2020 was a banner year for cybercriminals. The number of phishing emails and social engineering scams that use the COVID-19 pandemic as a topic represents the single largest thematic series of cybercrime attacks ever.
From credential phishing and malicious attachments to business email compromise and fake landing pages, the coronavirus has been a veritable gold rush for cybercriminals. That’s in addition to the many unrelated cybercrime attacks that took place, including when the US Government and numerous corporations around the world were hit by a devastating supply chain attack.
The bottom line is that cybercrime is more prevalent, destructive, and expensive than ever. If you want to take the power back from hackers, you have to take action.
Be Smart With Your Passwords
This is a basic part of safe computing. Have you considered how strong your passwords are?
Use A Firewall
Your firewall is your first line of defense for keeping your information safe.
A firewall is a particular type of solution that maintains the security of your network. It blocks unauthorized users from gaining access to your data. Firewalls are deployed via hardware, software, or a combination of the two.
A firewall inspects and filters incoming and outgoing data in the following ways:
Manage Account Lifecycles And Access
This is one of the more basic steps on the list, but no less important. It can’t really be automated or outsourced to any technological aids; it’s just about doing the work. You need to have a carefully implemented process to track the lifecycle of accounts on your network.
Have Your Patches And Updates Managed
Did you know that one of the most common ways that cybercriminals get into a network is through loopholes in popular software? Much of the software you rely on to get work done every day could have flaws — or “exploits” — that leave you vulnerable to security breaches.
To address this, developers regularly release software patches and updates to fix those flaws and protect users. This is why keeping your applications and systems up to date is a key part of safe computing.
Backup Your Data
Do you have a data backup policy in place?
If you have a data backup solution, then it doesn’t matter if your data has been encrypted. You can just replace it with your backup, simple as that.
A physical air gapped backup solution will truly eliminate all risks and will ensure total protection against both malicious cyberattacks and rogue administrators, or other insider threats.
We recommend the Granite Cloud Isolated Tier solution by Perpetual Storage Inc. which is not a software-based solution. Your critical corporate data will be placed into a physically offsite and offline storage, safe and secure, deep in a maximum-security granite mountain vault.
Making this affordable investment into a comprehensive backup data recovery solution enables you to restore your data at a moment’s notice when necessary. Be sure to:
Delegate And Be Resourceful With Your Team
Appoint a reliable staff member to liaison with your IT team and make sure that your employees and volunteers strictly adhere to your cybersecurity plan.
Along with your IT professionals, this person will be your point-of-contact to make sure you are adhering to IT security compliance regulations and standards so you can stay in good standing with governments and donors.
It’s essential that you determine exactly what data or security breach regulations could affect you. You need to know how to respond to data loss. All employees and contractors should be educated on how to report any loss or theft of data, and who to report to.
Data loss can expose you to costly state and federal regulations and litigation. You must be able to launch a rapid and coordinated response to a data breach to protect your reputation.
Your plan should include input from all departments that could be affected by a cybersecurity incident. This is a critical component of emergency preparedness and resilience. It should also include instructions for reacting to destructive malware. Additionally, departments should be prepared to isolate their networks to protect them if necessary.
Make Your Staff A Cybersecurity Asset
Your staff can have a significant effect on your cybersecurity – either they know enough to keep your assets secure, or they don’t, and thus present a serious threat to your security.
So, which is it? Do your employees and volunteers have the knowledge they need to spot cybercrime scams, avoid common pitfalls and keep your data secure?
Security awareness training helps your employees and volunteers know how to recognize and avoid being victimized by phishing emails and scam websites.
They learn how to handle security incidents when they occur. If your employees and volunteers are informed about what to watch for, how to block attempts and where they can turn for help, this alone is worth the investment.
Roll Out A Security Policy
Every organization should set a security policy, review it regularly for gaps, publish it, and make sure employees follow it. It should include such things as:
Have An Incident Response Plan In Place
When you suspect an attack has taken place, you need to act quickly. Contrary to popular belief, some businesses take weeks or even months to realize they’ve been penetrated. If you suspect something has occurred, do the following:
Don’t Forget About Mobile Devices
This type of comprehensive policy dictates how your employees can use their personal devices for work purposes, dictating which security apps should be installed, and what best practices need to be followed.
An effective MDM policy should also instill safe and secure practices for employees that use personal devices for business purposes.
Only Visit Secure Websites
There’s an easy way to tell whether a website is secure or not: only use web pages with URLs that begin with “https” – if it’s missing that “s”, then it’s not secure.
Be Careful Who You Meet Online
Cybercriminals have been known to make fake social media accounts online in order to get to know their targets, develop relationships with them, and then steal their information. Don’t be fooled – be skeptical of anyone you know only through a digital medium, and never reveal valuable or sensitive information to them.
Watch What You Click
Fake URLs are a popular tool for cybercriminals. Always be sure to hover your mouse over a link in an email, or on an unfamiliar website, before clicking it. That allows you to see where it actually leads. While it may look harmless, the actual URL may show otherwise, so always look, and rarely click.
Be Careful About What You Download
One of the primary ways that cybercriminals take advantage of users is to trick them into downloading malware. That’s why you need to train yourself to act cautiously to avoid downloading malware.
It’s a matter of thinking before you click something — never download a file, whether online or as an attachment from an email if you’re unsure of the source. It’s always better to check with the sender to confirm, prior to downloading or opening a suspect file.
Be Careful With Public Wi-Fi
Safe computing means being careful about who and what you trust. It’s important to use discretion when determining whether a free Wi-Fi hotspot is really worth the risk.
Keep these tips in mind when considering the risks of unsecured Wi-Fi:
Test And Assess Your Cybersecurity
Determine how your data is handled and protected. Also, define who has access to your data and under what circumstances. Create a list of the employees, volunteers, donors, or contractors who have access to specific data, under what circumstances, and how those access privileges will be managed and tracked.
You must know precisely what data you have, where it’s kept, and who has rights to access it.
The point of all this is that you can’t afford to overlook your cybersecurity. Depending on the current state of your digital defenses, improving your security may not be all that complicated or expensive.
As that old saying goes, “An ounce of prevention is worth a pound of cure”. Do what you need to do to “prevent” now, so you don’t have to pay for the “cure” later. To start, that means understanding the threats you currently face.