As the cyber crimes and attacks are increasing, the following tips and guidelines are designed to help small businesses to defend themselves against these attacks:
PASSWORDS
• Create different passwords for every account.
• Use a Password Manager to safely record all of your accounts with their assigned passwords.
• Create passwords with at least 8 characters.
• Add complexity to your passwords with upper and lowercase letters, numbers, and symbols.
•Use a Password Generator to help you create complex passwords.
• Never use a single dictionary word for your password.
• Never use names, birthdays, phone numbers, social security numbers, or other personal information for a password.
• Use a phrase instead of a single word because longer is stronger and phrases are just as easy to remember.
• Never share your passwords.
• Always change your password directly at the site or through the app.
• Never respond to emails, texts, or phone calls asking you for your password or offering to help you change it.
• Never click on weblinks in emails that state your password has been compromised and you need to change your password using the weblink.
• Never use remember me or save passwords in your web browsers.
• Never use your social media logins (Facebook, Twitter, LinkedIn, Google, Office365, etc.) to access a website.
• Always log out from a website, never just closing the web browser with your login still active.
• Set up two-factor authentication on the sites that support it, like email, text, or app verification.
• Change your passwords at least four times a year and whenever you think a password was compromised, never reusing a password that you used recently
• Obtain separate email accounts for each of your needs (personal, business, alerts, etc.).
• Create strong passwords by following the guidelines from the previous section on Passwords.
• Avoid using the same password you use for email accounts on your banking website or any other site.
• Avoid opening or responding to emails from external, unknown, unexpected, or suspicious originators.
• Avoid opening email attachments that are unknown, unexpected, or suspicious.
• Avoid opening or responding to emails that contain spelling and grammar errors.
• Avoid opening or responding to emails that require an urgent response, threaten harm, and/or ask you to click on a link.
• Use your mouse to hover over email hyperlinks (without clicking them) to see the real URL.
• Use data encryption to transmit personal information.
• Never send sensitive personal information (i.e. a Social Security number) over email without encryption.
• Employ spam filters to reduce risk of unwanted and potentially unsafe emails.
• When available, use two-factor authentication in your email service. You’ll then receive an email and/or text when there’s a login from a new computer.
• Only access email accounts from secure networks.
• Avoid accessing email accounts from public Wi-Fi hotspots.
• Be alert to social engineering email attempts (cybercriminals and scammers pretending to represent established companies).
• In short, beware of unsolicited or suspicious emails. Hackers can pretend to be anyone! Always verify the sender before opening an attachment or clicking a link.
INTERNET
• Keep your computer software up-to-date.
• Use a firewall and install antivirus and anti-malware software, always keeping them up to date.
• Back up and encrypt your computer data.
• Never use public Wi-Fi (hotels, coffee shops, etc.). If you must, use a VPN application to encrypt your connection while hiding your location and identity.
• Never share any personal or sensitive information on social media and be even more cautious with social media posts than you are with email messages because cybercriminals can use that information to phish you.
• Use only HTTPS websites (“padlock” icon at start of URL). If you must use HTTP websites, never provide any private or sensitive information.
• Never use remember me or save passwords in your web browsers.
• Never use your social media logins (Facebook, Twitter, LinkedIn, Google, etc.) to access another website.
• Always log out from banking and other websites, never just closing the web browser with your login still active.
• Block ads and pop-ups, and never respond to pop-ups requesting information.
• Never visit, download, or install from unknown websites.
• Keep your cookies and browser cache clear.
• Maintain at least a “medium-high” level of security on your browser settings.
• When available, use two-factor authentication (you’ll then receive an email and/or text when there’s a login from a new computer).
• Whenever possible, restrict online transactions to a computer that is not used for any other website transactions.
• Understand that millions of fake emails, fake social media users, fake Wi-Fi hotspots, fake websites, etc. are created every day, all intending to defraud internet users.
• Report any suspected attacks and change related passwords immediately
Delete unused apps and old accounts
Maybe you downloaded an app one day just because you were bored, or you created a new account in order to make a one-off online purchase. But these unused apps and accounts can pose a cyber security threat. For example, old apps that no longer receive updates mean they are not as well protected as newer apps with more frequent updates. The same goes for old accounts you’ve created that you no longer use.
WI-FI HOTSPOTS
• Never assume that a Wi-Fi hotspot is legitimate or secure.
• Never use a Wi-Fi hotspot for shopping or banking.
• Always log out from websites, never just closing the web browser with your login still active.
• Use only HTTPS websites. If you must use HTTP websites, never provide any private or sensitive information.
• Do not allow automatic connections to non-preferred networks. Computers, tablets, and smartphones can have this setting enabled, please be sure to disable it.
• If you must use Wi-Fi for banking and other websites, use a Virtual Private Network (VPN) service to create an encrypted and secure session.
• Before you connect to a Wi-Fi hotspot, be sure to always turn off file sharing.
• Before you connect to a Wi-Fi hotspot, make sure to enable a firewall.
• Before you connect to a Wi-Fi hotspot, disable ad hoc networking.
• Remember that most chat/IM sessions are not secure.
• Be aware of your surroundings when online in public spots (look out for “shoulder surfers” watching your screen)
MOBILE SECURITY
• Disable location sharing and auto Bluetooth connectivity.
• If your mobile device has data encryption features, activate and use them.
• Install a proven antivirus/anti-malware program on your device and update it regularly.
• Only install mobile apps and updates from the App Store or Google Play, avoiding malicious apps, repackaged legitimate apps, and fake security apps from rogue sites that often contain malware or ransomware.
• Update the operating system on your mobile device as soon as new versions become available (updates often include security patches).
• Update apps on your mobile devices as soon as new versions become available.
• Avoid clicking on ads on your devices (ad-blocking apps exist for Apple and Android).
• Turn off Bluetooth when you aren’t using it.
• Keep your mobile devices locked and password protected.
• Regularly back up your mobile devices.
• For Apple devices, enable location services and “Find My iPhone/iPad”; this will allow you to remotely wipe the device through Apple’s website, www.apple.com, if the device is lost or stolen.
WORK FORM HOME
• Remember that every router comes equipped with a factory-issued username and password. If possible, change the username and/or password.
• Put multilayered protection in place by changing your router’s name/SSID,11 default password, and wireless network password (network security key).
• Turn on encryption with a strong password (WPA2 is a strong home encryption; WEP is far less secure).
• Set up a primary network for you, and an additional/secondary network for guests.
• Stop your router from broadcasting your home network’s name/SSID.
• Make sure your router’s firewall is turned on.
• Keep your router’s firmware up-to-date.
• Use a network monitoring app to scan your network for unwanted users/devices.
• Turn off your home’s wireless network when it’s not in use.
• Disable “Push-to-Connect” or “WPS” as well as “UPnP” options from your home wireless router.
There are many security vulnerabilities around these options that can allow an intruder to connect to your home wireless network without authenticating.
Consider using a VPN
A Virtual Private Network (VPN) works by establishing a private connection between your device and the internet. A VPN is capable of making it more difficult for cyber criminals to track your activities and steal your data by encrypting your internet traffic. Make digital hygiene a priority Practicing good digital hygiene means that it becomes second nature – just like washing your hands and brushing your teeth. Online hygiene isn’t the kind of thing you need to do only once every so often, but rather something you need to think of regularly. By making these tips a part of your digital hygiene routine, you’re taking steps towards better managing your digital footprint – which can make it more difficult for cyber criminals to target you.
MALWARE & VIRUSES
• Install antivirus and anti-malware software on all your computers and mobile devices — and pay close attention to any warnings you might receive.
• Don’t click on unfamiliar links, and don’t visit unsavory or suspicious sites.
• Only install applications and updates from original manufacturer websites, avoiding rogue websites offering malicious apps, repackaged legitimate apps, and fake security apps that often contain malware or
ransomware.
• Be very wary of any unsolicited, suspicious emails, which are often used to deliver malware attacks (via links and/or attachments).
• Be very wary of emails that instill fear — such as a “lawsuit, unpaid traffic ticket, unpaid invoice, or the shutoff of services”— these emails are also aimed at getting you to click on links and/or attachments
which are often used to deliver malware attacks.
• Don’t ever click on links in pop-ups.
• Keep your security software, web browser, and operating systems all up-to-date.
• Make sure your firewall is always on.
• Turn all automatic updates on.
• Back up all your data frequently (in case you do suffer from a malware attack).
PATCH MANAGEMENT
• Keep the OS, antivirus, anti-malware, web browsers, and apps on your devices up to date. The best thing to get Remote Monitoring and Management services to ensure these updates are done on all of your devices in your network.
These are some of the Tips and tactics that will assist you with combatting the new wave of Cyber attacks. If you have any questions call us at 818-501-2281 or email us info@ceocomputers.com