3 Cybersecurity Best Practices
Chuck's Cyber Wall
Cybersecurity is a trendy topic these days, and following best practices is essential not only for small businesses but also for home users.
But which Best Practices should you be following?
Before we get to that, there are a couple of things we need to sort out. First, the field of cybersecurity is quickly growing because the number of cyberattacks are increasing daily, and breaches can be extremely costly. Last year we saw corporate cyberattack complaints as high as 4,000 each day, a 400% increase from the previous year. With these attacks having the potential to cripple businesses, not protecting against them can cause many, but especially small businesses, to fail.
Secondly, because cyber criminals employ bots – an automated means of conducting cyberattacks – everyone who uses a device connected to the internet is a target. Every piece of your information has value to these cybercriminals, from email addresses to credentials to financial information. Some want to collect and sell this information, while others intend to use it for financial and identity fraud.
In addition to following these best practices to keep employers from potentially going out of business, doing so also serves personal self-interests. That being said, you don’t need to be in the field of cybersecurity to be secure and follow these best practices.
With that in mind, here are 3 Cybersecurity Best Practices.
ADMIN RIGHTS ON USER ACCOUNTS
Admin rights on a user account is one of the most significant issues we still see both in small businesses and for home users. Every computer user should have only user rights, with a separate admin account used only when needed to manage software or add components.
Because admin accounts have full rights to the computer, accidentally clicking on malware gives it full access to your computer. On top of this, admin accounts can bypass antivirus and other security measures, making code insertion and other efforts to take control of the computer far more likely to succeed.
The primary reason people want to use admin accounts is for convenience, but it’s not worth risking your security. Besides, current computer operating systems prompt user accounts to enter the admin password when attempting everyday tasks such as software installs. So there simply is no good reason to use an admin account as a user account, in business or at home.
USE MULTI-FACTOR AUTHENTICATION
Even strong passwords are not enough. With cybercriminals continuously attacking individuals and organizations seeking personal data, passwords are among the most valued commodities on the dark web. Millions of breached passwords are bought and sold every day. It is such a big problem that Have I Been Pwned – a website that allows you to check if your email address has been involved in a data breach – is now offering spinoff sites called Pwned Passwords that specifically determines if a password you’re using has been involved in a data breach.
By requiring a second form of identification to accompany your strong password, MFA helps keep you secure even if your password has been breached.
To put this in perspective, a study conducted on recent ransomware attacks shows that rather than doing the work to breach a network, cybercriminals are purchasing breached passwords on the dark web. Using breached accounts, they then steal data and install malware. Accounts with MFA active are significantly better protected, reducing the chances of being breached by 99%.
EMBRACE ZERO TRUST
This relatively new concept is a mindset of not trusting people or technology to be secure enough on their own. It includes everything from changing default user names and passwords on devices to establishing a secure guest network for visitors, installing antivirus, and checking for security updates.
One of the vulnerabilities that get exploited the most by cybercriminals is awareness. Phishing emails are one example of this, but they also include cybercriminals using default credentials to take over camera systems and taking advantage of old, pirated, or custom software. Therefore, never trust that the devices you purchase are secure enough, be skeptical of any email, text message, or phone call that seems threatening or manufactures a sense of urgency, and question anything that seems too good to be true.
In essence, Zero Trust means that we will not trust our security to anyone else.
Whether we are talking about work or home environments, cybersecurity is a consideration we can no longer leave to someone else. Everyone using a device to connect to the internet must be aware of the risks in this new threat landscape. Failure to do could put yourself, your friends, and your family at risk.
Director of Cybersecurity and Marketing
I’ve always had a love of working with technology, being fortunate enough to have grown up with a grandfather who taught me how to fix things for myself and not be afraid to jump in and get my hands dirty. Over the last three decades, I’ve worked as a technician, trainer, technical writer, and manager in small businesses, enterprise organizations, and government. In addition, I’m an author, having published multiple works available online and in print. You can find my creative work at https://WritingDistracted.com