Computer Security: Simple Steps to Protect Your Information
No doubt about it, cybercrime is big business. There are 1.5 million cyberattacks every year, costing businesses more than $400 billion.
According to IBM, the average business is attacked 46 times a day, and while the vast majority of these attacks don’t penetrate a corporation's defenses, an average of 1.7 per week are successful.
Hacking used to be the province of teenage pranksters, but today, most malware is created by gangs of professional hackers that make millions of dollars a day. It’s almost enough to make you shrug your shoulders and give up. After all, what can you do to stop sophisticated rings of cyber thieves?
Plenty, it turns out. Most attacks are not the complex type you read about in headlines, says Alex Stamos, chief security officer at Facebook. You can thwart most cyberthieves by following a few simple security measures.
And what better time to take ownership of the problem than Computer Security Day, Nov. 30? To honor it, we’ve compiled a checklist of steps you need to take to keep the bad guys out.
Passwords and two-factor authentication
You already know you need to create strong passwords with at least eight characters, including uppercase and lowercase letters, and at least one number and symbol. But are you doing it?
Even though password security remains one of the strongest defenses against attack, many people can’t be bothered to take it seriously. If you’re one of them, install a password generator like LastPass. Another tactic is to invent a sentence and use the first letter of each word in it (just be sure it contains a number and a symbol).
Don’t use anything you’ve shared on social media as password or login information, and never share your passwords with anyone. Create a unique password for each site. (Too much trouble? Get a password generator.)
It is also important to secure your mobile devices. Most offer a passcode option. Take advantage of it, especially if you have banking or other financial information on the device.
To check the strength of your passwords, you can use the free password checker in Microsoft's Safety and Security Center.
Increasingly, computers are coming equipped with biometric scanning devices to read fingerprints or scan eyes. Windows 10, for example, offers that ability for machines with the software and hardware to use it. But until passwords become a thing of the past, build yours into a strong wall.
To make it even more secure, add two-factor authentication to your site.
Antivirus software, updates and backups
It’s a fact of life: All programs have bugs, and some of them can be exploited to bypass security. Antivirus software is a must, but cyberthreats evolve quickly, and your protection won’t do you much good unless you keep it regularly updated to guard against the latest threats.
Important information should always be backed up, either to an on-site data center or a secure cloud.
HTTPS and encryption
Hyper Text Transfer Protocol Secure (HTTPS) is the secure version of HTTP, the protocol for connecting your browser to a website. HTTPS encrypts all communications between a website and your browser. It’s usually used for online shopping and banking sites, which also add a Secure Socket Layer (SSL) or Transport Layer Security (TLS), accompanied by a padlock icon.
Security experts recommend using HTTPS for your company’s site to keep your company’s data secure.
In addition to providing encryption, a website’s SSL/TLS certificate adds an additional level of trust to the site in the sense that it states the site has been validated by a third party as being the official site and not a fake site used to capture user names and passwords or worse credit card numbers and bank account information.
These days, encryption is becoming controversial as law enforcement and intelligence officials worry that it could impede crime and security investigations. But at least for now, it’s legal — and advisable.
Links and attachments
Most malware is transmitted through links and attachments in phishing attacks. Don’t fall for them.
“It is imperative to understand that you are the first line of defense in preventing malicious emails, Internet files, FTP sites, file-sharing services, etc., from infecting your computer, which ultimately can spread to all the computers at the office or home,” says Dennis Spalding, chief information security officer at Insight.
Phishers scrape logos and wording from well-known and trusted sites like banks and delivery services. How can you distinguish their hack attacks from legitimate messages?
Your first defense is common sense. Are you expecting that delivery from UPS, and does the email contain the right shipping number? Would your bank really ask you for your password? Answer: never — nor would any other legitimate business.
Next, hover your mouse over a link you’re unsure of. Does the hover text link to a real provider’s website, or is there a dot and another word in front of it (ex., ups.com versus returns.ups.com)? The dot and extra word should be a red flag.
If you have any doubts, visit the site yourself by typing its address in a separate browser rather than using the link.
For an attachment, ask yourself if you were expecting it from the sender. If not, it’s possible their email account was hacked. When in doubt, call them before opening the attachment.
Nothing you can do will keep your computer completely secure. But following these simple rules will go a long way toward keeping hackers and phishers out of your company’s data.
Keep up to date about new threats and what’s trending in security technology, and how they can impact your organization.