Face It, You Probably Don’t Know Much About Cybersecurity, Part 1
Admit it, you don’t know all that much about cybersecurity. In this blog, we spend a lot of time discussing security issues. After all, today there are more threats than ever and many different types of problems that IT administrators, business decision-makers, and even individual employees have to deal with. Over the next two weeks, we have decided to discuss the reality of cybersecurity and what you need to know to get out in front of it. Getting Hacked is Not an OptionFor any business owner, the thought of dealing with a data breach is not pleasant. Not only do you run the risk of having your data compromised or your whole infrastructure infected with malware, but your whole reputation can also be dragged through the mud, making doing business even more difficult. So, if you think you know a lot about cybersecurity because you read our blog or understand the threat looming over your business if you don’t do something about it, you need to understand that you don’t know a lot about it. Luckily, we’re here to help you through it. Cybersecurity in the information age is a three-step process. The first is: TrainingWithout comprehensive cybersecurity training, your staff is much more likely to spark a problematic situation. So where do you start? Training requires that you pass information on to the people that use your information systems. Well, really they only need to know two things; but they need to know them well. They are:Create Secure PasswordsMost accounts that businesses use require a password. If the password used is simple to guess or obvious (think “password”) it’s not doing anyone any good. In order to keep your business’ resources secure you need to teach your employees how to create a secure password. To create secure passwords, your best bet is to come up with a passphrase. We suggest three words that don’t normally go together. The passphrase is necessary if you don’t utilize a password manager (more on that next week). Once you have chosen the words that are going to go in your passphrase, you will want to use a combination of upper and lowercase letters, different symbols, and numbers to make it that much more secure. If you can get your people to consistently make and use specific and complex passwords for each of their work accounts, you will go a long way toward protecting them from any type of password-related breach. How to Spot Phishing AttacksThe other thing that you need to train your employees on is how to spot a phishing message. The phishing message is responsible for over 90% of all cyberattacks. This is because many of the tools that organizations use to protect their network and infrastructure use encryption, so forcing your way into a network is extremely difficult nowadays. What seemingly isn’t that difficult is getting people to give over their login credentials or enough information for hackers to discover them. This is called social engineering, and the phishing attack is exactly that. Basically, a scammer will send messages that direct the recipient to take some sort of impulsive action. If he/she is successful in making the recipient do so, they can typically get enough information to get into a network-attached account and from there they can wreak havoc.Here are some of the things that people need to look out for:Messages from people/addresses employees don’t recognize demanding they take immediate action.Strange grammatical mistakes that wouldn’t normally be in a piece of official correspondence.Directions to click on suspicious links or open attachments.Sometimes a phishing attack will seemingly come from someone close to you such as a family member or an authority figure inside your company. That’s why it is important to give your people the training necessary to identify messages like this. Without that training, they won’t have a chance, and you will be dealing with malware, data breaches, and more. Next week we will take a look at some tools and strategies that you should be using to best protect your business’ network and infrastructure. If you would like to talk to a professional about your business’ IT security, and what to do to get your people the training they need, give us a call today at 978-993-8038.