Dear Friends and Supporters of Xceptional,
It’s hard to believe we are already half way through 2022. I hope you and your businesses are thriving and growing in the new reality we are operating within.
Based on the growing tsunami of cybersecurity attacks impacting organizations of all sizes, I thought we would share a few cyber hygiene tips you can use to keep your business safe. We call these the 3 Ps:
Every piece of software and hardware that is connected to your network comes with a default password. These passwords need to be changed as hackers and cybercriminals know the default passwords for these devices. Never under any circumstances should you use Password123 as your password. Implement a password program and set of best practices internally that includes the usage of a pass-phrase. A short phrase that is 14 characters or more that includes a number or a special character (i.e. $, @, !, #).
Additionally, you should not use the same password for everything. If a hacker is able to crack your password, they’ll have access to everything. I know that long passwords and multiple passwords for a variety of different accounts makes it hard to remember, but that's why pass-phrases are a better method and there are password management tools available such as LastPass (and others) that can be utilized to help manage your passwords and automate the login to systems.
A large percentage of cybersecurity attacks that result in data breaches or ransomware attacks exploit unpatched systems. You can immediately reduce vulnerabilities and risks inside of your organization by deploying a recurring process for patching and updating systems. Ideally this process would include frequent vulnerability scans of the IT environment to identify any software or hardware devices that are vulnerable to the latest published list of cybersecurity attacks, viruses, or malware.
To ensure your computers, network devices, phones, and tablets are running on the latest software version you can modify the auto-update settings on many of these devices so they are updated automatically when new security patches and updates become available. This is also important to implement on employee owned devices if employees are using their personal or home devices to connect to the corporate network. There are software programs and platforms that help to automate the deployment of patches and updates on mission critical applications and corporate networks.
If you need assistance on ensuring the applications and systems that operate your business are patched and updated, please reach out for more information and we will be happy to provide some recommendations.
Educating your employees and management team on the latest phishing, ransomware, and business email compromise attacks (fraud/scams) is a critical step towards preventing your organization and employees from becoming the latest victim of a cybercrime or ransomware attack. This type of training is very inexpensive and can also include phishing testing and simulations to help you identify the current state of cybersecurity awareness within your employee population. A phishing test and simulation will also help benchmark and identify what parts of your employee population are most prone to falling for a phishing or fraud based email attack.
Some best practices to keep in mind include:
1) If an employee receives a weird email or text from someone, DO NOT click on any links or download any attachments.
2) Pick up the phone and call the contact that emailed to verify that they are an actual person and that they sent the message. By picking up the phone and calling, the employee can confirm the sender and email is legitimate and they are avoiding any ransomware or virus entering their device and potentially the company’s network.
3) Do not send an email response to strange messages with an auto signature attached or with any confidential banking or corporate information. Cybercriminals and hackers send phishing emails hoping someone responds with an auto signature so they copy the signature in a future attack.
4) Lastly, make sure employees are visiting trusted and secure websites. A website is secure if in the url address bar there is a lock present and the website’s url is https. If employees are entering company credit card information into a website that is not secure or visiting a website that looks sketchy, the credit card information could be compromised or the website could include embedded malware or a virus that will infect the computer just by visiting the webpage.
These tactics are by no means a silver bullet solution on their own, but layered together with other security solutions, you’ll be doing your part to protect your business. This may be common sense, but you’ll be amazed at how many cyber attacks happen because an employee had their guard down.
The best defense against a cyber attack is education. As Verizon reported in their 2022 Data Breach Investigations Report, 82% of breaches within the last year involved human element, whether that was phishing or stolen credentials being used, “people continue to play a very large role in incidents and breaches alike.” That’s why I wanted to refresh your mind with these basic defense tactics.
Again, these solutions on their own aren’t a full proof defense, but layered together with other security solutions, and being aware of what’s out there, will help keep your company protected.
Please take care of your online presence and take care of each other.