeptical of EVERY E-Mail
- We are seeing a massive increase in Phishing e-mails that are designed to trick you into clicking the included and poisoned links. These links can do numerous things, including the installation of Trojan infections and joining your computer to global Botnets. These can lead to an online criminal gaining access to your user real-time activities, accounts and passwords.
- Use the Tools at Your Disposal
- A subscribed and updated network firewall, updated desktop security software and effective policies and procedures are no longer optional. In fact, they haven't been for many years. Assuming you have adequate security subscriptions and Spam protection, you must still be diligent with the manual screening of inbound e-mails to verify that they are from trusted sources.
- Data Backup is Essential
- Ideally you have multiple copies of your data (as discussed here). In today's world, your backups serve another purpose; they are your best recovery option in the event you become infected by ransomware. In Windows you can use built-in Restore Points, System Backups and System Images. For Mac users, consider using Time Machine at a minimum. We also always recommend a cloud-based backup as a minimum second tier of redundancy.
- When Available, Use Two-Factor Authentication (2FA)
- Most legitimate websites now offer the option for two-factor authentication. 2FA is great for you and terrible for the bad guys. Once enabled it requires providing authorization through a second device (the second factor), typically your mobile phone. When this available, consider enabling it. It will be well worth the extra step!
WinTech has been the Winchester, Virginia area's leading IT provider since 2001. Would you like more frequent tech news, scam alerts, and new product info? Follow us on Facebook!
Need consulting services? Call 540-722-2122 now, e-mail us at info@wintech.us, or chat above!
