CYBERSECURITY:
THE DARK SIDE OF TECHNOLOGY
· Email
& Web Security
o
NEVER enter your password if prompted by a
link from email or a redirected website, regardless of the sender. 91% of cyberattacks
start with phishing.
o
Don’t trust emails from well-known brands such
as Microsoft, Adobe, Google, DocuSign, Facebook, LinkedIn, Delta, Amazon, FedEx,
etc. They are likely fake.
o
NEVER accept Facebook or LinkedIn invitations
from email links or accept shared documents unless you are expecting or verbally
verified.
o
Use business class email, such as Office 365
or Google Business.
o
Enable Private browsing.
o
Don’t use your business email account for personal
communication.
o
Keep 2 or more separate personal email accounts
to isolate important email .
· Mobile
Security
o
Beware of Public Wi-Fi. Wi-Fi networks are
very easy for hackers to duplicate.
o
Use cellular service if on a mobile device.
Use your mobile device as a hotspot for your laptop.
· Protect
your Bank and Credit Cards.
o
Avoid using Debit Cards unless absolutely necessary.
Use Credit Cards.
o
Shield the pin pad when entering your pin code
(could be a micro camera).
o
Beware of Skimmers & Shimmers.
o
Use 2 Factor authentication for your bank,
financial sites and Email. A compromised email account can be used as vehicle to
reset passwords to your financial sites.
o
Establish an isolated checking account for
electronic bank transactions (PayPal, automatic withdrawals, etc.).
· Mobile
Security (Mobile phones, tablets & laptops).
o
Apple iOS is more secure than Android but use
the same amount of caution.
o
Encrypt laptops (I recommend this be done by
a professional).
o
Use webmail instead of an email program on
your laptop or tablet. Don’t select ‘remember password’.
· Data
Security Best Practices.
o
Password Management.
§ Do
not repeat passwords.
§ Use
phrases instead of words to help remember.
§ https://howsecureismypassword.net/.
o
Have any of your accounts potentially been
compromised as part of a vendor data breach? https://haveibeenpwned.com/.
o
Never connect an unknown USB device into your
computer or network .
· Business
Network Security.
o
Business Class Firewall
o
Monitors unusual traffic on the network.
o
Isolate Guest/Internal Wi-Fi.
o
Require a VPN/Gateway to bypass the firewall
for any remote connections.
o
Intrusion Detection/Protection. Proactive monitoring
of malicious activity on the network.
· Antivirus,
Antimalware, Security & Software Updates/Patches.
o
Implement an internal system for automated
management and monitoring of these processes.
o
Hire an outsourced IT provider to centrally
monitor & manage your systems maintenance.
o
Remove access for staff to authorize or process
software updates and patches. If not outsourced, assign a single person internally
to approve and process software updates.
· Password
& Security Policies.
o
Enforce Complex passwords on all systems. Complexity
is more important than frequent changes.
o
Password management programs are also subject
to breaches. Exclude the most sensitive and valuable passwords.
o
Create phrases instead of passwords for greater
complexity.
o
Implement a BYOD policy for managing password
policy and remote wipe of personal mobile devices that contain company data.
o
Use webmail on laptops instead of Outlook.
Don’t select ‘remember password’.
· Network
Access & Controls.
o
Procedure for disabling of systems and network
access for terminated users.
o
Remove user admin rights from workstations.
o
Limit data, software & application access
only on an as needed basis.
o
Block data transfer on USB ports.
o
Physical Security - Maintain access controls
& especially vendors or guests who are unattended or after hours.
· Business
Continuity & Backups.
o
Not all backups are appropriate: Consider.
§ the
type of data you are backing up (different requirements for QuickBooks, sql, etc.).
§ How
long will it take to recover? Is that acceptable?
§ Where
will I put it when it’s recovered?
§ Allowable
downtime for each business process and application.
* Recovery & Retention
of emails that are deleted & purged, either by a rogue employee or inadvertently.
No comments:
Post a Comment