Although October is the nationally designated month for cybersecurity awareness, it’s truly is a year-round matter. As the saying goes, the best defense is a good offense, and effective cybersecurity requires a consistent, proactive approach.
- Cybersecurity comes down to people
- If you lost your keys, do you simply copy your other pair or do you change the locks?
- Cybersecurity doesn't take a vacation, even when you do
- Always look before you click
- Wherever possible use multi-factor authentication
- You have to assume you've already been compromised
As a managed service provider, we specialize in helping businesses with their cybersecurity needs. From monitoring for attacks to defending against them and even helping with the aftermath, we understand what needs to be done. We asked experts across our company to share their perspective on cybersecurity. Here’s what they have to say.
Technical Account Manager
Cybersecurity is impacted by the digital and physical world. You can have the best software and tools available, but if your employee decides to click on a malicious link, how can you control that?
At the end of the day, cybersecurity comes down to people. Are your employees educated on malware, phishing and other scams? Are they trained to be skeptical about the internet? Due diligence and deductive reasoning can save the day when spam filters and other security software cannot.
"At the end of the day, cybersecurity comes down to people. " - Eric Cassell
Solutions ArchitectCybersecurity is what you make it. If you take risks online, you’ll be prone to problems. If you practice safe behaviors, you can protect your business. These are good starting points for every employee:
- Install firewalls to prevent access to your network
- Segment your devices to stop the spread of viruses
- Visit secure websites that have HTTPS in the URL
- Work with trusted vendors
- Have unique passwords for every account, especially on banking and social media sites
- Avoid public hotspots whenever possible and never allow ‘auto-connect’
- Use secure password managers to document your passwords
"Cybersecurity is what you make it." - Anthony Ruiz
Cybersecurity doesn't take a vacation, even when you do! I traveled to Hong Kong earlier this year, and my biggest concerns were having my devices stolen or my accounts compromised.
To protect myself, I took a few measures. I had a phone just for travel and it had only the apps I needed for the trip. I made sure my Bluetooth and WiFi were off so I didn’t accidentally connect to compromised networks. Finally, I used a virtual private network app for my iphone, ExpressVPN, so when I did connect, it was encrypted and protected from hacking.
"Cybersecurity doesn't take a vacation," - Wayne Friederich
Al Michaud, First Response Team Lead & Mat Steinlin, Team Lead
When thinking of cybersecurity, here are good question to ask yourself:
- If you lost your keys, do you simply copy your other pair or do you change the locks?
- Do you have the same key for your house, car, safe and P.O. box?
We’re betting you answered, "No." for each of these! The same ideas apply to your cybersecurity.
Most cybersecurity issues can be mitigated with awareness. We know not everyone is a ‘techie’, and we’re always here to assist when our clients feel something is off. To help them be proactive, these are easy-to-manage security tips:
1. Change your password regularly. Ideally to something that has 8+ characters with a symbol, number, lowercase letter and capital letter. This makes it harder for bad guys to guess which keys you’re using for important information.
2. Ensure you’re not sharing passwords across platforms. Don’t use your email password for your bank password. This way if the bad guys guess one password, they don’t have the keys to the whole kingdom.
3. Don’t leave your passwords somewhere easy to find. Also, don’t use identifying information in your passwords — no birthdays, hobbies, names, sports, etc. If someone could use the word in a general conversation it’s too easy.
4. Don’t trust the ‘FROM:’ in an email. If the email looks odd, contact the person who sent it. Spoofing (pretending to be someone else) is sadly easier than it should be.
5. Double check everything. If someone asks for your credentials, financial information or personal information via an email, do your due diligence and call that person to confirm spoofing isn’t at play.
6. Don’t ‘Sign in’ to your social media sites from random websites. You may not be able to tell if the site is fake or if your username and password is being recorded.
7. Always look at a link before you click it. If you hold your cursor over a link it will typically tell you where the link goes. If it goes to some random site that doesn’t look legit – don’t click!
8. Be wary of who’s calling you. Microsoft and other brand-name companies aren’t going to call you to report your computer has an issue. Most of these are scams —don’t let them onto your computer.
9. Use CTRL+ALT+DEL. If you’re surfing the internet and a ‘YOU HAVE VIRUS’ message pops up, don’t call the number or click the link! Hit CTRL+ALT+DEL to close out the browser and end the process.
10. Use tools to help you. Install programs like Adblocker to help prevent or mitigate annoying and sometimes dangerous pop-ups from the web.
"Most cybersecurity issues can be mitigated with awareness." - Al Michaud
You can’t talk about cybersecurity without mentioning passwords. They can be your lifesaver or your worst problem, it all depends on the strength and uniqueness. Make sure your passwords hit all the marks (character count, symbols, numbers, etc.) and, although we’re all tempted to, make sure you’re not repeating passwords across platforms. Also, wherever possible use multi-factor authentication to ensure no one can access your accounts without you knowing about it. "
"You can’t talk about cybersecurity without mentioning passwords. " - Andreas Larsen
Senior Network Engineer
In this day and age, you have to assume that you have already been compromised. Just take a look at the news and you’ll see that it’s safer to err on the side of caution.
- Equifax had a breach that exposed the personal information of 143 million Americans.
- Experian had a breach that affected 123 million Americans, exposing their personal information to abuse and exploitation.
- Facebook has had two separate breaches that allowed third parties to acquire not only the explicit information that people enter, but also the "shadow information" that Facebook collects by tracking your conversations, preferences, ad watches, and browsing history.
And the list goes on! Knowing all this, what can people do?
1. Create a strong password with a password manager
Passwords are stored by companies in what is called a hashed format. If your password is hunter2, the database will store the word as a long string of text like shgewa0ogdbdbs7d3shgdfhxfann3q05bn-03a985.
When you log into a site, the password system runs the word you enter through an algorithm to find the corresponding hash. If they match, the password is accepted. This means that using common passwords like Password1, abc123, or LetMeIn are risky because an attacker can run easily them against the hash. A password manager helps you generate strong passwords that can’t be easily guessed.
2. Review bank and credit card statements monthly
You are not generally liable for fraudulent purchases made on your credit cards as long as they are reported in a timely manner. You should go over a statement before you pay it to ensure that all purchases made in that billing cycle are legitimate. Getting into this monthly habit ensures that you can always report fraudulent activity in a timely manner.
3. If your personal information is exposed, freeze your credit
New FTC rules have made credit freezes free of charge. A credit freeze locks access to your credit history, so that no one can make requests of your history and no new lines of credit can be opened in your name.
"You have to assume you've already been compromised." - Travis Hession
To me, one of the biggest threats to cybersecurity is social engineering. In the IT world, this means manipulating people to get what you want, and it’s easier than you think! If you go somewhere and look the part, more times than not, people won’t ask for credentials. Imagine if a bad person took advantage of this.
There have to be security steps in place not just online, but in the real world. Make sure your business is physically protected, educate staff to be aware of their surroundings, communicate from the top down so every employee is on the same page.
Can't get enough cybersecurity knowledge?
Effective cybersecurity requires a well-rounded and adaptable strategy. Empower your business with the help of a qualified IT company. iVenture Solutions is an award-winning managed service provider delivering superior IT solutions to clients across Florida. As a leading-edge IT firm for small and medium-sized businesses, we provide a diverse range of services covering the entire scope of IT including maintenance, support, hosting and more. Through rapid response time, reduction of chaos and the right people, our expert team of IT professionals will fulfill your technology needs. At iVenture, we give you more time to do what matters most.