Cyberattacks are becoming a regular part of the news cycle. Businesses around the world, as well as federal departments in the U.S., and many other organizations, are being hit with ransomware totalling millions of dollars.
Recognizing this troubling trend, we recently hosted a Cybersecurity 101 webinar to discuss the top cybersecurity risks facing businesses today. We received a lot of great questions during the webinar, and thought we would share them, along with the answers, in case they are of use.
Upcoming Webinar: Ask Us Anything — Get Real-Time Answers to Your Top Tech Questions
We’re also hosting a special “Ask Us Anything” webinar on July 21st. In our first-ever "Ask Us Anything" session, we invite you to bring your burning tech questions to our live webinar. That could be anything from:
- Why a firewall and antivirus aren't enough to protect you from Ransomware
- How to save 4 hours per week with Microsoft applications
- Key tech changes people are making when reopening their offices
- Best practices for training staff to use technology better
How do you know if your system is already compromised?
Unless you regularly audit your system, the scary thing is you may not know. When we onboard new clients, we audit over 300 parts of their technology against best practice standards. A few months ago we were going through this process for a new client, and realized their systems had been breached almost a year-and-a-half earlier. And the attackers were still in the environment! In fact, the hackers were forwarding the emails of these two employees (who worked in the accounting department) and they had written code so that every time the email was forwarded, it was deleted from the sent folder.
So it’s very important to conduct ongoing, regular audits to ensure your system has not been compromised. It could be something as simple as noticing an auto-forward on an email account.
How often should we change our passwords?
We get this question a lot. So, if your password is complex and you have multi-factor authentication in place, you should change your password annually. But in the future, we would want to see security that is password-less. For example, there are services that will generate a password that not even you know, but that allows you to sign in using your phone.
What type of complexity should be included in passwords to make them more secure?
At a minimum, your passwords should include symbols, and both uppercase and lowercase letters. And you’re looking for a minimum of 10 characters in a password.
Tip: Write a sentence and put a period in the middle of the sentence.
How secure are password storage features in web browsers?
Web browsers are literally just a cache. So the security of those passwords depends on the security of your computer. From a safety perspective, if your computer is not safe, someone can get in and get it from your browser. People can actually use your browser to reset other passwords.
What should businesses do if they get hacked?
First, you should assume that you will be breached, and you should have an incident response plan in place. That plan should be written down, and you should practice going through each of the steps as part of a simulation. That way, when and if your company’s network is breached, you should be able to just follow the recovery process you have outlined.
What protections can firms add while staff are working from home?
Employees working from home do not have the same protections as they do when they are working in the office. That’s because they are using an open network, and you can’t secure their internet service provider. So, we recommend moving to mobile-device management and cloud authentication that allows people to authenticate external to your environment, for example, multi-factor authentication or face recognition.
To build cybersecurity in the company culture, what is the best approach?
Based on our experience, cybersecurity tends to be a C-level focus. So if the management or leadership team doesn’t talk about cybersecurity, then you can’t create that mindset. It needs to be incorporated into all company processes, such as onboarding.
As well, it’s important to reward employees who are working to protect the company and guard its assets. If you’re regularly conducting phishing and attack simulations, you will receive data that will outline who the top employees are. You should reward them accordingly. And repeat offenders should also be addressed. You wouldn’t let employees walk out the door of the building without locking it every night; don’t let them leave the door open to your network.
If you would like an assessment of your company’s security processes, contact us today.