To help raise awareness in support of Cybersecurity Awareness Month, Ivanti recently shared the following top cybersecurity tips and best practices.
“October is Cybersecurity Awareness month, and while following security best practices are important every month of the year, it’s a good time to remember that we should all take a collective role in organizational security and risk mitigation,” said Chris Goettl, Director of Product Management, Security, Ivanti. “As I always say, when it comes to cybersecurity, a healthy dose of paranoia goes a long way. To help IT educate their users, we’ve compiled a list of top tips everyone should follow to help mitigate exposure to vulnerabilities and threats.”
According to a guidebook recently published by the U.S. Department of Commerce’s National Institute of Standards and Technology (NIST), “…effective security must be enterprise-wide, involving everyone in fulfilling security responsibilities. Each member of the group, from the newest employee to the chief executive, holds the power to harm or help, to weaken or strengthen, the organization’s security posture.”
To support cybersecurity awareness, Ivanti offers the following tips which every employee should follow:
1. Always Use Password Best Practices. Every user should change passwords often and create unique passwords with 13 characters or more that use a combination of words, numbers, symbols and both upper and lower-case letters. Never use a network username as a password or easily guessed terms such as “password” and avoid simple combinations such as “1234.”
Tip: Try using an unusual passphrase or the first letter of each word of a song lyric or memorable quote mixed with a few numbers and symbols. It can help you remember long passwords.
2. Be Cautious When Using Public WiFi. When travelling or working at your local coffee house or even in a hotel room, always be aware that public WiFi can be easily compromised. Proceed on public WiFi as if someone is watching and don’t make purchases or login to sensitive accounts such as a bank account.
Tip: When working out of the office, immediately connect to your corporate VPN before connecting to email or opening your browser. Your VPN will add an extra layer of encrypted protection from prying eyes.
3. Regularly Update All Applications and Operating Systems. No endpoint device should go without regular patching and updates to the operating system and applications used. Be sure that all computers used to connect to the corporate network–both company-owned and personal–have the latest software installed.
Tip: Turn off or restart your computer regularly to allow updates to install and download new updates for your applications as soon as they become available.
4. Protect Your Money. Just like you wouldn’t leave your cash on the table in a crowded restaurant, you need to be careful where you use your debit and credit card information. If the information falls into the wrong hands, it can result in credit card fraud or identity theft.
Tip: Use a protected credit card when shopping online. If you use a debit card, be sure that your bank offers strong fraud protection policies and be aware that your account balance could be temporarily compromised until the bank policy kicks into action.
5. Don’t Click Until You’re Sure. Phishing is a cybersecurity attack that uses a deceptive email or website to steal personal data, such as your login or credit card information. It’s one of the most common ways cybercrime is committed and anyone can be a target.
Tip: Never click on a suspicious website pop-up or email link and don’t open an attachment from an unknown sender. Suspicious emails can often look very legitimate. Carefully check the domain name of the sender to see if it aligns with the company they say they are from. It’s also a good practice to hover your mouse over a website link before clicking to see the destination so you can double-check that the link is going where it says it goes. If you do click a phishing link, alert IT right away so they can contain the attack quickly before other systems are compromised.
6. Backup Your Data. To ensure that your company data is protected, be sure that it is part of the company-managed backup and recovery process. Without proper backups, your data could be lost for good in the event of a cyberattack.
Tip: Load your vital data onto corporate file shares or in company-sponsored cloud storage where it will be a part of the enterprise data protection process. Thus, if your data is part of a ransomware attack, the company can recover it.
| Editor’s picks: | ||
 A dozen cybersecurity tips for mobile device users
|
 How secure is your password? Are you sure? |
 Busting 7 common information security myths |