8 steps to improve your Cyber Security
How to maintain your personal and business digital safety.
- Do the boring stuff, really!
There are very good reasons software companies mercilessly push updates on you. They are necessary for system security.
Always update the software you are working on. The operating system of your computer/phone, web browser with its plugins, and antivirus software definitions all should be vigilantly updated.
2. You may already be compromised
Every day thousands of passwords and personal login credentials leak and can be found in the corners of Dark Web. While there is no fool-proof way, you can still look up if your own email and company data are/were leaked or for sale at some point in time.
For your personal information, you should periodically check on https://haveibeenpwned.com/, and for an in-depth search of your company domain vulnerabilities, go to https://www.immuniweb.com/radar.
Remember that a single, seemingly meaningless account can unspool your security — maybe your recovery email was leaked so that your main account is in danger? If you see your email and password combo leaked, immediately change the combination on the rest of your services.
3. Use Password Managers!
We know that it is another tool and that learning is hard. But trust us, this one is worth the time you put in. Programs like KeePass allow safe storage and generation of tough, unique passwords that can then be input with a single click.
This way you do not have to remember complicated strings of characters or have a system of passwords in your head. Strong passwords can still follow you through your devices.
4. Physical world is dangerous, too
You can’t unlink the cyber world from the physical one. Your actions in your office, at home, and in public can ultimately threaten your entire company. Sounds like a low risk? Well… better not test this hypothesis ever at all.
Block your computer whenever you leave it unattended. Never leave your phone unlocked as well! No idea who left this pendrive just laying around? Never ever put it into your computer. Does the ATM look off? Maybe your intuition is correct and a card skimmer was installed.
Basic awareness should be enough to avoid most threats, like someone gaining easy access to your computer or shoulder-surfing you for your PIN number in the banking app.
5. Remote work is usually less safe
Three letters — VPN. While many companies already implement them on a daily basis, some are just learning the ropes — and the workers have to adjust quickly.
There are free or low-cost options for every size of an organization, and VPNs are not burdensome or hard to use.
6. Shadow-IT
The concept of shadow-it is a much-underappreciated aspect of organizational security. If your company has just gone remote due to COVID lockdowns, there is a huge chance that dozens of employees access corporate networks from private machines with unauthorized and insecure software.
Most managers have little awareness of the scale of problems this raises. By some accounts, there are 15x as many pieces of software in large corporate networks than estimated by IT departments.
The solution is to use approved software as much as possible and to report your needs to the IT team before you go looking for another program yourself.
7. Sharing too much?
We are very careful with our kids not to share too much online. But many professionals have a tendency to reveal a lot on our social media feeds, which opens us up to social engineering attacks.
Such attacks are cleverly designed to manipulate our trust and behavior to gain access and information about our life or business we work in. A casual, but public exchange between two co-workers can be a valuable source of information for others.
Another example — many companies tend to include a precise list of software in job adverts, giving attackers a rare, quick insight into the tech stack.
8. Practice!
Companies run fire drills, drivers get certified before they can drive, airline pilots use simulators to get prepared.
Cyber security is a “low-incidence high-risk” area, where one slip up can derail the entire company and turn over your life.
Make sure your IT team gets enough runs on a cyber range and that non-technical staff gets educated periodically on what to watch for.
