by Jeffrey Walker | Dec 29, 2014
If anything 2014 was a wake-up call about the growing dangers of cyber-crime and hacking. Last year at this time Target got hit with what was then the biggest retail hack in U.S. history, until this past fall Home Depot succumbed to an epic attack that compromised 56 million credit cards. And now the recent debacle as cyber-criminals attacked Sony Pictures over the release of the movie “The Interview” just further highlights the increasingly brash and bold nature of this dark industry. What’ve learned is that no organization, company, or entity is invincible against cyber-attacks.
There are a number of things businesses and individuals will need to do in order to step up their websites and infrastructures against cyber-attacks. Let’s go through some strategies and mindsets to keep attentive to as we enter into 2015. It’s all too certain that cyber-attacks will get more underhanded and daring, so we need to adopt a vigilant attitude and take preventative measures if we’re going to avoid being scammed.
Create a Cyber-security Culture
It’s easy to assume that IT has cyber-security all under control. Getting serious about cyber-security is really a cultural mindshift that has to become pervasive across the organization. One article puts it this way: “a cybersecurity culture is when everyone in the organization understands the need to keep networks and data secure, and they play an active role in that understanding. It’s an environment in which employees are trained and continually updated on security procedures, not to mention made aware by their managers of which activities are safe and which activities put sensitive data at risk.” Much of this begins with education. Training your employees is the best approach for improving security awareness and effectiveness. Sponsoring events and periodic reviews to encourage and enforce the importance of password protection and adoption of security policies will go a long way towards protecting the organization’s assets.
Test Your Infrastructure
It’s a good idea to start with a macro-level review of your security system. This is known as a penetration test and seeks to actively exploit vulnerabilities in your company’s infrastructure to determine the real-world effectiveness of current security protocols against skilled hackers. Experienced service providers such as Redspin can help organizations protect critical data, maintain compliance, and reduce overall risk. It’s better to start with a friendly consultant trying to hack into your system than finding out the hard way that you’ve been breached.
Regularly update anti-virus software
While budgets are tight the risks of not having your network secured with the appropriate firewall and business class anti-virus technology far outweigh the costs. Ensure that your software is updated with the latest patches and that all mobile and desktop applications, email programs, and browsers are covered.
Require stronger passwords
Make sure that all employee accounts are protected with strong passwords and limit administrator privileges only to employees that absolutely need this access. Require passwords that are long and contain many numbers and symbols as this helps protect against the likelihood of unwanted access to proprietary assets.
Secure your browser
Web browsers are one of the biggest points of security vulnerability. Malware frequently hitches to ads and other unreliable downloads and can inject viruses into your computer, putting your data at risk. Ensure that you only transmit personal information over a secure connection and always use an HTTPS connection when accessing the internet from a device with company information.
Change router default security settings
Router manufacturers often use the same default login information such as “admin” or “password” or some simple word. Since these are known to hackers, it’s important to change the default settings immediately upon setup.
Frequently backup your critical data
This should seem self-evident but it bears repeating. Set your system to automatically backup all important data such as financial records, legal information, customer account information, and proprietary databases.
Guard against phishing attacks
A common means hackers use to capture private data is through spam or fake emails that purport to be from legitimate corporations, banks, or other institutions. Never click hyperlinks in suspicious or unverified emails, especially ones requesting information or payments. Keep in mind that legitimate institutions that offer payment options will always have HTTPS websites equipped with SSL protection. Implementing desktop and network firewalls and anti-spam email software also will reduce the likelihood of these kinds of attacks.
Again, it bears repeating that 2014 saw an epic increase in the brashness and boldness of cyber-attacks against large well-known corporations. If companies like Target, Home Depot, or Sony Pictures are vulnerable to such attacks, then how much more individuals and small businesses. As we finish out another year, now is the time to take deliberate preventative measures to make your website and infrastructure cyber-strong. Adopting best practices to secure, protect, and promote a cyber-secure culture for yourself and your organization will go a long ways to ensuring a happy and prosperous 2015.
Category: Articles | Tagged No Comments.