With the uncertainty around Covid-19 and many moving to remote work and school, the need for cyber-security awareness hasn't been higher.
The Cybersecurity & Infrastructure Security Agency (CISA) devotes an entire section of their national risk management website to the increasing risk of opportunists preying on people's fears and confusion. Taking a few minutes and poking around https://www.cisa.gov/coronavirus illustrates our government's concern regarding scammers using the world-wide crisis to their advantage.
Warnings from the Consumer Financial Protection Bureau (CFPB) cautioned that scammers would attempt to either sell bogus cures, mine personal information, and in some extreme cases, attempt to target social security benefits. They warn, again and again, that these scammers are using phones, letters, texts, and email. They caution everyone to remain on high alert for anything unusual. (To learn more about the CFPB warnings, read their article here: https://www.consumerfinance.gov/about-us/blog/beware-coronavirus-related-scams/.)
On the subject of cyber-security, Mike Zinni, Director of Software Development for Davin Workforce Solutions, said:
“Scammers and hackers are reading these same warnings and they are adjusting. The phishing e-mails are looking more legitimate, the scanning for public information is getting more sophisticated. Social engineering, combining your public information and leaked information with phone calls, text messages or e-mails can fool even the most security-aware individual to expose sensitive information.”
In honor of Cyber-Security Awareness Month, we turned to our archives to bring highlights of our experts' tips on cyber-security and creating a safe internet experience.
A Safer Internet
Cyber-security and internet safety shouldn't be an after-thought. Teaching everyone the basics of internet safety, especially younger users, is the first step towards a secure, enjoyable internet experience. Google compiled a list for Safer Internet Day (February 5th) that should be kept in mind all year round:
- Share with Care
- Don't Fall for Fake
- Secure Your Secrets
- It's Cool to be Kind
- When in Doubt, Talk It Out
Following these guidelines is the best start towards a safe internet experience. We go into greater detail in our article, Happy Safer Internet Day, found here.
A Comprehensive List
Back in July of 2019, we put together a list of best practices for colleges and universities safe from a cyber-attack. While the article focused on higher education institutes, the basic principles are excellent tips for everybody. Many of the suggestions will be featured in more detail later on in this article.
Our experts suggest:
- Provide regular security training to stay aware of new threats.
- Keep computers up to date.
- Implement spam blockers.
- Practice proper password maintenance.
- Ensure any software used is secure.
These tips are explained in our article, Cyber-Security and Learning Institutes: Best Practices, which is found here.
Update Your Computer
In our article, Why Put Off Until Tomorrow What You Can Do Today, we talk about that thing everyone hates to do… installing updates. Yes, it's time-consuming and disrupts work, but the alternative can cause even greater frustrations.
Computer updates often come with security updates. Since hackers are always finding and exploiting vulnerabilities, these security updates are essential to ensure that these vulnerabilities are shored up. Hitting "remind me tomorrow" instead of "install now" is a game of cyber Russian Roulette. Install that security update now to avoid potential damages later.
To learn more about the dangers and consequences around ignoring the update button, read the article here.
As we talked about above, the CFPB warns of scams coming through emails. When an email comes through trying to get information, like passwords, credit card numbers, or social security information, that is a phishing email.
Our experts suggest education into phishing tactics and a healthy paranoia when it comes to received emails. If something feels off, especially if the email is requesting information or funds, keep in mind:
- An email should never ask for login information.
- Look at the actual email address, not just the nickname.
- Don't just click on links.
In our article, Please, No Phishing, we go into greater detail about these points and how to safeguard against phishing schemes. Read more here.
Early last year Mike Zinni wrote an article expounding password managers' benefits. He's a big believer in the power of password management software, and he's made a convert of the rest of the Davin team.
Password managers create and store extremely complicated passwords, allowing for unique logins across all accounts. Then, a single password is used to unlock the software. The process enables users to remember a single, complicated password, but keep all of their accounts secure with hard-to-break passwords.
Many of us in Davin use these in our personal lives, along with professional lives. We are firm believers in the power of password managers. Read more about Mike's views and suggestions in his article, Who Changed the WiFi Password?.
Most accounts now come with the option of choosing security questions in case account recovery is needed. But answering these questions with straight-forward answers might not be the best way to handle the situation.
Many security questions are pretty standard and ask for easily obtained information.
- What's your mother's maiden name?
- What street did you grow up on?
- What was your high school mascot?
Anyone with a little time on their hands could use social media and paid searches to research the answers to these questions and crack into an account.
Our experts recently presented an article suggesting that instead of answering security questions truthfully during the initial set up, choose a wrong answer. Creating incorrect question/answer combos will increase the security on the account.
Read more about how to craft security questions and answers in our article, How To Navigate Security Questions: Keep Fluffy Out of It.
Are Your Documents Secure?
If a company needs to store and share secure documents, choosing the best storage device to ensure the documents' security is vital.
In the article, Document Storage – How secure are your methods, our experts break down the three levels of document storage security:
- Least Secure – Local/Email
- More Secure – Cloud Storage Sites
- Most Secure – Closed Systems
The article explains each storage method and the benefits and hindrances that come with each one. The article also shares the bonus, fourth level of document storage. Read here.
Partner with Caution
Mike Zinni wrote another article last year about his experience with pay-to-play security and how one should never take a company's promise of "security" at face value.
When partnering with another company to ensure network security, Mike always asks the company to detail how they are secure. He found that if the company doesn’t/won't/can't answer his questions, they are not the right company.
Companies with high standards for security are never afraid to talk about it.
Read more about Mike's experiences in his article Security: Setting a Higher Standard.
We aimed this expert tip at companies that use permissions to partition sensitive data, whether it's medical records, financial documents, or other information valuable to hackers.
Having a "set and forget" mentality regarding software permissions is a great way to potentially leave a backdoor wide open for hackers or disgruntled ex-employees. A 2018 hospital data breach stemmed from a failure to terminate a former employee's access.
Having routine permissions clean-up and a clear employee termination plan helps to reduce these vulnerabilities. Our article, Permissions: Don't "Set and Forget" goes into greater detail.
Vulnerability Scanning Software
And finally, a pro-tip for any company with a website or company-specific software, especially a website that houses valuable information. Vulnerability Scanning Software is an invaluable tool to help identify vulnerabilities in software and websites before hackers.
In our article about the subject, Mike Zinni explains:
"The most significant benefit of using code scanning to identify potential vulnerabilities is to increase our knowledge and to develop robust coding standards. The product provides suggestions and resources for efficient remediation."
Staying on top of all of the latest developments in vulnerabilities can be a full-time job. Adding tools like Vulnerability Scanning Software not only helps companies stay on top of the latest vulnerabilities, it helps to troubleshoot and strengthen the future site.
The Davin team goes into detail about the different types of scans and their importance in our article, The Importance of Vulnerability Software.
Cyber-security is not something that only big companies worry about; cyber-security should be a priority for anyone who uses the internet. With a clear head and a solid plan, staying on top of cyber-security will not be a daunting task.