Three Cybersecurity Tips for February

There have been several notable data breaches recently, affecting Marriott, Panera Bread, and Facebook. You don’t have to work for a large company to suffer the same breach related costs and data privacy fines, which can reach into the tens and hundreds of thousands of dollars.

Over 50% of notifiable data breaches are caused by human error, according to the National Law Review.

The failure to train employees about cybersecurity and to institute a culture of security awareness can lead to disaster.  Here are three tips to protect against data breaches.

Tip #1 – Handle Employee Access Carefully

Because employees can be a major threat to a company’s cybersecurity infrastructure, providing proper training and limiting access to systems based on employees’ roles can reduce the risk that they will introduce a cyberthreat. Managing employee access also includes regularly updating security credentials like usernames and passwords, and immediately removing an employee’s access upon departure. Failing to take these steps can cause serious issues for your organization.

Additionally, ensure appropriate training is made available to senior management as part of their fiduciary duties.

Tip #2 – Protect Your Inbox!

Phishing emails make their way into millions of inboxes every day, hoping to trick users into downloading malicious attachments or clicking on infected website links.  Here are some ways to protect yourself:

  • Hover over links to reveal the URL before clicking
  • View message source to see the real sender email address
  • Ask yourself if this email makes sense or if you were expecting it
  • Be very wary of any emails using threats or urgency to get a reaction
  • Do you know the sender? If not, don’t click
  • Be suspicious of fuzzy images, poor grammar, and misspellings

Tip #3 – Don’t Login to Anything on Public Wi-Fi

As they become more powerful, employees use mobile devices to accomplish their work-related tasks. This change from our desktop office computers to personal mobile devices means that employees are logging in to their work applications from public Wi-Fi networks.  Hackers wait patiently for unsuspecting users to login to a website or application on an unsecured hotel or airport Wi-Fi network to capture their data and login information.  If you have to login while away from your home or office, turn off Wi-Fi and use the network provided by your cellular provider.  One other option is to use a virtual private network (VPN) when away from the office, because it provides an encrypted communication channel between the employee’s device and any websites or networks they login to.

If you have questions about cyber security and how to protect your organization from cyber attacks, contact APEI’s Data Analyst, Julie McBrien at jmcbrien@akpei.com.