Top Tips for Cybersecurity June 11 2019 Cyber threats come in all forms. Employing the tips below will help fortify your systems and protect your business from the embarrassment of a data breach. 1. Educate your end users Your employees are your biggest asset in the fight against cybercrime. For example: Train your employees to only open emails that look legitimate and are from recognizable sources. Sixty-six percent of malware was installed through malicious email attachments, according to the Verizon 2017 Data Breach Investigations Report that examined 42,000 incidents and 1,900 confirmed breaches. Quick tip: Hover over the URL in an email to see if the actual URL matches the link. Hackers often disguise malicious links as something inconspicuous like a UPS tracking link. 2. Know your software and ensure it’s updated Software companies continually improve their products through patches and updates. After the initial product is released companies like Microsoft continue to test and fix potential security issues and then release updates to the public. Staying up-to-date with patches and updates keeps hackers from exploiting these known issues. The worldwide “WannaCry” ransomware attack could have been avoided. The attack was effective because businesses and individuals didn’t install the security update or patch that Microsoft issued in months prior. Quick tip: Create a maintenance schedule or engage a Managed Services provider to ensure patches and updates are completed on-time. 3. Implement a password policy Every year the list of top most hacked passwords is released and every year “12345678”, “password”, and “password123” make the list. Even if your password isn’t in the top 10 listed, is it secure? Implement a policy that includes requirements for minimum characters (at least 14 characters is recommended), symbol, number, and password expiration timeline. Quick tip: Rather than using a “password” we recommend using a “passphrase” such as a music lyric or random sentence that includes capitalization and punctuation. This will also make it easier to remember. i.e. ItWasTheSummerof'69 4. Make a Disaster Recovery (DR) plan and test it If a cyber attack were to occur, your best defense is a having a reliable DR plan. A DR Plan will lay out the details of what to do when your system is compromised and how to restore your environment. The DR plan will need to be tested to ensure it’s up to date, effective, and that your employees know what to do. How often a DR test should be performed will depend on the level of risk the company is willing to take Quick tip: Keep both a physical and digital copy of the DR plan with your Incident Response plan in secure yet easily accessible off-site and on-site locations.