The statistics we come across daily utterly shock and scare us, therefore we are constantly on the hunt for industry best practices that are proven to provide the best protection for you, your firm, and your customers.
Here are just a few of our motivators…
- There is a hacker attack every 39 seconds
- Hackers steal 75 records every second
- 66% of businesses attacked by hackers weren’t confident that they could recover
- Hackers create 300,000 new pieces of malware daily
- 75% of all attacked businesses reported fraudulent emails
While these stats are alarming, there are seven very practical ways in which you can best protect yourself against cyber threats.
1. Knowledge, Education & Awareness
Expect attacks and know what to look out for. The only way to help fight them and lessen any negative impact they may have is through education, awareness and ultimately some common sense. Email schemes are the most utilized access point for cyberattacks. When receiving emails, scrutinize every detail using the SLAM method:
- Sender: Pay close attention to the email address and name of the sender. Phishing emails will often come from addresses that are slightly altered. Look for missing or extra letters, misspellings, or even incorrect domains.
- Links: Before clicking on a link within an email, hover over the link to view the actual URL. If it looks suspicious or unfamiliar, do not click on it.
- Attachments: Be wary of opening attachments you weren’t expecting, especially from unknown senders. It is common for malicious attachments to contain malware, which can infect your computer when opened and/or downloaded.
- Message: Phishing emails often contain grammatical errors, odd phrasing, or urgent requests that pressure the recipient into taking immediate action. If a message feels “off” in any way, you can always report it to your IT department.
Sure, the extra step of scrutinizing your emails may feel like an inconvenience, but it will pale in comparison to the inconvenience you will experience by not paying attention to these important details.
2. Policies & Procedures
Strong policies and procedures are not meant to act as a hindrance to business, but rather, they are in place for the protection of all. Due to the increase in email compromises (note the statistic regarding fraudulent email above) implementing protocols that build levels of protection are key.
If a distribution from an account is received electronically and includes instructions for the withdrawal to be sent to a new bank account, ensure that the request is being verbally verified with a customer, even if you were just emailing with the customer regarding the request. Cyber criminals have been known to monitor email accounts for extended periods of time as this allows the criminal the ability to understand applicable details and the history of their victim. Perhaps the customer very well plans to submit a distribution request which they have legitimately communicated to you via email; by monitoring the email account, the cybercriminal knows this and will take advantage of the opportunity, requesting funds to a different account prior to the customer sending in their legitimate request.
Without having strong procedures and specific protocols in place that add levels of verification and subsequent protection, funds could be forever lost.
3. Understand the Data
First, you need to fully understand what data you are capturing, where it’s stored, whether or not it’s sensitive, and when and if it can be purged. Ensuring that data is backed up periodically and stored to a secure location that is recoverable in the case of a cyber-attack or other environmental disaster is key. Then, add data encryption to sensitive data.
Data encryption is a security method where information is encoded and can only be accessed or decrypted by a user with the correct encryption key. Encrypted data, also known as ciphertext, appears scrambled or unreadable to a person or entity accessing without permission and is actually noted as one of the biggest hacker obstacles. Encryption and other data protection methods is one in which you can enlist the help of your firm’s IT department or other security experts. However, understanding your data (e.g. what data is captured, where it is stored, whether or not it is highly sensitive, etc.) is a critical first step. It is impossible to properly protect the necessary data without understanding it completely at its core.
4. Protect Your Accounts
Utilize strong passwords like paraphrases and two-factor authentication whenever this is an option for your email and any other accounts you have. Guessing passwords has become much easier to do; therefore, implementing two-factor adds a second layer of authentication making gaining access much harder. Two-factor authentication is most often completed via an SMS text message where after you enter your username and password, you are then sent a one-time passcode via text to enter on the site in order to gain access. Even if a hacker has your username and password, without having your actual device that the code was received on they will be unable to access your account.
And be sure to never write usernames or passwords on paper or store collectively within a spreadsheet. Instead, utilize password storage programs to store this information. With enhanced password requirements and the number of accounts we all have, it is simply impossible to remember all logins; and spreadsheets and post-its aren’t an option here. Password storage programs offer a safe and logical alternative.
5. Protect Your Devices
Ensure that sensitive data does not get into the wrong hands by:
- Making sure your device is password-protected
- Avoiding the use of public wi-fi (only use secure, password-protected wi-fi networks)
- Utilizing screen protectors when in public spaces
- Installing any recommended security patches or updates as they are available
- Ensuring anti-virus software is installed
- Not installing obscure apps or software from providers you aren’t familiar with.
If you aren’t protecting your device, you are opening yourself up to impersonation, ransomware, and data theft attacks.
6. Complete Proper Due Diligence
In today’s day and age, it is common to rely on various vendors and third parties for the services and tools that they offer, but with this comes heightened risk. The large Target breach is just one of many examples in which the vulnerability actually existed at the vendor level. When deciding to work with a third party, ensure you are requesting information regarding their cybersecurity program and subsequent controls. Any company not willing to provide information is an immediate red flag and should not be considered. You need to be comfortable with the answers that are provided. Most reputable companies will have specific documentation that they can provide to you regarding their cybersecurity controls.
7. Have a Plan
Having a clearly defined plan will reduce the impact of the attack should one occur. If a suspicious email is received, what do you do? If funds are successfully withdrawn from a customer’s account fraudulently, who do you inform? These questions, among the many other situations that can occur as a result of a cyber-attack, are not ones that can wait to be answered when they occur. There must be a plan that includes proper detection, escalation, and response. If you don’t have a plan, don’t wait a minute longer to put one in place. Hiring reputable experts in this area or ensuring you are working with an organization who has strong IT department with cybersecurity as a primary focus is critical.
Conclusion
If you can’t tell, we are passionate about cybersecurity and helping others protect themselves and their business. Contact us or give us a call today at 888-444-0125 and we’ll be happy to dive deeper into the tools and resources that make us a great partner in helping protect your business and your customers.
