If you’ve never had your identity stolen or your computer hacked, consider yourself one of the lucky ones.
However, those of us who have experienced this nightmare are aware of how important cyber security is. If you’re unsure how you can protect yourself, or what steps you should be taking to ensure your data or private information isn’t stolen, you’re not alone.
We asked experts in the field of security and information technology to see what tips and advice they find to be most important to ensure you remain un-hackable. Let’s dive in.
Cyber security tips to implement
Knowing the ins and outs of cyber security and how to protect yourself from an attack isn’t just for those of us who work in the tech industry. If you use a computer or own a smartphone these tips from the experts are bound to come in handy. Keep reading to find out which tip you should implement to protect yourself and your personal data.
1. Train your employees to be secure
Employee security training should be a part of your company culture, and the more widespread it is at your company, the more people will buy into it. Try having your CIO or IT manager included during the on-boarding process to really drive home to new employees the importance of security at their new place of employment. For longtime employees, ensure your message is being passed on through their team leaders. Try to stay away from long emails and memos that a lot of employees will skim the first couple of sentences before deleting. Instead, try creating some videos, or maybe hang up some infographics in main areas of the office, like the break room, near the water fountain, and even in the restroom. Even if your employees aren't that interested in security, repeatedly reading phrases and actions in visual form will help them remember said messages when something out of the ordinary occurs online.
I've noticed a lot of security administrators not taking advantage of something DNS offers for free - a Sender Policy Framework - or SPF - record. SPF records are a special type of DNS record that identifies which mail servers are allowed to send an email on behalf of your company's domain. Using SPF records prevents spammers and phishers from sending email from unauthorized servers that look like they're coming from your domain. In today's world where phishing is becoming more targeted, the more authentic an email looks, the likelihood increases of someone in your company unsuspectingly clicking on it. Forging the sender domain to appear as if it's coming from your domain is a smooth tactic to add to the phishing messages authenticity. A properly configured SPF record will stop that.
- Steve Tcherchian, Chief Product Officer at XYPRO
3. Don’t underestimate the simple things
In today’s digital workplace, there is no excuse for having a poor security design. Security should be the number one boardroom agenda of any business, especially one that relies on IT services. Technical and physical safeguards should always be in place. Simple things like changing the default passwords on server infrastructure, encrypting sensitive data, monitoring access into the server rooms, and monitoring network traffic and server usage can all help business security.
No longer can organizations solely trust internal security, regardless of how in-depth that security may appear. Most businesses share data with third-parties both up and down the supply chain, and any successful security plan must involve all the players to avoid gaps in protection.
Start with the vendor contract. Build specific security policies and procedures into all third-party agreements. Where possible, vendors and subcontractors should be certified to the compliance standard for your industry. Follow up with annual risk assessments of all third-parties with which you share data. Review security policies and update them as necessary. Both the connectivity and cyber threats evolve rapidly. Your supply chain cyber security policies must keep pace.
Related: Need some help storing and controlling all of your passwords? Check out the best password management software, reviewed by real users!
5. Make the most out of a long password
Passwords are one of the easiest places to gain entry into a system. Stress the need for passwords that are LONGER and not necessarily complex. Any password that is 12 characters or longer is basically uncrackable; it would take too much time for a computer/hacker to crack it. Teach them to use easy to use phrases as passwords such as turning vacation time in Aruba into Vaca710n71m31nAruba! which makes an easy-to-remember phrase into a super strong 20 character password. It’s also a good idea to implement two-factor authentication for added security.
In general, my tip is to be aware of the latest trends. Set up Google alerts or subscribe to RSS feeds. For IT and cyber security professionals, it's just as easy to lose track of the latest developments as it is easy to keep track of them. There are a ton of new protocols, products, and general developments happening in this field. It's incredibly busy, but if you narrow down what you're looking for and stay updated, it will help you grow as a professional.
My advice for anyone starting off in IT and cyber security is to gain top management's attention, because when it comes to something as valuable as customer data, you want to implement as many obstacles as possible between cybercriminals and that sensitive information. So, any CISO should gather, organize, and share relevant and accurate information. Good data is historical and it always tells a story. Facts like 1 in 100 emails contain malware or that 75% of companies infected with ransomware were running up-to-date endpoint protection. It's crucial for board members to understand the risks of not being informed and educated regarding security.
Related: Interested in making a career change? Check out these 8 in-demand cyber security jobs.
8. Be proactive and prepared
In the event of a malicious attack, a company should have systems in place to keep operational, or at least a backup plan where the company is not affected or very slightly affected. In the event of a total disruption of the business, it is too late to mitigate, and you will likely see dramatic costs to the business. Being proactive rather than reactive is the key.
While no single strategy fits all, practicing basic cyber hygiene would address or mitigate a vast majority of security breaches. Being prepared if an intrusion occurs is also critical, and having a communications method for a response, actively monitoring centralized host and networks, and including enhanced monitoring to detect known security events are a must.
You don’t have to be an IT expert in order to execute excellent cyber security. The first step we recommend is that every business owner takes the time to learn where sensitive data enters their system, how it’s transferred, and how it’s stored. These three intersecting elements provide an insight into where one’s vulnerabilities lie and provide a focal point for your cyber security strategy.
Consumers have a tendency to use public WiFi hotspots, which is why a Virtual Private Network is a vital personal cyber security tool that allows the user to connect to public WiFi without fear that their data might be accessed by hackers.
When browsing the web, great care must be taken not to accidentally click on nefarious popups. These may cause infection with malware. In addition, consumers must keep an eye open for possible phishing attempts both within social media accounts and messages, and within the emails they receive.
If I could pass off one bit of advice to a newcomer, I'd tell them to prepare for a lifetime of learning. Obviously technology advances, but so do best practices, user needs, and even user literacy skills. The problems your clients ask you to solve ten years from now might sound similar to problems you'll be asked to solve shortly, but the solutions will likely differ. It's easy to keep up on new standards and technologies with classes, but actually identifying the underlying cause of a request and working up an acceptable solution for all parties involved can't be learned in a classroom.
If you’re looking for a tip that will save you some bacon, don’t forget about setting up withdrawal alerts on your bank accounts. Many banks will send you an email alert whenever money is withdrawn from your account via check, debit card, or transfer. Setting up those alerts will allow you to spot and report fraudulent activity before the money has already been siphoned into a cybercriminal’s hands.
The mass adoption of BYOD (Bring Your Own Device) smartphones and tablets have dramatically expanded the threat landscape. No connected device is immune. Employees and their personal devices are the weakest links in your security chain. If you’re not protecting them, then your corporate data is at risk, period.
Growing numbers of employees are accessing sensitive corporate content on the same device from which they are checking Facebook, downloading games, and emailing friends. Personal apps can be a serious exposure point, as many hackers use legitimate apps to create trust with users whilst getting them to pass over sensitive information or download malicious content.
IT managers should consider a cloud-based solution integrated with a mobile operator as it can more easily protect all employee devices and data, including apps and email, while still respecting employee privacy. A cloud solution can be simpler for employees to adopt, and managers won’t have to rely on their weakest link — humans — to make critical updates.
Before you fall victim to a cyber attack, be sure to implement a strategy that protects yourself, your data, and the devices you use daily. Doing so can save you time, money, and potential heartbreak along the way.
Looking for a solution to prevent data breaches? Keep your tech stack compliant with the help of G2 Track.
Mara is a Senior Content Marketing Specialist at G2. In her spare time, she's typically at the gym polishing off a run, reading a book from her overcrowded bookshelf, going on walks with her rescue dog Zeke, or right in the middle of a Netflix binge. Obsessions include the Chicago Cubs, Harry Potter, and all of the Italian food imaginable. (she/her/hers)