“Let the eye of vigilance never be closed.” – Thomas Jefferson
Anything that is to become a habit requires practice. Practicing vigilance as we transact many aspects of our professional and personal lives via cyber (think the internet, computers, email, applications, mobile devices, etc.) is now an imperative as our world continues to become more cyber-interconnected; the threats from malicious actors that want to scam, steal, disrupt and violate now have a global reach to each of us by way in this cyber world. Cyber is the new battlefield—we are now all cyber-soldiers with a responsibility to do what we can to mitigate risks that can otherwise have profound impacts to the companies with which we are employed, our personal lives and our well-being and safety in society.
Stay Vigilant in the Cyber World
As a cybersecurity professional who works for a company (Juniper Networks) that is on the front lines every day seeking to create and advance innovation that reduces complexity, increases security and seeks to enable enterprises across the globe with networking & security technology and capabilities. I know firsthand what practicing vigilance means and why it is something WE ALL must do in the cyber world. I live in this world every day as my chosen profession; I am passionate about helping others understand their responsibility in protecting themselves and the companies for which they work.
Throughout human history, there have always been at least one bad apple in the bunch seeking to take advantage of, steal from, con and generally do harm to others as to advance their own goals which often are relating to profiting off others. This is by no means a new phenomenon, but our global cyber world has simply afforded these “bad apples” to execute their dastardly deeds on a global scale and reach.
With geo-political unrest, the war in Ukraine raging, social cleaving and culture wars in the U.S. (and elsewhere), the threat of cyber-borne engagement and impacts to each of us is heightened. We MUST be vigilant!
Prevent Cybersecurity Breaches
Many ask me, “What can I reasonably do to protect myself and my company from threats and risks,” to which I do reinforce some basic practices that can help:
Be Wary of Links
Don’t click on links or open files/attachments you receive via email or text (SMS or chat) unless you verify the sender and the intent. If it’s unexpected or out of the blue…pause and verify. Remember, bad-actor’s seeking to exploit someone often use social engineering tactics to incite curiosity, interest and an emotional response. In other words, they seek to exploit trust that is temporarily granted by the target (you and me) and to use this to their advantage.
If you receive a link or other request seeking that you enter and verify your credentials (say to a bank account), validate an Amazon order or shipment, win an amazing price (e.g. Free iPad!!), the list goes on and on. Don’t do it! Pause and take the time to verify for granting any trust, even when you receive something from someone you know (as their account could too have been compromised). The few minutes you spend to verify can save you a lot of money, time and grief. Verify, then trust!
Update Software and Devices
Keep your PC or Mac and other network-connected devices (printers, Wifi routers, etc.) up-to-date. Enable vendor updates (say Microsoft Windows, Office apps, MacOS, etc.). Change default admin passwords and when updates are available, apply them. Browsers such as Chrome, Firefox, Edge and Safari need frequent updates to mitigate potential vulnerability exploitation and compromise.
Prevent Viruses with Software
Install, run and maintain anti-virus/anti-malware software on your personal and corporate systems. There are many potential options and solutions—the majority will cover upward of 95% of known “bad stuff” that could otherwise infect and leave your system vulnerable or outright compromised (ransomware).
Backup Data
Configure backups of your data. For personal PC’s or Mac’s, use a USB storage device to copy any information, files, data (photos, legal or financial documents, etc.) to a separate device. Do this at minimum once a month, more frequently if you are more active on updating files and information that is stored on your local system(s). Ask yourself, “If I don’t have the latest file version with the latest update I use to transact something, what will the impact be?” This will help to determine frequency of data backup and risk tolerance if the date is lost or compromised (e.g., ransomware). When possible, disconnect this device after the backup occurs and store in a safe place and/or use online (cloud) based backup solutions or services.
Uninstall Old Apps
Remove unused applications from PC’s, Mac or mobile devices. Apps, games and utilities; if you do not use them on a regular basis, remove them. This reduces the potential for vulnerabilities in such apps to be exploited and your system(s) being compromised.
Use Strong Passwords
Do not use the same password across financial, personal and work systems. Credentials (your user id and password = what you know) should always use a different password or better yet, a passphrase (passphrase example is ‘thESunfeel$great0Nmyface!’). Using different passwords and / or passphrases across various accounts (e.g., Bank, personal and work systems) is important! Also, use a password manager (Google to search for options). There are many options to help organize and securely store your credentials.
Multi-Factor Authentication
Use 2FA and MFA (2-factor or Multi-Factor Authentication) whenever possible and feasible. When paired with your credentials (what you know + what you have and/or ARE – 2FA/MFA), this provides another layer of authentication security that is more difficult for a nefarious actor to compromise. Most financial services (e.g., Online banking), Amazon, Microsoft and others readily support 2FA/MFA. Having a code sent to your mobile device is another form of 2FA, as are fingerprint scanners.
Beware of Suspicious Websites
Pay attention to the websites you utilize and the information you share. Be mindful and cautious relative to your online use—avoid websites that may have questionable practices or intent relative to the services or products they claim to provide. Use your “Spidey senses” and if something doesn’t look right or feel right it is probably not right and should therefore be avoided. Often simply searching for a company or website reputational input is easy and provides insight as to whether the site or company is safe.
I refer to the above recommendations as basic security hygiene. These steps alone will go a long way in protecting your sensitive data/information, credentials, and reduces the potential for a system being compromised. They are proactive steps we can all take to practice vigilance and take some control in the cyber world.
For more information on this topic, refer to Emtrain’s Cybersecurity Training Course.
Frequently Asked Questions (FAQ)
- What types of cyber threats should organizations expect?
-
-
- Organizations should expect malware attacks, ID theft, ransomware, cloud-based network attacks, phishing attacks, and social media-based attacks.
-
- What employee behaviors can trigger malware attacks?
-
-
- Downloading untrusted software, clicking on malicious links, and visiting compromised websites can trigger malware attacks.
-
- How does social engineering lead to ID theft?
-
-
- Social engineering involves tricking employees into revealing sensitive information by posing as trusted entities.
-
- What measures can businesses take to prevent cloud-based network attacks?
-
-
- Businesses should validate security configurations, restrict permissions, use strong passwords, employ multi-factor authentication, and regularly review access controls.
-
- What are the best practices for managing passwords and passphrases?
-
-
- Best practices include using strong, unique passwords, secure password managers, two-factor authentication, avoiding browser-based storage, and not reusing passwords.
-
- Why are work-from-home (WFH) environments more vulnerable to cyber threats?
-
-
- WFH environments are more vulnerable due to diverse personal devices, distractions, varying home network security, and exposure to public WiFi.
-
- How can employees help operationalize security within an organization?
-
-
- Employees can help by being vigilant, following security policies, participating in training, reporting suspicious activities, and using secure tools.
-
- What is the impact of ransomware attacks on businesses?
-
-
- Ransomware attacks can cause financial loss, operational disruptions, data loss, and reputational damage.
-
- How do I mitigate phishing attacks?
-
-
- Mitigate phishing attacks through employee training, email filtering, multi-factor authentication, and regular system updates.
-
- Why is a company-wide approach to cybersecurity important?
-
- A company-wide approach ensures comprehensive protection, involving every employee in maintaining security and reducing risks.