- Cyber awareness Program
- How secure is your information
First, let’s dispel some myths. Anti-virus software and a password do not keep information secure! As reported in the article mentioned above, the attack on the White House was a phishing attack. If you click on that link or open that attachment then the quality of your password may not matter and anti-virus is likely 0% effective against a zero-day attack. Passwords and anti-virus are necessary, but it is like locking 20-50% of the windows in your house and hoping the burglars do not find the other unlocked windows. There are lots of holes. Anti-virus is only about 20% effective.
- What about passwords?
If you use a single word a hacker can guess it in about three minutes or less with a dictionary attack! Once the attacker has one password how many accounts does he have access to, or do you use different passwords for every account? If you click a link in an email or on a website, there is a high probability it could be a virus that silently downloads in the background. Then it is game over and no password in the world will protect you! If that virus happens to be a “keylogger” virus, then the hacker is now collecting every single keystroke of your computer, to include passwords, account numbers, social security numbers, everything!
If you believe you will never get hacked or suffer a data breach, you are in good company with many other individuals and business-owners who have been convinced they are secure.
Let me ask you this: how would you know if you were hacked or did suffer a breach? Does some bell go off on your computer announcing, “You have been hacked?” What you might notice is that your computer or mobile device becomes sluggish, which could be a number of issues, or your anti-virus software tells you it has detected a virus. So then what; what does that mean? You take the computer to a computer doctor and have it cleaned and you are back in business, right? At this point do you know whether anything was stolen? Probably not; and you will likely assume there are or will be no further issues?
Here’s the reality. In most cases you will find out you have been breached from a third party, like a friend, customer, client, or patient. If you are a business owner it is usually a very unhappy customer, client, or patient possibly looking to sue. It might be a friend who received a suspicious email from you and is checking to see if you sent it.
So, what can you do to protect yourself, your business: choose a good IT company, lower risk and reduce or eliminate the liability associated with a breach, and, be cyber astute?
- In choosing a good IT company, check their references;
Ask to speak to current customers; the company should be comfortable supporting traditional networks as well as applications in the cloud; and, it’s imperative they be very familiar with various cyber security laws/standards such as HIPAA and PCI. Are they going to monitor your network for threats and intrusions?
- Risk and liability management.
Once you have your network set up and security implemented, like anti-virus, passwords, changing all default/factory passwords, implement three critical components:
a). Have a security assessment done, which includes: Review of current security and some recommendations;
b) Review and/or drafting of current policies and recommendations; and,
c.) Cyber security awareness training for all employees (a requirement under the Security Rule).These steps will lower the risk of a cyber-incident/data breach, and reduce or eliminate your liability if one does occur. Why, because as a business owner you can confidently claim you have implemented security, can show it in a policy, trained your employees, and basically have done the best you can.
Cyber Awareness
- Using your Smartphone for banking can be risky. The security is just not up to par yet.
- When banking online, close all other windows and ensure the bank window URL comes up as Https.
- If using public Wi-Fi, like hotel, coffee shop, airport, library, use a proxy that allows you to encrypt all your data so hackers cannot steal it.
- If the data you collect process and store is sensitive, encrypt it.
- If emailing sensitive data, like financial information, use secure or encrypted email.
- Always log out of any account, especially banks, social media, etc. Simply closing the window leaves you logged in and hackers can potentially get in.
- Do NOT click on links in emails. Many are fake and will take you a fake site, like a fake Face book site where hackers will steal you data.
- Do NOT click on the “unsubscribe” link in emails. In many cases the email may be fake and by clicking unsubscribe you are legitimizing your email and will be put on a spam list.
- Passwords protect all mobile devices.
- Use Strong Passwords
Use different user ID / password combinations for different accounts and avoid writing them down. Make the passwords more complicated by combining letters, numbers, special characters (minimum 10 characters in total) and change them on a regular basis.
- Secure your computer
- Activate your firewall
Firewalls are the first line of cyber defense; they block connections to unknown or bogus sites and will keep out some types of viruses and hackers. - Use anti-virus/malware software
Prevent viruses from infecting your computer by installing and regularly updating anti-virus software. - Block spyware attacks
Prevent spyware from infiltrating your computer by installing and updating anti-spyware software.
- Activate your firewall
- Be Social-Media Savvy
Make sure your social networking profiles (e.g. Facebook, Twitter, Youtube, MSN, etc.) are set to private. Check your security settings. Be careful what information you post online. Once it is on the Internet, it is there forever! - Secure your Mobile Devices
Be aware that your mobile device is vulnerable to viruses and hackers. Download applications from trusted sources. - Install the latest operating system updates
Keep your applications and operating system (e.g. Windows, Mac, Linux) current with the latest system updates. Turn on automatic updates to prevent potential attacks on older software. - Protect your Data
Use encryption for your most sensitive files such as tax returns or financial records, make regular back-ups of all your important data, and store it in another location. - Secure your wireless network
Wi-Fi (wireless) networks at home are vulnerable to intrusion if they are not properly secured. Review and modify default settings. Public Wi-Fi, a.k.a. “Hot Spots”, are also vulnerable. Avoid conducting financial or corporate transactions on these networks. - Protect your e-identity
Be cautious when giving out personal information such as your name, address, phone number or financial information on the Internet. Make sure that websites are secure (e.g. when making online purchases) or that you’ve enabled privacy settings (e.g. when accessing/using social networking sites). - Avoid being scammed
Always think before you click on a link or file of unknown origin. Don’t feel pressured by any emails. Check the source of the message. When in doubt, verify the source. Never reply to emails that ask you to verify your information or confirm your user ID or password. - Call the right person for help
Don’t panic! If you are a victim, if you encounter illegal Internet content (e.g. child exploitation) or if you suspect a computer crime, identity theft or a commercial scam, report this to your local police. If you need help with maintenance or software installation on your computer, consult with your service provider or a certified computer technician.
Source : Google