CalCPA Entertainment Conference 2018 was an amazing event, full of helpful advice regarding Alternative Investments (Cryptocurrency) and protecting from “Acts of God”. Finally, our favorite topic came up… Cybersecurity.
As many great points were brought up during our panel, we thought we’d generate a quick list of tips offered to attendees.
Tip #1 - You are a target of Cyber Criminals.
Don't ever say "It won't happen to me". If your data is important to you, that’s all that matters. Criminals aren’t looking for a market to sell your data in. They’ll just sell access back to you through ransomware.
Tip #2 - Keep software up to date
Installing software updates for your operating system and programs is critical. Always install the latest security updates for your devices. Most recent operating systems and mobile devices offer free updates. If you aren’t covered by formal internal support, reach out.
Tip #3 - Avoid Phishing Scams
Phishing scams are a constant threat - using various social engineering tactics, cyber criminals will attempt to trick you into divulging personal information such as your login ID and password, banking or credit card information. Attacks are becoming far more targeted. Be vigilant!
Tip #4 - Practice good password management
We all have too many passwords to manage - and it's easy to take short-cuts, like reusing the same password. However, as breaches of social media and public service sites become more frequent, the potential of using a leaked password against a corporate environment is proving to be very effective.
The answer to this is strong passwords and a password management program, such as LastPass.
Here are some general password tips to keep in mind:
Use long passwords - 12 characters or more is recommended.
Use a strong mix of characters, and never use the same password for multiple sites.
Don't share your passwords and don't write them down.
Tip #5 - Be careful what you click
Avoid visiting unknown websites or downloading software from untrusted sources. These sites often host malware that will automatically, and often silently, compromise your computer. Recent attacks are proving to be more targeted in nature and will closely resemble a trusted site.
Tip #6 - Never leave devices unattended
The physical security of your devices is just as important as their technical security.
Tip #7 - Protect sensitive data
You don’t have to protect what you don’t have! Only collect information critical to business functions.
Keep sensitive data (e.g., SSN's, credit card information, student records, health information, etc.) off of your workstation, laptop, or mobile devices.
Securely remove sensitive data files from your system when they are no longer needed.
Always use encryption when storing or transmitting sensitive data.
Tip #8 - Use mobile devices safely
Considering how much we rely on our mobile devices, and how susceptible they are to attack, you'll want to make sure you are protected. Devices often come configured to connect to specific wireless networks without the knowledge of the owner. This is done to reduce the cellular data usage. However, it poses an opportunity for an attack to easily intercept sensitive information by masquerading as those networks.
Additionally,
Lock your device with a PIN or password - and never leave it unprotected in public.
Only install apps from trusted sources.
Keep your device's operating system updated.
Tip #9 - Install anti-virus protection
Only install an anti-virus program from a known and trusted source. Keep virus definitions, engines and software up to date to ensure your anti-virus program remains effective. They don’t catch everything, but it’s a start. If you are notified of a virus, don’t ignore it.
Tip #10 - Back up your data
Back up on a regular basis - if you are a victim of a security incident, the only guaranteed way to repair your computer is to erase and re-install the system. We typically never trust an environment that’s been previously breached.
Pro-Tip: Test your backups frequently! You may have critical failures or unintended exclusions from the process.
As always, reach out to Critical Path Security should you have any additional questions.