Washing your hands for 20 seconds is excellent to prevent getting the cold or flu, but what are some cyber hygiene practices businesses can put in place to protect their IT systems and, more importantly, their data.
While many SecureCircle customers tend to be larger Fortune ### organizations with existing security practices in place, today, I’m going to focus on the smaller organizations that won’t have the National Institute of Standards and Technology (NIST) or International Organization for Standardization (ISO) 27001 certifications.
Human error was responsible for 90% of the data breaches in 2019. Here are some cyber hygiene habits that can help.
- Passwords – When everyone has a key to the front door, it is easy to understand why someone stole the TV. Ensure users are forces to utilize unique passwords. Hackers reuse the user id and stolen passwords from compromised sites to see what information they can gather on other websites. Require complex passwords. If you are a high-value target such as an executive or government official, a complex password prevents a brute force password attack. Enable multi-factor authentication (MFA) whenever possible. MFA would require hackers to gain access to your initial credentials and a secondary device like your phone text messages. Users can also utilize a password manager, which creates very long, complex, and unique passwords. The downside of a password manager is you need to trust the password manager company since they have all your passwords.
- Phishing – Phishing is a specific type of attack meant to trick users into providing the login details of your account. An example attack is below. The victim receives an email that looks real. Due to all the data breaches, hackers may know which companies you transact with so the emails look legitimate. To prevent this, users can install anti-malware/phishing software. Your email provider may already scan inbound emails for phishing attempts. You can also buy additional 3rd party solutions. Users can also educate themselves on phishing attacks. Phishing is just the modern-day version of a physical letter from Nigeria asking to wire money
- Protect data at all times – Data shouldn’t be susceptible to errors such as uploading a file to the wrong folder which doesn’t have any access control, emailing a sensitive document to the wrong person, or stealing internal documents in the case of a malicious employee. Many solutions protect data at rest, but organizations should be looking for a solution that protects data at rest, in transit, and in use.
SecureCircle is a data loss prevention (DLP) replacement that persistently protects data at rest, in transit, and in use. Legacy DLP solutions never worked because the solutions focused on depth and not the breadth of coverage.
SecureCircle also removes the operations burdens of legacy DLP by not requiring a traditional ‘Discover, Classify, Protect’ model.
By focusing on these three cyber hygiene habits, organizations can reduce their risk of ransomware, IT downtime, and data loss.