Keep Your Cyberspace Safe
Navigating the ever-changing world of technology can be daunting. Products, platforms, tools and upgrades seem to roll out daily, throwing a wrench in what we know about protecting ourselves from data breaches and other security concerns. With all of these updates, it’s easy to inadvertently let your cybersecurity guard down. If you’re guilty of any of the following five common security slipups (a lot of us are!), Shane Maas, director of infrastructure at GuideOne, and Blake Roth, senior data security analyst at GuideOne, have the solutions you need to remedy these risks.
Easy Slipup #1
Creating simple or predictable passwords that are easy to remember, but also very easy for a machine to guess.
- Create long passwords. “The more characters in the password, the harder it is for a machine to guess,” Roth says. “That said, it has to be easy for you to remember. ‘Purplemonkeydishwasher’ is better than ‘xky74wx’”.
- Do not choose a password based on personal information that could be accessed or guessed.
- Develop a mnemonic for remembering complex passwords. For example, Roy G. Biv is a mnemonic name for remembering the colors of the rainbow.
- Use passphrases when you can—they can be easier to remember without being predictable! Purplemonkeydishwasher, noted above, is a good example of a passphrase.
- Use different passwords on different systems. While this is a hassle at times, it’s the best way to secure your networks.
Easy Slipup #2
Relying only on antivirus software to protect network systems. Criminals are becoming more prolific and creative when it comes to hacking into your network, for example creating ransomware starter kicks. Maas has a good analogy to put it in perspective:
- Choose and use the correct antivirus software.
- Continually update your security systems to protect your information from ransomware attacks. With ransomware starter kits increasing, it’s easier for criminals to attack small businesses, whose safeguards are often lower-tech than larger businesses.
Easy Slipup #3
Not verifying hyperlinks in emails from unknown senders. They could link to malware, potentially leading to a surprise cyberattack.
- Look for these red flags when you are suspicious about an email:
- Spoofed email address
- Being prompted to open an attachment
- Personal information requests
- Immediate action required
- Verify URL destinations to confirm that the sites are legitimate.
- Keep your security software up to date.
- Use an encryption tool when sending emails to keep the information safe. Recipients will need a specific, unique code or a virtual key to unlock the encryption and view the message’s content.
Easy Slipup #4
Knowing about the cloud, but not understanding the cloud. “Cloud computing is changing the way information technology (IT) services are being delivered,” Roth says. “Cloud computing leverages the internet to deliver resources like applications and storage to anyone with access to the internet. It allows users to consume resources like you do electricity—you don’t need to create and store it locally to be able to access it locally.”
- Know who “owns” the data within the cloud.
- Be aware on the type of cloud service you’re engaging and the different levels of access to review and audit the services and infrastructure.
- Know the tradeoffs of the cloud which include latency and bandwidth concerns—the traffic must get to and from the cloud somehow—and the risks, like having to extend a certain amount of trust to the cloud provider, Roth says.
Easy Slipup #5
Accidently broadening your risk of attack by letting concerns slide because you think you’re overreacting. If something seems off or weird, it probably is.
- Watch for red flags and take them seriously.
For additional information on cybersecurity, review these tips and topics of concern from the United States Computer Emergency Readiness Team.
© 2018 The GuideOne Center for Risk Management, LLC. All rights reserved.This material is for informational purposes only. It is not intended to give specific legal or risk management advice, nor are any suggested checklists or action plans intended to include or address all possible risk management exposures or solutions. You are encouraged to retain your own expert consultants and legal advisors in order to develop a risk management plan specific to your own activities.