October is National Cybersecurity Awareness Month (NCSAM), a joint effort between government entities and private businesses to raise awareness for proper cybersecurity practices. The goal of the occasion is to provide every person with the resources and tools they need to stay protected online.
With our vision of making cybersecurity accessible to all, we’re firm supporters of NCSAM. And to commemorate the month, we present to you the top ten cybersecurity tips to protect your organization.
1. Be Aware of Your Public Footprint
The Internet contains more information on you and your organization than you can imagine. Through open-source intelligence (OSINT) tools, cybercriminals can find information on social media accounts, public S3 buckets, Github repositories, organization email addresses, DNS information, and leaked credentials, among tons of other information.
It’s impossible to hide this information. But you should at least be aware of what’s out there. Knowing your organization’s publicly available information helps you protect yourself against phishers and other malicious actors. Utilize a tool, like our free cyber checkup, to see which information you’re exposing.
2. Utilize Lengthy Passwords (or Passphrases)
You’ve heard this advice since grade school, but it’s worth reiterating. To protect your accounts sufficiently, you need to create passwords with a significant length – ideally greater than 12 characters. These days, sophisticated password-cracking algorithms and tools can break an eight-character password in a matter of minutes.
8-character passwords have become trivial for cybercriminals to hack.
If you have trouble remembering long passwords (and who doesn’t?), you have a couple of options. The first is to implement a password manager such as LastPass, which generates and stores passwords for you. Another option is to create memorable passphrases ( Myfavoritefoodislinguini) rather than complicated passwords (#@jkdhi?ua8ajb).
Remember: Length trumps complexity.
3. Don’t Reuse Passwords
Implementing a lengthy, complex passphrase is useless if you reuse it across your accounts. You typically don’t have control of how a platform stores confidential information, like your login credentials. So, the odds of those credentials becoming exposed is relatively high. LinkedIn, Mastercard, MyFitnessPal, Facebook – these represent just a few of the many companies that fall victim to data breaches each year.
If you use the same password on several accounts, a data breach at one company enables hackers to gain access to whichever accounts that use that password.
4. Guard Your Confidential Information
Unless you limit the storage of your passwords, private keys, passphrases, API keys, etc. to your brain, there’s a risk that someone discovers them. You need to guard confidential information with the same precautions as you would a million-dollar check or your social security number, for instance.
When storing private data on your computer, encrypt it. Numerous forms of malware exist with the sole purpose of scraping local machines for proprietary information. It should go without saying, but you should also never willingly give anyone your passwords or other confidential information.
5. Stay Vigilant of Malware
Hackers are continuously creating novel types of malware to infect your systems. This malicious software may be as ‘innocent’ as utilizing your computer resources to mine cryptocurrency or as dangerous as stealing confidential information from your machine. Unfortunately, malware is becoming increasingly difficult to detect as criminals become more knowledgeable.
Keep a close eye on which programs your machine is running, especially those that operate in the background. If your computer is suddenly performing worse than usual, search through your Activity Monitor (Apple) or Task Manager (Windows) for any programs that are consuming a substantial amount of your CPU.
6. Avoid Suspicious Links
The most effective way to keep malware off your system is to avoid clicking on suspicious links. Social engineers often hide malicious websites and malware behind seemingly ordinary links as an attempt to trick their victims. They also regularly create similar looking URLs with difficult to distinguish typos to confuse their targets further. They may have you click on fäcebook.com instead of facebook.com, for instance.
Phishers find ways to hide malicious links behind seemingly normal ones. | Source: InfoSec Institute
If you’re unsure about a particular link, type the URL into the address bar instead. Bookmark the links that you know are valid and navigate to those sites through the bookmarks you set up.
7. Create Contingency Plans and Fail-Safes
No matter how many security precautions you have in place, your organization is bound to have vulnerabilities. And it’s likely that, at some point, you’ll run into a security issue. While you can’t expect to prevent every security mishap, you can minimize the damage that they cause.
Creating contingency plans has numerous benefits. Most importantly, they detail to organization stakeholders the appropriate response to particular security threats. They outline who you should contact, how to mitigate the threat, and any additional steps you should take to prevent further damage. The process of creating contingency plans also forces you to evaluate your current cybersecurity systems and level of preparedness in the face of threats.
8. Update Your Software Regularly
There are only three things in life that are certain: death, taxes, and software bugs. Due to the inherently complex nature of software programs, bugs are bound to pop up. And as developers implement additional features and expand products, it’s inevitable that more vulnerabilities surface.
Fortunately, reputable software providers regularly release updates and patches to fix these bugs. Regularly updating your software to include these patches is a must. Yes, it can sometimes be a pain. But failing to do so leaves your systems unnecessarily exposed to vulnerabilities that have already been repaired.
9. Implement Two-Factor Authentication
Two-factor authentication (2FA) is like the icing on your cybersecurity cake. You, your employees/colleagues, and your customers should all have 2FA enabled on every account. In the case of a data breach, it limits what (if anything) a malicious party can access. They may discover your login credentials, but without access to your phone, email, or another 2FA medium, that information is effectively useless.
Google Authenticator requires you to enter a one-time code from its app to log in to particular accounts. | Source: Apple App Store
Implementing 2FA to log into accounts is a must. But you should also require it for critical business functions such as changing user roles or transacting funds.
10. Habitually Monitor Your Accounts
Your first line in reactionary defense to a cyber attack is simply awareness. Similar to a disease, you can significantly reduce the detrimental effects of a successful attack by recognizing it early. Once you’re aware of the threat, you can then begin to isolate it and start remediating the damage.
Regularly monitor your accounts, looking for any suspicious or unauthorized activity.
Stellar Cybersecurity Is an Endless Process
These ten tips only scratch the surface of an immaculate cybersecurity process. Just as cybercriminals evolve their tactics, you need to adapt your defensives continually. Penetration tests, code reviews, red team exercises – each strategy you implement adds another layer of defense to your system. Start building your cybersecurity protections today.