Cybersecurity Do’s and Don’ts: Do It Yourself Tips to Protect Your Network in the Remote Ages
It’s no secret that your data is more exposed than ever before now that you’ve made the transition to a remote workforce. There are pages and pages of tips on how to protect your network with a remote workforce, but Iconic IT has weeded through them all to bring you the top do’s and don’ts of a secure network now, when you are most vulnerable.
1. Do: Protect Your Network by Limiting Administrative Privileges
When your users leave the office and set up from home, it’s more important than ever to limit administrative privileges to those who really need them.
By default, your employees’ devices are preset to recognize them as administrators. This is problematic when you consider that a successful malware attack relies on a user taking an action to allow the hacker access.
Administrators are the only ones who have the authority to allow changes to the device. When you limit the administrators to only a few people, you are limiting the possibility of a user inadvertently allowing malicious changes to their device.
Remember that anything a user does can be a subtle (or not so subtle) malware attempt:
- Opening an attachment in an email
- Being redirected to a phony website
- Downloading a file from a suspicious source
- Visiting a suspicious site
- Installing “toolbars” on the device
Whenever your computer is asked to install a program, the user is prompted with “do you want to allow this site/application/program to make changes to this computer?” Most users don’t think twice and hit “yes.” Limiting administrative privileges blocks your users from making these changes and potentially infecting devices.
Iconic IT pro-tip: Limit your administrative privileges to your IT department to keep your network protected.
2. Don’t: Be Fooled into Thinking your Small to Medium-Sized Business is Safe
You may think your small to medium-sized business is safe from cybersecurity threats, but the opposite is true. In 2019, it was reported that 43% of cyberattacks targeted small businesses, just like yours. Even more alarming, roughly 60% of these businesses must close after just one attack.
The reasons you may think your SMB is safe are the very reasons your business can be targeted:
- Lack of proper security platforms
- Lack of funds to take rigorous precautions against attack
- Smaller numbers of employees mean increased trust in attack vectors such as spoofed emails
- Complacent mind-set, “it won’t happen to me” because of the size of your organization
- No internal IT department
Iconic IT Pro-Tip: No matter the size of your business, pairing with an IT partner who understands the special threats small to medium-sized business face is your best protection.
3. Do: Make Sure Your Organization’s Software is Updated
A security patch is a program designed by the big tech firms to address a specific trending cyberthreat. These must be installed as soon as the prompts are received on your device; the time between when the threat is first discovered and when the patch is installed on a device is a target for hackers in what’s known as a “zero-day exploit.”
Your employees may continue to evade the security patch updates because they think they will be disruptive to the daily workflow (installing, restarting the computer, etc.).
Instruct employees to authorize the updates outside of normal hours (2am, for instance), or have your IT department handle the upgrades. Never allow any device with access to your network to run on outdated software.
Iconic IT Pro-Tip: There are multiple security patches available every week, and each one is vitally important to install.
4. Don’t: Reuse Passwords Across Multiple Applications
Just a little information can give a hacker the keys they need to open the door. Think of all the things you share on social media, like kids’ names, pets’ names, birthdates, favorite sports teams, and hobbies.
Now think of your favorite passwords. Chances are you use any combination of these topics for your passwords, with a few numbers thrown in for “added security.” To make things even worse, you probably use the same passwords across all sites, like email, banking sites, social media platforms, and website login pages. When it’s time to update those passwords, you may add another number on the end and call it “security.”
Now for the bad news: the most secure passwords are between 10 to 15 random letters and include special characters, and numbers. If that’s not bad enough, it should also incorporate random capital letters throughout.
So much for “Lovemydog123” or “GoSteelers” or the eyerolling favorite, “password.”
Your employees aren’t trying to be lazy by recycling passwords. Consider all the applications, sites, devices, and files they access; they could be signing into dozens of different logins each day. Each login has different password requirements, and it’s far easier to adjust a known password to meet the requirements than to remember randomized logins for every application.
Choose a password manager, like 1Password or LastPass, to help your employees streamline their password nightmares. A password manager generates passwords for each login page and remembers them all. Some password managers allow sharing of passwords between employees as needed for collaboration.
Iconic IT Pro-Tip: Using a password manager eliminates the vulnerabilities created by recycling old passwords.
5. Do: Backup Your Data Frequently on the Cloud
If the unthinkable happens and your network is breached, you need to have copies of your data stored somewhere it can be accessed quickly to minimize downtime and restore your network.
You can backup your files locally, but make sure they are stored separately from your main network.
A business continuity plan is a vital key for keeping your network protected. Your data needs to be copied and stored off site. A cloud storage solution is a great solution for backup disaster and recovery plans.
Iconic IT offers cloud solutions that will quickly restore your business’ files in the event of a natural disaster, such as fire, flooding or damaged hardware, as well as after a breach. Iconic IT tests the backups frequently to make sure they will be readily available when you need them.
Iconic IT Pro-Tip: Eliminate the worry of losing data with a cloud backup disaster and recovery solution.
6. Don’t: Take Any Approach Less than Zero-Trust
The best way to approach cybersecurity is through a “zero-trust” approach.
A zero-trust network assumes that every device and user is a potential threat to the network. The mindset of zero-trust is “never trust, always verify.”
Several layers of cybersecurity are used to deploy a zero-trust environment.
If you don’t routinely monitor your event logs and activity, you won’t be aware of a breach until it is too late. Monitoring for suspicious activity is one part of a zero-trust network.
Verify User Identity
How can you trust that the person logging into the network is who they say there are? Zero-trust networks use multi-factor authentication to verify identities, and then manage access to data based on the user’s “need to use.”
Starting at the bottom is a good approach to a zero-trust environment. When your users log in, they need a secure process to do so. This is where complex password creation and single sign-on policies come into play.
Zero-Trust Networks Are an Extension of Your Existing Cybersecurity Policies
Chances are, you will find that the zero-trust mindset is already in your cybersecurity policies. It’s a most effective approach, and even more powerful when you combine it with cloud computing solutions. Zero-trust means never accepting things as they seem, never allowing unverified users to access data, and never allowing unvalidated devices to connect to your network.
Zero-Trust Starts with Email Verification
Phishing attacks are the number one vector for cyberattacks, accounting for an estimated 93% of breaches. These attacks are becoming increasingly sophisticated, making it far easier for unsuspecting employees to accidentally launch malware. Your employees are the gatekeepers for your security, with a responsibility to protect your network from these attempts.
Phishing attacks are becoming increasingly sophisticated, making it far easier for unsuspecting employees to accidentally launch malware. It’s important that your teams understand basic email security practices.
The best way for employees to fight phishing attempts is to trust no one. Encourage them to ask important questions:
Is this email coming from a source that usually doesn’t communicate with me via email?
If an employee is accustomed to receiving trickle down messages through their supervisors, a request from the CEO may be suspect. Of course, the employee wants to act promptly to respond, but taking a step back to “consider the source” can save your network from infection.
Is This Email Requesting Information that the Sender Should Already Know?
Your Human Resources Department will not send your employees requests for personal information via email; they already have the information they need on file. Any email requesting personal details should be immediately viewed as suspicious, no matter who the sender claims to be.
Is the Email Requesting a Password Reset or a Clickable Response?
With website spoofing reaching all new levels of sophistication, hackers can create pages and logos that look identical to the original. Concerned employees will click links to follow instructions for resetting passwords or responding to “security concerns” without a second thought, believing the logo and site are genuine. Remind your employees that legitimate institutions will never send sensitive data requests via email and will never request “account verification” or “password resets” via a clickable link.
Does the Email Contain Grammatical Errors, Misspellings, or Generic “To” lines?
Everyone makes mistakes, and occasional errors in spelling and grammar are, by themselves, not entirely alarming. Awkward phrasing, blatant misspellings, and generic “To” lines, however, are glaring flags.
Avoiding the Traps
- Encourage employees to pick up the phone and call someone to verify the legitimacy of an email
- Never follow any clickable link to a website; use the browser and manually find the website
- Do not download any files from an unverified source
- Use a good antispam platform to limit the amount of phishing emails in you employee inboxes
Iconic IT Pro-Tip: Make sure your employees are aware of the dangers of trusting emails, even from “legitimate sources.”
7. Do: Use Two-Factor Authentication Protocol
One of the best security practices is to require employees to use two-factor authentication protocols to log in to all devices. The idea of two-factor authentication is simply to combine “something you know,” such as a password, with “something you have,” such as a separate device. This helps to protect your network by reducing the odds that a bad actor will have access to both elements of the login requirements.
Iconic IT Pro-Tip: Want to know more about two-factor authentication? Our guide will tell you everything you need to know about this easy to use, highly effective security precaution.
8. Don’t: Rely on Antivirus Software Alone to Protect Your Network
Four out of five small to medium-sized businesses admit that their antivirus platform failed to detect malicious attacks. This is proof that antivirus alone is simply not enough to protect your network.
Most antivirus platforms aren’t entirely up to the challenge of today’s evolving cyberthreats to begin with and trusting a boxed solution anti-virus software is risky. Protect your network with a combination of security strategies to ensure maximum efficiency.
Iconic IT Pro-Tip: Use a combination of software, firewall and other security solutions rather than relying on one solution alone to protect your network.
Protect Your Network with a Free Cybersecurity Audit from Iconic IT
Iconic IT doesn’t believe in skimping on coverage for our clients. Unlike most MSPs that offer bare-bones services, we have plans as vast as the national parks they are named after. To us, anything else is underserving. We give you have the guidance and supplies you need, like a park ranger helping you through the forests and mountains of your IT issues and needs.
Iconic IT provides small to medium-sized businesses with a free, no obligation network audit and complimentary dark web scan to ensure that there are no gaps in their security strategies. This audit also provides your business with a clear look at the state of your current IT, and provides you with strategies and solutions you can use right now to protect your network, assess your IT needs, and take the steps you need to keep your systems up and running smoothly.