Today’s businesses rely on their computer systems and IT, and business owners know that it’s essential to do everything possible to make sure the systems are secure. No business can afford to risk its data and it’s incumbent on business owners to do whatever they can to protect themselves against cybercrime. Here are things everyone should be doing to ensure data security.
Strong Passwords Protect You
Passwords can seem like a nuisance, but they’re a frontline defence mechanism for keeping data safe. Yes, it’s a hassle to remember them, but there are ways to deal with it. Don’t trade simplicity for online safety. Lots of people still do, and use ‘123456’ or ‘password’. Even less basic passwords can sometimes be guessed easily (names of children and pets are obvious ones). Keeping your organization’s data secure demands more effort, even if the password is harder to remember. Here are some ways to increase password strength.
Length of Password: Obviously, the longer a password is, the harder it will be to guess. A password of 12 characters or more is significantly harder for criminals to crack. The problem is that long passwords are harder to remember. Nobody likes wasting time while trying to access their accounts and having to jump through hoops to reset a forgotten password.
To make a password more complex, use a mix of lowercase letters and capital letters, as well as symbols and numbers, and put random words together. So ‘greenwhalebaseball’ is okay, but tweak it to read ‘green00Wh@le22baseb@ll’ an it will be a whole lot stronger.
Don’t Reuse Passwords
You should have a different password for each online account you have. Using the same password for all your accounts is the worst thing you can do, because, if one is obtained by hackers, they then have access to all of your accounts. Why make things easy for them?
Software Can Help
Using a password manager or similar tools is a good strategy. You can have long, random passwords but you have to spend ages trying to remember them. What a password manager does is encrypt data so that your passwords and login details are always safe. You’ll save time, because you won’t end up locked out of your accounts or messing around trying to guess the password for a given account. Browsers offer a simple version, and can remember passwords for you, but a dedicated password manager is a more secure option.
Multi-factor identification is another worthwhile cybersecurity measure. Many platforms will allow you to add another level of security. With multi-factor authentication, logging in with a password will then generate a text message or email with a verification code. This massively complicates things for cybercriminals and fraudsters, and can be used by your organization to ensure that only authorized personnel have access to your data.
Train Staff in Best Practices
When your staff are aware of what cyberattacks and scams look like, they are well-placed to make sure that any fraudulent activity is speedily flagged up for attention. Phishing attacks, which are alarmingly common, are one example. Although email is a common vehicle for phishing scams, they can happen in many ways, including via text messages and social media websites. It’s estimated that cybercriminals distribute more than three billion phishing emails every day (and that’s just email).
The success of phishing emails is partly because it’s not hard to get gullible or busy employees to respond to them. The consequences can be serious, with accounts and confidential data vulnerable, and the strong possibility that your devices and systems will become infected with malware and viruses. The downtime to clean up the mess if this happens can be considerable. Training your staff is one of the best preventative measures you can adopt.
Many phishing messages are ingeniously crafted to appear like genuine communications that require attention. The messages may look almost exactly like a letter from your bank or insurance company, and it’s easy to be taken in. Some may even appear to be communications from staff within the organization. Recipients may be instructed to download an attached document, which could infect your system with malware, or to click a link that takes them to a dangerous website. Staff need to be aware of the strategies that are used to carry out phishing scams and the tell-tale signs of a suspicious message. Here are three to look for:
- • ‘Action is required urgently’: Most people want to do the best they can, and meet deadlines. Many phishing attacks are designed to scare people into acting as quickly as possible, without taking time to think further. People may drop their guard under this subtle pressure and act on impulse. Any message that tries to push the recipient to act immediately should be viewed with suspicion, and checked out further.
- • Bad grammar and spelling: Professional organizations take care to avoid language errors in their communications. Hackers are often not entirely fluent in the language of the message, and spelling and grammatical errors are a clue that the message is not authentic.
- • Unrecognizable accounts: It only takes a second or two to check who the sender is. For example, an email from a gmail address that purports to be from your bank should ring warning bells, since large organizations have their own domain names. Also look for small tweaks that you might not notice, such as ‘Amaz0n instead of ‘Amazon’.
Install Software Updates When They Become Available
Software often contains vulnerabilities that allow hackers to access networks and data. The major software creators are always updating software to plug these holes and maximize cybersecurity. All organizations should have a patch management policy, to make sure software is always updated promptly and security-tested. If your company uses lots of software, that can seem like a daunting task, but the process can be automated. Antivirus software, spam filters and firewalls also require regular updating and checks.
If you need help selecting and implementing cybersecurity solutions, Quikteks can help. It’s what we do. Give us a call today at (973) 882-4644.