Arraya Insights | October 5, 2021
Cyber Security Awareness Month was launched in 2004 by the National Cyber Security Alliance and the U.S. Department of Homeland Security (DHS). Since then, this topic has become even more important as cyber-attacks continue to surge in recent years. A combination of our growing reliance on technology, the worldwide pandemic, and lucrative ransom demands are contributing to this increase.
Continued education and awareness are key in identifying and preventing cyber attacks. Throughout this month, CISA and the NCSA are offering a number of resources to help organizations and individuals focus on and improve their cyber security.
To magnify the focus on cyber security throughout October, we’ve put together a list of the most common “security fails” that can lead to cyber exposure.
Is your business or enterprise guilty of any of these?
1. Weak Passwords
Cyber hackers can guess thousands of password combinations in a matter of seconds. Users should implement these password best practices immediately to make it as difficult as possible for unauthorized individuals to gain access.
- Use a different password for each account: Every digital account should have its own unique password, so one compromised account won’t lead to more.
- Create strong passwords: A complicated password is a strong password. All passwords should contain a combination of upper- and lower-case letters, symbols, and numbers. The longer the password, the better.
- Don’t base passwords on personal information: Our digital footprint is extensive. Hackers can gather personal information on users from a variety of sources to help them crack passwords.
2. Improper WIFI Use
Businesses should establish two separate networks to separate employees and the public. Passwords should be updated regularly with any changes in employees.
Are your firewalls activated? These aren’t always turned on automatically and encryption should be used, whenever available. Many routers implement a generic network name during set up. This should be changed to avoid giving away the make and model of your router to the public.
While private WIFI is much more secure, there are times when public WIFI is all that’s available. However, all public WIFI, such as a coffee shop, hotel, or airport, should be verified with appropriate staff before connecting. Try to avoid sensitive activities, such as online shopping or exchanging private information, while on public WIFI. When necessary, your personal cellular hotspot is usually a better alternative.
3. Lack of Fraud Vigilance
Despite technology’s advancements, many successful cyber attacks rely on simple fraud techniques that bank on human error.
Social engineering occurs when “an attacker uses human interaction (social skills) to obtain or compromise information about an organization or its computer systems.” Hackers will present themselves as a credible party, business, or enterprise in order to trick their victims into giving away credentials that they can use to gain unauthorized access to accounts, networks, and more.
There are several forms of social engineering:
- Phishing: These attacks solicit private information through emails
- Vishing: These attacks leverage voice communications, such as phone calls or voicemails
- Smishing: These attacks exploit SMS, or text messages
It’s important that users remain vigilant in identifying these attacks. When properly identified, they can be discarded or ignored. A short moment of inattention can result in clicking on an infected link or giving information to the wrong party.
Here’s what to look for in identifying these attacks:
- Poor grammar and spelling errors
- Generic greetings, such as “Dear customer,” rather than addressing you by name
- Suspicious email addresses, links, and attachments (hover your cursor over these before clicking or replying)
- Aggressive messages that incite emotion, such as warnings that a bill is overdue, or an account is going to be cancelled
It’s best to do some research if you’re ever suspicious. Don’t reply to the contact information provided by the sender. Instead, contact the company or individual through publicly available contact information to verify whether the correspondence is legitimate before taking further action.
4. Ignored Hardware & Software Vulnerabilities
While these software update notifications can be pesky, they’re important. These constant patches close potential access points for hackers and ensure your business is equipped with the most current security available.
For hardware, vulnerabilities can stem from several issues including reaching the end of its life, lack of regular maintenance, and more.
Both software and hardware should be consistently updated, properly cared for, and replaced when appropriate. This basic, regular maintenance goes a long way.
5. Poor Cloud Security Parameters
A large portion of asset management within the cloud is identifying what data requires maximum security and what doesn’t. Data classification is an important step of transitioning to the cloud to allocate your security resources properly.
In the cloud, data should be protected with a multilayer approach that includes encryption to ensure that an intruder will not be able to read your sensitive information, should they gain access.
It’s up to the user to manage employee access and permissions for the cloud. Businesses should both limit cloud access to only the necessary parties and adopt a zero trust model, which requires continuous verification of all who have access.
6. Failure to Implement MFA
Multi-factor authentication (MFA), also called two-factor authentication, is a simple, but effective security measure. This requires that all users supply a second set of credentials (in addition to their password) prior to accessing a network, account, etc. This second layer of security can make it significantly more difficult for hackers to gain access to unauthorized accounts.
Many businesses fail to implement MFA as they’re not sure where to start or they worry about the cost. However, this security enhancement has become a necessary expense to avoid the financial consequences of a data breach.
7. Inadequate Cyber Security Training
Businesses should seek to create an ongoing culture of security awareness within their organizations. Cyber attacks present a unique challenge due to their constant evolution. While a cyber security training session may have been comprehensive at the time, three months later it’s outdated.
Despite robust security resources, employees are often the weakest link in the cyber security chain. Employers must encourage constant vigilance against cyber threats by investing in regular training sessions, leading by example through management, and making it a known priority.
8. Vulnerable Physical Security
Most cyber attacks are conducted remotely, with bad actors often operating from across the globe. However, it’s important to consider the physical safety of your hardware as well.
Here are a few steps to secure the physical safety of your technology, office, and data:
- Restrict access to your hardware, such as routers, servers, and more
- Require access ID badges for employees to limit those with physical access
- Consistently review access privileges and promptly revoke employee access when appropriate
- Secure all private physical information, such as printed memos, notes, and reports
- Never write down your username, password, or other identifying information
Next Steps: Do Your Part & Review Your Cyber Security Posture Today! #BeCyberSmart
Cyber security is an ongoing battle as our reliance on technology continues to grow.
While this presents many challenges, these small steps can make an enormous impact in your organization’s ability to protect itself from hackers.
With proactive implementation of these security techniques and an ongoing focus on cyber security, your team can significantly reduce your risk.
To learn more about enhancing your cyber security, contact an Arraya expert today.
Visit https://www.arrayasolutions.com/contact-us/ to connect with our team now.
Follow us to stay up to date on our industry insights and unique IT learning opportunities.