As our reliance upon computers and mobile computing devices increases, we need to take steps to protect our devices and ourselves from cybercriminals.
Here are tips to help you keep your identity and data safe, so you can have the best defenses possible and avoid being hacked.
- Unsure? Don’t click it. It’s important to note that technology alone will never be able to fully protect you. Attackers have learned to bypass even the most advanced security technology by attacking you. If they want your password, credit card or personal data, the easiest thing for them to do is to trick you into giving them this information.
No matter where the uncertainty arises, whether you’re in an email or on a website, consider the source and its contents. Why was this email sent to me? Where will this link take me?
The greatest defense against attackers is you. Don’t click links unless you know you can trust the source and you’re certain of where the link will send you. If you are unsure about a link, the best thing to do is delete the email.
- Use strong passwords and a password manager. The next step to protecting yourself involves using a strong, unique password for each of your devices and online accounts. The key words here are “strong” and “unique.” A strong password means one that cannot be easily guessed by hackers or by their automated programs, and it should be unique in the sense that it’s not used for any other device or account. That way, if one password is compromised, all your other accounts and devices will still be safe.
Tired of complex passwords that are hard to remember and difficult to type? Try using a passphrase instead. Instead of a single word, use a series of words that’s easy to remember, such as “Where is my car?” You can also use a password manager, which is a specialized application for your smartphone or computer that securely stores all of your passwords in an encrypted format.
- Enable two-factor authentication. One of the most important steps you can take to protect any account is to enable two-factor authentication. Passwords alone are no longer enough to protect accounts, and two-factor authentication is much stronger. It uses your password and adds a second step: either something you are (biometrics) or something you have (such as a code sent to your smartphone or an app on your smartphone that generates the code for you). Enable this option on every account you can, including your password manager, if possible.
- Run the latest software versions. Most software vendors periodically update their products to address any newly-discovered security flaws. Users should register purchased software with the vendor in order to receive software security updates. Software updates provided by vendors should not be ignored or postponed.
Make sure your computers, mobile devices, applications and anything else connected to the internet are running the latest software versions. Cybercriminals are constantly looking for new vulnerabilities in the software your devices use. Stay informed on new updates and apply them as they come out.
Cybersecurity breaches can happen to anyone.
- Back up your information. Sometimes, no matter how careful you are, your account or identity may still be hacked. If that is the case, usually your only option to ensure your computer or mobile device is free of malware is to fully wipe it and rebuild it from scratch. The attacker might even prevent you from accessing your personal files, photos and other information stored on the hacked system. Often, the only way to restore all your personal information is from backup. Make sure you’re regularly backing up any important information and verify that you can restore from them. Most operating systems and mobile devices support automatic backups. In addition, store your backups in the cloud or on an external device offline to protect them against cyberattackers. Your backups will be critical in a time of need.
- Check for the “s.” The letter “s” makes a difference when it comes to secure web surfing. “Http” stands for hypertext transfer protocol, while the “s” at the end stands for secure. It’s important to make sure that “https” is displayed as part of any URL you visit, because it shows the authenticity of the security certificate on that webpage. If you access a webpage without a certificate or with one that is expired, there’s a chance you’re accessing a website that could be loaded with malware, viruses, trojans or eavesdroppers.
- Protect your business from malicious activity by educating your employees. Utilize security awareness and user training, so your team is armed with insight and is discerning enough to not open or click on suspicious links and attachments. As the business owner, it’s your duty to teach and empower your employees to interact safely with email and websites.
- Ensure security. Even if your team is trained to be cautious, without an effective and strong security system, threats can still get through.
- An email security system should be in place to protect against threats coming through email.
- A firewall with the intelligence and advanced security detection capabilities to detect and prevent threats from entering your business network can help ensure security.
- Using a real-time threat security prevention solution is key to detecting new threats quickly enough to prevent infections.
- The Importance of a Firewall. A key component to any cybersecurity threat is the use of an active firewall. A firewall prevents your business from the negative effects of ransomware, malware, viruses and more.
An effective firewall that properly protects your business against internet-based threats will need:
- Content filtering. Your firewall should use controls to enforce internet-use policies and block access to non-business or malicious websites.
- Multi-Engine File Sandboxing. Files downloaded to your users’ web browsers need to be checked for safety. If that’s unknown, then they need to be sandboxed and tested to verify their safety before they can be used.
- Antivirus. Your firewall should have a real-time, high performance virus scanning engine and dynamically updated database to detect threats as they happen.
- Antispyware. It also needs real-time, high performance prevention of spyware that could transmit confidential information out of your network.
- Intrusion Prevention System (IPS). Make sure your firewall has high-performance traffic inspection and dynamic database protection against application exploits, worms and malicious traffic as well as manages access control for peer-to-peer instant messenger applications.
- Application Intelligence and Control. Your firewall should manage privileges and bandwidth for application and users, allow or deny internet based on the application, and inspect, detect and prevent infections from application communications.
- Geo-IP and Botnet Filtering. Your firewall should block connections to or from a geographic location (such as overseas) where you may not be doing business, but where hackers are actively working on gaining access to your network. It should also block connections to and from botnet command and control servers to prevent ransomware.
- Inspection of SSL (Encrypted) Web Browsing Traffic. Your firewall should inspect SSL traffic for viruses and other malicious content. Most web browsing today uses SSL, and without this service, it is all encrypted and the firewall cannot detect malicious content.
- Inspection of SSH (Encrypted) Connections to Internet. You will want to be sure your firewall detects and prevents advanced encrypted attacks that use SSH, which blocks encrypted malware, spread of infections and command and control activities.
- Avoid personal email for business communication. Think twice about allowing personal email accounts for business communications, because:
- Private email accounts don’t enforce the same level of security as corporate email, and they’re more easily hacked.
- Hackers could use a private email account to attack your customers.
- Emails sent via personal accounts are not discoverable in standard legal discovery procedures.
- Employees can keep secrets from the business.
- Communications that employees conduct using their personal email accounts are considered private.
- Data sent through a private email account is out of your control.
- Allowing employees to use personal email accounts to conduct business means that your company’s business information is being stored on mail servers outside of your control.
- Private email services, like Gmail and Yahoo, store data everywhere. They have servers all over the world and there is no way to confidently identify where your data is located when it’s sent via a private email account.
How to Stay Safe Online
An email security system should be in place to protect against threats, such as ransomware, coming through email. Even if your team has been trained to be cautious and avoid social engineering, without an effective and strong security system, threats can still get through.
Here’s what you need to know to prevent, detect and respond to cybersecurity threats.