With 2020 being a year of new ways to connect and reach people, and October being Cybersecurity Awareness Month, we decided to share videos to help business owners think about IT topics that are not always top-of-mind. Each day, Michael Borlaug, CEO of Capstone IT, shared either a cybersecurity Myth or Tip, explained how we all need to be aware of cyber threats, and gave applicable advice on cybersecurity best practices within an organization.
Cybersecurity Myths - October 1st – October 15th
Myth #1: We don’t need cybersecurity training
Fact: Every organization and employee that has access to, or could come into contact with sensitive data, should receive cybersecurity training. Threats are continuously evolving, making ongoing training critical for all.
Myth #2: We’ll just deal with a breach when it happens
Fact: Paying for proper security and training is much cheaper than trying to recover from a single breach. In fact, many organizations that suffer a data breach don’t recover at all. Preventative breach measures will go a long way to help protect you.
Myth #3: Cybersecurity threats only enter through the internet
Fact: You don’t need to be connected to the internet to experience a data breach. For example, your organization’s entire IT system could become infected just by one employee using an infected USB drive. Threats come in many forms.
Myth #4: A strong password alone will protect your business
Fact: A strong password is certainly important, but it is not enough to protect your organization entirely. Multi-factor authentication will help protect your account a step further, along with many other necessary security measures.
Myth #5: Small & medium-sized businesses aren’t targeted by cybercriminals
Fact: A majority of data breaches happen at small businesses. Often times, small and medium-sized businesses lack the proper security measures and training to defend against cybercriminals, making them a major target.
Myth #6: Only certain industries are vulnerable to cyber attacks
Fact: While some industries are targeted more fiercely than others, no business is off-limits when it comes to a cyber-attack. If your organization has access to or stores sensitive data, you are vulnerable to a cyber-attack.
Myth #7: Anti-virus & anti-malware software keep you completely safe
Fact: Anti-virus and anti-malware software are incredibly important when it comes to protecting your system, but that doesn’t mean you’re in the clear. This software can’t protect against all cybersecurity risks, many of which involve human error.
Myth #8: Cybersecurity threats only come from the outside
Fact: Many cybersecurity threats do come from the outside, but insider threats are just as likely. Insider threats can have malicious intent or could be the result of an honest mistake. Either way, these insider threats are often difficult to detect.
Myth #9: You can’t be attacked on social networking sites
Fact: Many attacks can stem from social networking sites. For example, if your friend gets breached, you could get private message from them with a link telling you to “click here to watch a funny video!” when in reality, it’s a malicious link.
Myth #10: If wi-fi has a password, it’s secure
Fact: All public Wi-Fi can be compromised, even with a password. Anyone who has access to the Wi-Fi password could abuse the connection. That means that if your information isn’t encrypted, it could fall into the wrong hands.
Myth #11: You’ll know immediately if your device is infected
Fact: Many times, nothing visually happens when a device or network is infected. Often, the attacker’s goal is to go undetected, however, there are directed attacks such as ransomware that will be immediately visible.
Myth #12: Personal devices can’t impact your organization
Fact: Personal devices can compromise a company’s network. This makes it so important for organizations to have strong Bring Your Own Device (BYOD) policies that outline security protocols for personal devices.
Myth #13: Complete cybersecurity is achievable
Fact: Although it would be nice if complete cybersecurity were a “one and done” kind of thing, there’s no such thing as being completely cyber-secure. New threats emerge every day, making cybersecurity an ongoing process.
Myth #14: My data, or the data I have access to isn’t valuable
Fact: All data is valuable. Whether your organization is a start-up business or large corporation, your data is worth something to a cybercriminal. The same rules apply to your personal data, as even a password can lead to a goldmine.
Myth #15: Phishing scams are easy to detect
Fact: Cybercriminals are continuously advancing their tactics to make phishing scams more difficult to detect. Many phishing emails use social engineering techniques to make them more personalized, resulting in a higher success rate for the attacker.
Cybersecurity Tips – October 16th – October 31st
Tip #1: Think before you click
By using personal information, current events, hot-button topics, and more, cybercriminals will create enticing headlines to try to trick you into clicking on a malicious link. Inspect every link and stop and think before you click.
Tip #2: Use multi-factor authentication (MFA)
If a cybercriminal gets their hands on your password, multi-factor authentication (MFA) can prevent them from successfully logging into your account! MFA requires an additional form of verification outside of your password to help protect you.
Tip #3: Keep up with updates
Software updates are often issued to fix security flaws that could be exploited by a malicious actor. Updates can also provide new or enhanced features, and more! Keep up with updates for your security and to improve your user experience!
Tip #4: Backup your data
Hackers aren’t always interested in stealing your data. In some instances, encrypting or erasing your data is their end-goal. Make sure you have data backups at work and at home, so you don’t lose important files.
Tip #5: Ensure you understand all policies and procedures
Underst anding your organization’s policies and procedures is an essential part of your position. Policies help you understand what’s acceptable behavior while procedures help ensure your organization has consistent steps to follow when necessary.
Tip #6: Don’t overshare on social media
It’s fun to share on social media networks, but beware. Cybercriminals can learn a lot about their victims on social media, such as where you went to school, your pet’s name, and more, and can use that information for social engineering.
Tip #7: Security Awareness Training should be ongoing
Cybersecurity threats are constantly evolving as cybercriminals continuously learn new ways to trick their victims. Security training must be ongoing to keep employees up to date with threats, scams, and best practices.
Tip #8: Use your mobile devices securely
Some quick tips for securely using your mobile device include: Use a strong passcode, keep your device updated, only download apps from trusted sources, don’t send sensitive information via text or email, and perform backups.
Tip #9: Look out for phishing scams
88% of organizations worldwide experienced spear-phishing attempts last year. While some phishing scams are easy to spot, others can be difficult to detect. Carefully analyze every email and inspect the sender, language, links, and attachments. #CybersceurityAwarenessMonth
Source of statistic for reference: Proofpoint’s 2020 State of the Phish Report https://www.proofpoint.com/sites/default/files/gtd-pfpt-uk-tr-state-of-the-phish-2020-a4_final.pdf
Tip #10: Properly dispose of electronic media
Proper practices must be followed when disposing of electronic media at work or at home. Our devices contain a great deal of sensitive information, which could fall into the wrong hands if they’re not disposed of properly.
Tip #11: Create a cybersecurity-friendly culture
Ready for this one? Make cybersecurity fun by creating a cybersecurity-friendly culture! Practice strong cybersecurity habits and do your best to encourage and motivate your co-workers to do the same!
Tip #12: Monitor your credit & financial statements
Data breaches can lead to serious issues such as identity theft. Keep a close eye on your credit and financial statements to look for anything that seems unusual and if you do find something that seems amiss, act quickly.
Tip #13: Don’t underestimate a hacker’s interest in your data
Whether it’s your company’s data or your personal data, it’s worth something to a hacker. For example, if your password is compromised, a hacker could have easy access into your account, where they could steal more info or cause serious damage.
Tip #14: Virtually & physically secure sensitive information
Make sure you take the appropriate steps to safeguard sensitive information whether it’s virtual or physical. Keep your devices and workstations locked any time they’re left unattended and lock physical locations storing sensitive information as well.
Tip #15: Delete old accounts that you no longer use
The more accounts you have online, the greater your security risk. Many of our old accounts contain outdated and potentially breached passwords. If you’re no longer using an account, it’s best to delete it to help protect your personal information.
Tip #16: Encrypt your devices & data
Encryption helps you securely protect the data that you don’t want others accessing and is a great way to add an extra layer of security in the event your device or data falls into the wrong hands.