The increasing incidence of cyber attacks and data breaches in the news has become a reality for businesses and individuals alike. Trying to stay abreast of all the warnings about phishing scams, infected websites, and malware can be overwhelming. Fortunately there are many things that you can do as an individual or business owner to protect yourself against these threats.
If most information is moving online, then hackers will find a way into those systems which host this data so it is important to have some kind of security measure in place for your website traffic and protect what’s at stake (i.e., revenue). Here are 10 easy ways to help protect your business from cyber threats:
1- HTTPS encryption – If you haven’t already done so, it’s time to switch over to HTTPS. The green padlock in your browser’s address bar lets users know that the connection is secure, protecting them from man-in-the-middle attacks which can intercept sensitive data like passwords and credit card numbers.
2 – Use a password manager – To lengthen your passwords without making it impossible for you to remember them all, use a high quality password manager (for example, 1Password ) instead of relying on simple weak passwords like ‘123456’ or ‘qwerty’. A memorable sentence (that includes both uppercase and lowercase letters) is much stronger than most people think. For example: My dog ate the pizza after I bought it at Pizzahut. Now the pizza was delicious, but I’m never going back there again. My long password is actually easy for me to remember and harder for others to guess or brute force.
3 – Enable two-factor authentication (2FA) – If your organization has allowed you to enable two factor authentication for your accounts, it’s worth taking advantage of this security feature. Two-factor is an extra layer of protection that requires not only a username and password, but also a one-time code sent either via text message or phone call. This means even if someone does obtain your login credentials somehow, they won’t be able to log in without the one-time code as well. When used correctly, two factor can go a long way towards protecting against account takeovers, man-in-the-middle attacks and other attempts to break into your sensitive accounts.
4 – Update software regularly – Businesses that have automatic updates set up should be in good shape here. If you haven’t yet set up regular software updates for Windows or the apps on your mobile device then it’s time to make a change. Updates will often fix security vulnerabilities before they can be exploited by malicious hackers, so don’t ignore them! Note: MAC users — Apple OSX has auto updating built in as is required of all “Appleseed” developers, Some use Gatekeeper & some do not choose this option so please refer to the app stores policy of updating applications — which is always defaulted to off.
5 – Enable Firewall/Anti-virus software on all devices – Most people are familiar with the firewall and anti-virus tools that come with Windows already, but it’s important to note that even if you’re not running a Microsoft operating system then you probably have similar features built into your device. For example, Android comes with an app called ‘Security’ which includes many of the same services originally provided by Symantec (now owned by Google) in Norton AntiVirus for PCs. It’s worth checking your mobile OS and desktop operating system to see how they handle security features natively so you can benefit from them anywhere you go.
6 – Never click links in emails from unknown sources – Don’t worry, you don’t have to delete your email account; just don’t click links that appear in emails from anyone who you’re not familiar with. Even if it looks like the link is supposed to go to a legitimate site, avoid clicking on the link itself and instead open your browser directly and type the address manually. Most attacks today start out with an innocent-looking email sent by someone posing as someone else, so be careful!
7 – Always log out of public networks securely – If you use a public network (like at an airport or coffee shop) then it’s important to make sure that nobody else will be able to access any data you were viewing on other devices when you step away from the terminal. Select ‘log out’ or ‘log off’ from the menu to ensure that nobody else will be able to pick up where you left off!
8 – Use security controls in your browser – Most modern web browsers give users a wide array of built-in privacy control options. You can use these features to limit what information is sent back and forth when you visit websites, protect yourself against attacks (see our guide on how to protect yourself against ransomware ) and more. If you have yet to explore your browser’s settings then take some time to see what it has available! Many users don’t know about this functionality until they need it, so don’t wait until a crisis hits before checking out your options here.
9 – Be careful with public Wi-Fi – Public Wi-Fi can be extremely handy, but it also introduces some risks that you should be aware of. First, if the service doesn’t restrict access to only authenticated users (like at a library or coffee shop) then anyone with your login information can access your account. Second, public Wi-Fi is generally unencrypted by default so all information sent over the connection will be available for anyone to see and collect if they want to. In both cases it’s best to avoid using any sensitive applications while on a public wireless network unless you have no other choice!
10 – Use unique passwords – Most internet users use one or two passwords for every site they go to. This is bad security practice as once one system is compromised the attackers may have access to your other accounts as well if they know what your password is! A much better model is to use unique passwords at every site that you visit. The easiest way to do this is to make a long and complicated password for every site, store it in a secure location (like 1Password ) so you don’t forget it and then use it when you need it. By following this model you can greatly reduce the risk of being compromised by an attacker as they will only gain access to one website’s data instead of dozens or more!
11 – Use an external hard drive backup – If your computer has been infected with malware there’s no guarantee that everything will be safe once the computer has been cleaned. Backing up important data to an external hard drive is one way to ensure that it will all be safe until you can get your computer clean of infections (or the data can be retrieved from a backup completed before infection). You don’t have to re-install Windows or use anything other than basic file management tools in order to make a back up.
Saviorden backs up your company data and backs up those backups in Azure’s data centers. Saviorden is powered by Microsoft Azure and Acronis.
12 – Always set up two-factor authentication – If a service supports two-factor authentication then always enable it! This second layer of security makes sure that if login credentials are stolen, there’s still another barrier to entry. It’s not foolproof as some people share passwords with others or use password managers instead of unique passwords, but it does help in many cases! Our guide on using Google Authenticator for 2FA can help walk you through the process step by step.
13 – Don’t underestimate social engineering attacks – Many people think that they don’t have to worry about social engineering attacks because they know every trick in the book! Unfortunately, attackers are constantly improving their tactics and will often target users who know a lot about computers (such as network engineers) with extra attention specifically because they are more likely to fall for something like this than other people.
14 – Use private browsing windows wisely – Private browsing modes or ‘incognito’ tabs allow websites to store data on your computer locally instead of using cookies, which greatly limits what the site has access to. This is a good thing if you’re shopping online for something personal or need even more protection when browsing for more sensitive information. You should never save anything to disk when you’re in a private browsing window, and you should also take care not to visit any sites on the web that may try to download malicious programs or tracking cookies via an ad network or other mechanism (this is where Private Internet Access comes into play!).
15 – Change your browser homepage and search engine – If you use certain browsers then changing your homepage and search provider can help limit the amount of tracking that companies do online. In most cases this won’t prevent advertising from being served, but it will at least keep some elements out of the equation! This doesn’t have a huge impact, but every little bit helps!
16 – Check what are you sharing – Every time you go to share something online, make sure that the people you’re sharing it with can view sensitive data. If they don’t need access to passwords or credit cards then hide them out of sight! There’s no reason for anyone else to know sensitive details about your life, and this is a great way to keep those kinds of things safe from prying eyes.
17 – Protect your webcam at all costs – Webcams are easily hacked into by malware, so don’t use one unless you absolutely have to (such as when using video chat). Even then, disable the microphone on the device during any kind of audio chat (this will disable audio recording and stop someone from being able to hear what you say).
18 – Keep on top of firmware updates – If your hardware vendor releases firmware updates, make sure to install them as soon as possible! These kinds of updates often include bug fixes and security patches. It’s no good having a computer that is vulnerable because you missed an important update. Be sure to always read the changelogs so that you know what the patch will actually do before updating (as they sometimes contain new features or changes beyond fixing security holes).
19 – Consider getting a UPS for your home network – A UPS is useful in many ways, but also protects against several types of attacks that could cause downtime or data loss if there were power fluctuations or outages in your area. This even includes brownouts which can occur if your utility company spikes the voltage under certain conditions so that they can avoid paying for more power capacity. Our guide on using a UPS for home networks has additional information if you’re interested in this option!