Cybersecurity: The Dark Side of Technology

shield protecting mobile phoneWith October being Cybersecurity month we have a few tips to share from our SBRN Member BoxMeta:

Email & Web Security

  • NEVER enter your password if prompted by a link from email or a redirected website, regardless of the sender.  91% of cyberattacks start with phishing.
  • Don’t trust emails from well-known brands such as Microsoft, Adobe, Google, DocuSign, Facebook, LinkedIn, Delta, Amazon, FedEx, etc.  They are likely fake.
  • NEVER accept Facebook or LinkedIn invitations from email links or accept shared documents unless you are expecting or verbally verified.
  • Use business class email, such as Office 365 or Google Business.
  • Enable Private browsing.
  • Don’t use your business email account for personal communication.
  • Keep 2 or more separate personal email accounts to isolate important email.

Mobile Security

  • Beware of Public Wi-Fi.  Wi-Fi networks are very easy for hackers to duplicate
  • Use cellular service if on a mobile device. Use your mobile device as a hotspot for your laptop.

Protect your Bank and Credit Cards

  • Avoid using Debit Cards unless absolutely necessary.  Use Credit Cards.
  • Shield the pin pad when entering your pin code (could be a micro camera).
  • Beware of Skimmers & Shimmers.
  • Use 2 Factor authentication for your bank, financial sites and email. A compromised email account can be used as vehicle to reset passwords to your financial sites.
  • Establish an isolated checking account for electronic bank transactions (PayPal, automatic withdrawals, etc.).

Mobile Security (Mobile phones, tablets & laptops)

  • Apple iOS is more secure than Android but use the same amount of caution.
  • Encrypt laptops (I recommend this be done by a professional).
  • Use webmail instead of an email program on your laptop or tablet.  Don’t select ‘remember password’.

Data Security Best Practices

  • Password Management
  • Have any of your accounts potentially been compromised as part of a vendor data breach? https://haveibeenpwned.com/.
  • Never connect an unknown USB device into your computer or network.

Business Network Security

  • Business Class Firewall
  • Monitors unusual traffic on the network.
  • Isolate Guest/Internal Wi-Fi.
  • Require a VPN/Gateway to bypass the firewall for any remote connections.
  • Intrusion Detection/Protection.  Proactive monitoring of malicious activity on the network.

Antivirus, Antimalware, Security & Software Updates/Patches.

  • Implement an internal system for automated management and monitoring of these processes.
  • Hire an outsourced IT provider to centrally monitor & manage your systems maintenance.
  • Remove access for staff to authorize or process software updates and patches. If not outsourced, assign a single person internally to approve and process software updates.

Password & Security Policies

  • Enforce Complex passwords on all systems. Complexity is more important than frequent changes.
  • Password management programs are also subject to breaches. Exclude the most sensitive and valuable passwords.
  • Create phrases instead of passwords for greater complexity.
  • Implement a BYOD policy for managing password policy and remote wipe of personal mobile devices that contain company data.
  • Use webmail on laptops instead of Outlook. Don’t select ‘remember password’.

Network Access & Controls

  • Procedure for disabling of systems and network access for terminated users.
  • Remove user admin rights from workstations.
  • Limit data, software & application access only on an as needed basis.
  • Block data transfer on USB ports.
  • Physical Security – Maintain access controls& especially vendors or guests who are unattended or after hours.

Business Continuity & Backups

  • Not all backups are appropriate: Consider
    • The type of data you are backing up (different requirements for QuickBooks, sql, etc.)
    • How long will it take to recover? Is that acceptable?
    • Where will I put it when it’s recovered?
    • Allowable downtime for each business process and application.
    • Recovery & Retention of emails that are deleted & purged, either by a rogue employee or inadvertently.
« »
SBDC Footer Shadow Background