Last year I talked about the importance of backing up your data and a recent experience reminded me of how easy it can be to fall into the “she’ll be right” mindset when it comes to data protection and cyber security in general.
Cyber Security is an often overlooked part of many organisations IT setups, however it is one of the most important. So much of our personal and work life is stored on devices that a bad actor could easily gain control this information if proper steps are not taken to protect it.
1 – Back up your data
Do it regularly. Schedule your backups to happen automatically so you don’t have to remember to do them. Follow the 3-2-1 backup plan. Test your backups to make sure they work.
2 – Passwords
Every system that you use should have a different password. If someone finds out your password to one system, they now have it for every system you use. A password manager app can help with creating unique passwords and some can also initiate a password change from the app, rather than having to go to the website.
As a rule, your password should contain a mix of upper and lower case letters, numbers, and symbols. Avoid dictionary words, using consecutive or repeated numbers or letters, or “common” password combinations such as birthdays, names of children or pets, favourite colour, etc. These can all be discovered through phishing or social engineering techniques. Have you ever seen the Facebook posts asking you to combine your pets name, street name, etc to come up with another name? That is social engineering and is used to guess your password.
3 – Multi Factor Authentication
A password should only be the first step in gaining access to your accounts. Any system that you log into online should be protected by Multi-Factor Authentication (MFA) to ensure that you are the correct person accessing the account.
MFA has many forms including SMS message, emails, or authentication apps. If an internet-based system you are using does not have some form of MFA, contact the service provider to enquire about getting it activated.
4 – Anti-Virus / Anti-Malware & Firewalls
Every device you own that access the internet should have some form of virus or malware protection (yes, even your phone and tablet!). This type of software often comes with a firewall to prevent unwanted connections (both incoming and outgoing), however a dedicated firewall sitting between your devices and the internet is highly recommended.
5 – Updates
Keep your devices updated. Security exploits are found all the time and if you have old versions of software or other apps on your devices, they can be an attack vector to get control, download data or make your data inaccessible.
These don’t just apply to your devices, you also need to make sure that any internet facing system in use by your organisation is kept updated including email servers, web servers and web sites, VPN servers, or any other cloud-based system that your organisation uses.
Want to know how your organisation stacks up when it comes to Cyber Security? Get in touch and arrange a Cyber Security Audit and make sure your system is running as safe as possible.