We say we can’t live without technology, that our networked devices are extensions of our own bodies (and they now can be). Isn’t it time we cared for them as such?
Cyber attacks are a major threat to individuals and businesses alike, and sifting through security whitepapers and ever-changing industry best-practices can get overwhelming. But it doesn’t have to be so complicated. Basics are basics, and much what we already know about health can guide us through securing our networks and data.
1. Get immunized
Vaccines boost our immunity to diseases. The cyber counterpart is the software patch. That niggling update notification—yes, the one you’re probably ignoring at this very moment—is annoying for a reason. Many of these updates contain the reinforcements needed to combat newly discovered software vulnerabilities. Think of it as a free shot—without the stick.
All software—from operating systems to third-party applications—should be updated as soon as new patches roll out; it only takes one overlooked weak point for a hacker to gain access.
2. Use protection
So, you’re working with a great contractor—but beware: their security habits, or lack thereof, could be putting you in danger. The Wall Street Journal reports one-fifth to two-thirds of data breaches have been linked to hackers slithering in via vendors or third parties. Case in point: the 2013 Target breach, which traced back to a heating contractor.
Some ventures are attempting to create security scores for businesses by assessing the malicious traffic linked to their internet addresses. SecurityScorecard, for example, claims to monitor third-party security risk by assigning industry-specifics vendors a letter grade. If you can afford to pay for this kind of risk-assessment service, the up-front costs are likely worth the potential fallout from a breach down the line.
For businesses contracting with individuals, be cautious with user privileges. Never hand over administrator credentials for a website or other system unless absolutely necessary.
3. Limit exposure
Whether it’s using sunscreen or booking that non-smoking room, avoiding exposure is one of the simplest ways to minimize risk. The proliferation public wifi access points combined with our many connection-seeking devices may be leaving our personal data out in the sun.
Avoid accidentally connecting to an open malicious network by turning off wireless connection in public settings.
Make “off” the default state for wireless and bluetooth—and use them only as needed.
4. Encourage workplace safety
Just because more of us are working in offices and not coal mines doesn’t mean we aren’t still at risk of occupational hazards. Educating colleagues about the dangers they may encounter online will save you a corporate headache later on, but it will also encourage good habits that will benefit them off the clock.
Train employees and co-workers to identify phishing schemes and suspicious links or behavior—and provide a way for them to report their findings to be investigated.
Until the day the now-archaic password is laid to rest (and it’s starting to look possible), we will have to suffer the next best solutions: two-step verification and complex passphrases. If neither these options are feasible for your workplace, at the very least, preach safe password practices.
5. Be prepared
If you’re seriously sick or injured, you see a doctor and, hopefully, have an insurance plan to handle the costs. Likewise, having a clear contingency plan in place before an attack occurs will offset the pain and expense—and minimize the time it takes to identify the affected data, repair the damage and notify the victims.
Ready.gov developed a handy guide for the layperson who preparing for or currently dealing with a cyber attack. For companies, the cyber attack procedure should be integrated into the business continuity plan. All continuity plans should cover cyber security attack response in detail—from identifying threat actors to developing a chain of command.
Minimize surprise—Regularly audit security to stay on top of a breach as soon as it happens.
Maintain rigorous backups and thorough inventories of files, software and hardware.