What Should You Know About Cyber Security Today?
The staff at Communication Concepts, Inc. (CCI) knows that staying educated about Cyber Security is important. That’s why we were asked to hold a Cybersecurity Education Presentation for the NEJC 2019 Leadership Class. Eighty business leaders from the Northeast Johnson County (NEJC) Chamber of Commerce in northeast Kansas were in attendance.
The presentation included the latest information on Cyber Security, data privacy and GDPR threats (General Data Protection Act). It revealed how easy it is to someone to engage in Wi-Fi hacking (using a Wi-Fi pineapple) and covered basics like good password practices and cloud-based backups.
We did have some fun, however. CCI gave out a number of nice door prizes:
Everything was made in Kanas City (KC) and KC themed:
- KC Logo’d Hat
- Socks
- Christopher Elbow Chocolate (KC is grateful to have this chocolatier call our metro home.)
Here are some of the highlights of our presentation and what you need to know about Cyber Security today…
What Is Cyber Security?
Cyber Security by definition is the preventative tactics used to protect data from being stolen, altered or attacked. It requires protection from potential information threats like viruses and malicious codes. Cybersecurity strategies include identity management, risk management and incident management.
Three things are required for your business to be secure:
- Training for your staff. They are your best asset and conversely your biggest security gap.
- The right technology, layered protection of security solutions.
- Support from senior management – This is critical.
Cyber Security employs various hardware and software technologies that can be used on devices or networks. Some tools include:
- Anti-virus/anti-malware software
- Software patches
- Firewalls
- Multi-Factor Authentication
- Encryption
A Cyber Security Plan is essential today with the evolving and sophisticated landscape of security threats. Even simple things like a Wi-Fi Pineapple can open a door to your information for cybercriminals.
Are Your Business Emails Protected?
Business Email Compromise (BEC) is another popular tactic for cybercriminals. A hacker can “linger” in an email account, and there’s no easy way to tell when you’re compromised. Your data and customers become pawns in the hands of whoever has broken into your email account, as they wait for the opportune time to exploit.
What’s The First Line Of Defense Against Cybercrime?
Passwords… A week password anywhere on your network is all it takes for your data to be compromised.
- Never, ever re-use a password.
- Passwords shouldn’t be guessable.
You’ve heard this over and over again, but the majority of people ignore this advice. We still have PSAs on the need for seatbelts; we’ll be having secure password conversations for a long time.
Despite the fact that passwords are the most direct way to access private information, most passwords in use today are simply not strong or complex enough.
What Should You Know When Creating Passwords?
1. Use at least 12 characters that include:
- Upper and Lower Case letters
- Numbers and Letters
- Special Characters such as #!&
2. Use a unique password for each website or cloud application.
4. Never share passwords.
5. Use a Password Manager. The above is impossible without a tool like Password Management.
A Password Manager generates, keeps track of and retrieves complex and long passwords for you to protect your vital online information. It also remembers your PINS, credit card numbers and three-digit CVV codes if you choose this option. Plus, it provides answers to security questions for you. All of this is done with strong encryption.
Is Your Staff Making Password Mistakes?
Find out for sure by considering these 4 common password mistakes:
- Length and Complexity: Keep in mind that the easier it is for you to remember a password, the easier it will be for a hacker to figure it out. That’s why short and simple passwords are so common – users worry about forgetting them, so they make them too easy to remember, which presents an easy target for hackers.
- Numbers, Case, and Symbols: Another factor in the password’s complexity is whether or not it incorporates numbers, cases, and symbols. While it may be easier to remember a password that’s all lower-case letters, it’s important to mix in numbers, capitals, and symbols in order to increase the complexity.
- Personal Information: Many users assume that information specific to them will be more secure – the thinking, for example, is that your birthday is one of a 365 possible options in a calendar year, not to mention your birth year itself. The same methodology applies to your pet’s name, your mother’s maiden name, etc. However, given the ubiquity of social media, it’s not difficult for hackers to research a target through Facebook, LinkedIn, and other sites to determine when users were born, information about their family, personal interests, etc.
- Pattern and Sequences: Like the other common mistakes, many people use patterns as passwords in order to better remember them, but again, that makes the password really easy to guess. “abc123”, or the first row of letters on the keyboard, “qwerty”, etc., are extremely easy for hackers to guess.
Creating and using strong passwords can be frustrating, but it’s incredibly important. Privacy and Cyber Security are major concerns for businesses these days. You must be sure that you aren’t making it easy for hackers to access you or your business’ private data.
But strong passwords aren’t enough… Important accounts need to be protected by more than a password. You need Two Factor Authentication.
Are You Using Two Factor Authentication?
Two-Factor Authentication (2FA) is a form of Multi-Factor Authentication. 2FA protects your identity by requiring an additional layer of security. This makes it more difficult for criminals to log into your accounts.
With Two Factor Authentication a code is provided to you via your smartphone that is only valid for a short amount of time. The code should be entered in a follow-on prompt after your password. This way, even if a criminal obtains your password, they would also need the code from your smartphone to access your account. They would immediately be denied.
More specifically, to be categorized as MFA, your credentials must be submitted in two or more different forms. Using two passcodes doesn’t meet this criterion. You would need your login ID and a passcode for authentication to be classified as 2FA or MFA.
But there’s more…You must back up your data to a secure offsite location in the Cloud.
How Do Backups To The Cloud Help With Cyber Security?
If your data is locked down by a cybercriminal due to a ransomware infection, you’ll still be able to access it if you’ve backed up properly. By backing up your information in the Cloud, you have ready access to your files at once and anywhere. You’re no longer dependent on the hard drive in your computer or server in your office. Your files are stored securely in a virtual server environment in data centers located around the world so if one fails another can take its place. You’ll never be without your data.
A backup isn’t a backup unless it’s cloud-based. Cloud-based backups allow you to restore your data quickly after a disaster like accidental deletions or ransomware infections. And managing your data in the Cloud is simple and as easy as it is to manage it on your computer.
Critical considerations when backing up your data involve:
- The Backup Window, when the data is at rest so it can be backed up.
- The Mean Time to Recovery, in the event of a catastrophe, how long will it take to recover your systems?
- Data Encryption, if someone with nefarious motivations gets access to your backup repository, can they make use of the data?
- Backup Availability, How long would it take you to access your information? Large amounts of data downloaded over a slow internet connection is a problem.
What Does Cyber Security Have To Do With Regulations?
It’s about privacy vs security. Regulations like the General Data Protection Act (GDPA) mandate that your customers’ private information remains so. The GDPR is legislation that aims to give the residents of the EU more control over their data. While the EU is an ocean away, we are seeing copy-cat legislations taking root here in the US. Under GDPR, organizations that handle data of EU residents will have to comply with data and privacy rules.
Your customers have rights:
The Right to be forgotten.
The Right to know what is known about them.
The Right to update inaccurate data.
The Right to know how their data is being used.
What Does Cyber Security Have To Do With Privacy?
For Cyber Security you must:
- Keep the bad people out.
- Maintain backups.
- Secure data transfers between parties.
For Privacy you must:
- Ensure only the correct people can access data.
- Delete what’s not needed to be kept.
- Think about what should be shared and what shouldn’t.
In Summary
Cyber Security requires people. People require training. Cyber Security is about risk management. Keep your password guard up. Two factor everything possible. Know what makes a backup a backup. Privacy – It’s a big thing!
Looking for more information about Cyber Security for your organization in Kansas City? Check out the articles in Our Insights.