October is National Cyber Security Awareness Month. And it couldn’t come at a better time. As last month’s huge Equifax breach proved, no one is safe from hackers and cyber criminals. That breach affected 143 million Americans. There will always be someone out there trying to outsmart the best security systems — and trying to outsmart the humans using those systems. (Turns out that last part isn’t very hard to do. Humans are the weakest link in your cybersecurity plan, and we’ll talk more about how to fix that, too.)
Started by the U.S. Department of Homeland Security and the National Cyber Security Alliance, Cyber Security Awareness Month is an annual campaign to educate and raise awareness about the very real threats that cyber criminals pose to organizations and individuals around the world.
While we love the convenience, efficiency, and speed of technology to conduct business and manage our daily lives, this same technology is putting us and our personal information at risk, too. Cybercrime collectively costs businesses billions of dollars every year. Even a breach to a smaller company can cost hundreds of thousands of dollars. If you’re a small or mid-size company, that kind of cost plus the hit to your reputation could ruin your business.
As a software company, we always stress the importance of security with our clients. We had a lot of questions after this major breach. Cyber security, or the now more commonly used cybersecurity, boils down to common sense and constant vigilance. That’s why we’re celebrating Cyber Security Awareness Month with five best practices for thwarting cyber criminals — and protecting your organization.
Software updates are not always about fancy new features. They also remove outdated features, update drivers, fix bugs, and, most importantly, fix holes in the security of your software. These security updates in particular make it really important for you to update your software as soon you receive an update notice. It’s a best practice and just common sense to always work from the most updated versions of your software.
Another way hackers can get in and wreak havoc is through targeted phishing scams. Phishing scams run the gamut but generally work the same way. The scammer sends an email that looks like it’s from someone you trust. It could be a vendor, the IRS, your bank, or even a department within your organization, such as HR or accounting. Some scammers have even impersonated company CEOs!
A typical phishing email usually asks you for sensitive information or includes a link that prompts you to log in to one of your accounts. While the link may take you to a page that looks like the login page you’re used to seeing, that page can actually be a fake landing page that records and saves your information to use later. The email usually expresses urgency, threatening things like shutting down your account and charging big fines if you don’t act right away. These tactics are meant to scare you into acting quickly without thinking first.
To avoid falling prey to these scams:
For more on how phishing scams work, and how easily they can trick you, check out this article about sophisticated phishing scams.
You can have the best firewalls and security software around and still get hacked. Your people and processes are key to cybersecurity. In fact, according to a report by IBM, 95% of security breaches are caused by human error.
Making cybersecurity a part of your culture is the best way to guard against an attack. You do this by embedding security best practices into your processes and by educating your people on how attacks happen and how to guard against them.
Employees should know:
Your organization should have policies and processes in place to:
You also need to do your due diligence to protect your organization from a cyberattack using the technology that’s out there. The foundation of your cybersecurity plan should include installing firewalls and antivirus software. These pieces are crucial to have, as they create your first lines of defense against an attack. Don’t just purchase the cheapest option. Do your research to find reputable vendors, as well as to find the software that best suits your organization’s needs. If you need help comparing options, there are agencies and consultants who can help you by leading the selection process for new cybersecurity software and by offering an objective, third-party perspective as you make your decision.
Finally, you need to be able to detect incidents and have a plan for responding. In the event of a cyber breach or attack, every minute counts. From the detection of a vulnerability to a full blown attack, you need to respond quickly once a breach has happened. Work with security experts to develop a plan that covers all likely scenarios. Once you have a plan, train your staff on the procedures.
Cybersecurity is a real threat. According to the National Cyber Security Alliance, 50% of small and midsize businesses have been breached in the past 12 months. Following these cybersecurity best practices will help make sure your organization doesn’t become the next headline.
Is Your E-Commerce Website Secure? What You Need to Know About TLS11 Security Tips Every SaaS Startup Should Take to HeartIs Your Server Secure Enough?Is Your Website A Sitting Duck for Hackers?