5 Steps to Better Cybersecurity
Chuck's Cyber Wall
With so many cyber threats to small businesses and individuals, Better Cybersecurity is something we all need to consider. The latest cyber attack statistics are frightening, yet many people remain in denial about becoming a victim. The thing is, because so many of these attacks are now automated, we are all targets.
Just look at the numbers.
In 2022, 46% of all data breaches involved small and medium-sized businesses, and more than 40% of small businesses, do not have a cybersecurity plan. In addition, around 80% of these businesses do not have the financial preparation to recover from a cyber attack. Just to throw one more stat out there, 93% of all healthcare organizations reported at least one security breach in the last three years.
These statistics don’t get better for individuals. Phishing scams account for over 80% of attacks, and Google has identified more than 2.5 million phishing sites. Not only does this expose us all to credential theft, but it has led to 1 in 4 Americans becoming victims of Ransomware. On top of this, more than 60% of cybercrime victims unwittingly expose friends and family to their attackers.
But we are not helpless in the face of these attacks. Here are 5 Steps to Better IT Security.
1. Strong Passwords and MFA
First, everything you knew about passwords in the past is wrong. An 8-character password mixed with numbers, symbols, lowercase, and uppercase letters takes approximately 17 hours to crack. By contrast, a 12-character phrase of mixed upper case and lower case letters will take 600 years to crack – add a number, and the time increases to 6,000 years.
Everyone should be using a Strong Password. That means a minimum of a 12-character passphrase for general accounts and 16 character passphrase for accounts with sensitive information. A personal passphrase is much easier to remember than a complex password and
more secure. For example:
my2doggiesareAwesome – 20 characters, uppercase, lowercase, and a number, this passphrase will take 374 trillion years to crack.
And the best part, the NIST cybersecurity rules say you don’t need to change that password unless it’s breached.
This takes us to the second point – MFA (MultiFactor Authentication). With all those phishing scams and other credential-stealing attacks out there, this is a fail-safe for your passwords. MFA prompts you for a second method of authentication, typically a code generated by an authenticator app or sent to a mobile phone or email.
This step alone will significantly increase your personal and business security, but there’s more.
2. Antivirus and Ransomware Detection Tools
When you click on something you shouldn’t, and it can happen to any of us, having these tools makes all the difference. Cybercriminals are getting better at crafting attacks. They use automated tools to reach more people and find new and inventive ways to trick us into downloading malicious software and clicking on links.
Antivirus and Ransomware Detection tools can help stop the attack before it starts, but you must do your part. That means keeping the programs updated and not using admin accounts to surf the net. Whether at home or work, never use an admin account as your primary account. If you click on a malicious link with an admin account, it’s like opening the door and letting the criminal inside.
If you don’t have a good antivirus and Ransomware Detection program or need help with user rights, contact us for a free quote.
3. Update Update Update
This cannot be stressed enough. Cybercriminals can exploit vulnerabilities in software to inject malicious code without you doing anything. These are called Zero-Day, Zero-Click vulnerabilities. They happen to Apple products, Microsoft products, Google products, games, business apps, financial apps – the list goes on and on. Last year, Google Chrome had 16 zero-day, zero-click vulnerabilities.
The only way to fix these vulnerabilities is to perform security updates. These days, problematic updates are rare – you put yourself at far greater risk of problems by delaying. Updates apply to computers, laptops, tablets, mobile phones, routers, modems, printers, TVs, security systems – if it is hardware connected to the internet, there are most likely security updates for it.
We offer affordable business maintenance contracts to help and never require a long-term commitment.
4. Consistent and Reliable Backups
Your data, whether personal or business, is irreplaceable. It is difficult to explain the loss of this year’s invoices to a small business owner and downright heartbreaking to tell someone that all those pictures of their children and grandchildren are gone. And with so many storage options available these days, there’s no reason for it.
We always recommend the 3-2-1 approach to data backups—three copies of the data on at least two data storage types, with one taken offsite. One of the tenants on which Darren built Clark Computer Services is that a good backup is the key to getting back to business after a disaster.
We offer a variety of backup options to fit every need.
5. Cyber Awareness
Staying informed about cyber threats will give you and your employees or family an advantage against cybercriminals. Most cyber scams rely on people being too lazy, unaware, or busy to pay attention. Internal errors and data loss often results from people not understanding or caring about their IT security obligations.
Technological solutions are not yet at a point where they can protect us from every type of cyber threat. As a result, automated attacks are out there looking for you, whether at home, work, or surfing the internet from a coffee shop. Training courses, newsletters, and general discussions about current cyber threats will help everyone to spot the scams.
It only takes one employee or one member of a household to click on the wrong thing for you to potentially lose everything.
Whether or not you have a cybersecurity plan, these five steps will help to protect you. And if you want help implementing these steps, assessing your risks, or coming up with a plan, we offer various services to help. Contact us at 301-456-6931 or send an email to [email protected] for a free quote.
Director of Cybersecurity and Marketing
I’ve always had a love of working with technology, being fortunate enough to have grown up with a grandfather who taught me how to fix things for myself and not be afraid to jump in and get my hands dirty. Over the last three decades, I’ve worked as a technician, trainer, technical writer, and manager in small businesses, enterprise organizations, and government. In addition, I’m an author, having published multiple works available online and in print. You can find my creative work at https://WritingDistracted.com