Cyber Security & Data Privacy

How's your cyber hygiene?

It seems like every other day, news comes out that another company has fallen victim to data breaches and large-scale cyber crimes. While it may seem impossible to safeguard yourself or your organization from being affected, there are several things you can do to reduce your risks.

Lock that sh*! up!

Most of us already know we need to take more care of our cyber hygiene, whether at home or at work. But even those of us who definitely know better can probably use a gentle nudge to do a little more.

You wouldn't believe the number of default passwords that have never been changed, employees that have unrestricted access, non-operating firewalls, and other risky behaviors from IT professionals that we encounter.

Cross between a square castle and three padlocks

So, we've put together some information and gentle reminders for things you can be doing to improve your cyber hygiene. But we have to make a little disclaimer here — we are not cybersecurity experts. We have, however, witnessed the aftermath of procrastination and lax security measures. We want to help our clients find solutions and achieve success in their IT matters. The information and advice here are meant to raise awareness and help get you started — not to replace a comprehensive cybersecurity plan.

Who Wants What Kind Of Information

Many times, it's not a lack of knowledge but rather the attitude that the company or individual feels like they are not large or important enough to be a target. While that might be true of the groups that are targeting the big guys like AT&T or Apple, it's certainly not the case all the time. It's like a parking lot full of cars - leaving your car unlocked will significantly increase your risk of theft, even if it's not the fanciest or most expensive model out there.

Car thief checking to see if car door is unlocked

Hackers are often looking for the path of least resistance, and crimes of opportunity are some of the most common. Many cybercriminals are aware that smaller companies probably don’t have as much $$ invested in cybersecurity practices and resources, making them an appealing target.

Eliminate a chunk of the risk by not being a low-hanging fruit and locking your metaphorical door.

There are different types of information hackers might be looking to acquire. If information is the new gold, then internal databases storing names, addresses, phone numbers, and other personal information are like gold mines just waiting to be exploited. Hackers looking for this kind of information are seeking out vulnerabilities in the network so they can gain access to the internal system.

Hackers may also try a more targeted approach. Emails, viruses, key loggers, etc., are used to gather particular information (such as usernames and passwords) that could be used on the individual (to access bank accounts, for instance) or to access the larger network using the individual's login credentials. Any files or parts of the network accessible through that particular login will then be vulnerable. If you are a high-risk target (for instance, more access to sensitive information), you may need to take extra precautions (ex., Lockdown mode on Apple products).

Hardware & Network Security

Secure Your Equipment

An obvious (though often overlooked) element of hardware security is the physical device itself. While it might be relatively rare to have nefarious actors attempting to steal or harm your equipment, it can and does happen, so keep your hardware secure.

That's one of the benefits of paying for space in a data center that already has these measures in place.

Electronic lock on steel door

All too often, we see servers set up in the break room or janitor's closet, with free and easy access by anyone. A lack of space or budget constraints might be possible reasons for not securing your equipment, but we can't stress enough the importance of thoughtful and intentional equipment placement. Beyond deliberate harm, accidents can also cause problems. Any number of issues could crop up: a ceiling drip, spilled soda, too much sun/heat & lack of airflow, an employee who likes to "tinker" beyond their skill set — any one of these could cause catastrophic problems.

Formidable Firewalls

Firewall graphics - computer, with knight in front of it and brick wall with fire on top of it in front of him. Bugs are approaching the wall.

Hardware firewalls are kind of a given these days, and usually, they are already built into your networking device. However, it's still important to pay attention to the firewall functionality and make sure it is working properly.

Like other aspects of hardware, it's all too easy to take the firewall for granted until a problem crops up. But just like we talk about in other aspects of the data center, a little bit of attention on the front end can save all kinds of headaches later! 

Regulate Access

Because access in some form or other is what most hackers are looking to get, it's one of the most essential areas to have buttoned up. It can make all the difference if the Network Admin has their sh*! together. Establishing very particular network settings can help prevent even sloppy users with poor internet hygiene (you know the, "I click on everything" sort) from causing vulnerabilities or from being a potential threat to the larger system. A few other things you can do:

  • Update access with new employees/employees who have moved on.
  • Keep usernames/accounts up to date.
  • Look into cloud-based solutions — This can be especially helpful if you are part of a smaller company that lacks the resources or staff to manage networking cybersecurity properly.
  • Set up remote workers correctly & carefully — The last thing you need is external vulnerabilities infiltrating your network. If we continue with our locked car analogy — you can give appropriate keys to employees who need access, but without the key, you can't get into the car.

Tip:

Don't Do Nothing. Even if you can’t afford hardware security, look to a software-based solution. Software-based solutions can perform the action of hardware, though it’s a little less robust, it’s better than nothing

End User Cyber Hygiene Policies

Whether you are the end-user or you are trying to set up policies for users in your organization, two of the most common areas of vulnerability are in password management and email behavior. Most of us already know what we should be doing; it's just a matter of using individual good judgment (or creating policies people can't avoid), which may seem easier said than done.

Email

If we go back for a minute to our car analogy — getting an email is like someone asking for a ride. You wouldn't open your door to just anyone without having some idea of who they are, where they are going, and what they want from you. The same should hold true for email.

If it is your responsibility to safeguard a system with other users, we feel your pain!  Beyond creating policies that help with organizational cyber hygiene, sometimes the trickiest part is the user buy-in and the willingness to actually abide by the policies.

Hitchhiker on side of road with his thumb out

Links & Attachments

You'd think most of us would be on high alert when it comes to links and attachments in emails, but alas, many are far too trusting and get click-happy. Being suspicious of ALL email attachments and links is not a bad starting place. If something doesn't seem right, it's probably not, so trust your gut.

Many malicious emails have become sneakier, pretending to be reputable companies with which you likely have accounts (like the ever-present and oh-so-annoying pretend Amazon emails).

  • Check that the domain names match (the email address will be slightly off)
  • Don't log in to your account through the link in an email. Open a browser window or use the app on your phone to check on your account.
  • When in doubt, email the person (start a new message, don't reply!) to double-check that the attachment or link is legit.
  • Turn off auto open of attachments (and make sure other users in the system also have that function turned off.)

 

All of these tips go for spam texts as well!

Passwords

Passwords are like keys. Being flippant and irresponsible with your car keys or house keys could lead to your car being stolen or your house being robbed. Leaving insecure passwords lying around is quite the temptation to the hacker.

Lost keys on a rock

We've all been guilty of some password mismanagement a time or two, but it's worth repeating a million times over — don't be lazy about your passwords! I know it can seem like a pain to have unique, strong passwords properly managed, but not nearly as much of a pain as dealing with a security threat or identity theft!

We'll keep it brief with just some simple do's and don'ts:

Don’t:

  • Using the same password across different accounts — access to one account means access to all. Yikes.
  • Choosing easy-to-guess/not secure passwords — in case you were wondering, "password" is not a good password
  • Sharing passwords — Let's all say no to a shared unencrypted document of passwords labeled "passwords."

Do:

  • Use 2-factor authentication — a text message code, or email will mean it's just that much more difficult for a hacker to access your account.
  • Choose unique but memorable passwords — try combining something you know, with something you have. Ex.
  • Use a password manager or write down your passwords. Password books can't be hacked, but they can be lost or taken from your desk, so keep that secure also.
  • Change the Admin login on your WiFi/networking
  • Change all default passwords.

Even if you don't think you are a target or have a huge budget to implement complicated protocols, it's still wise to make a plan and do what you can with what you have. Don't be low-hanging fruit and easy pickings. The perspective, "I’m not a target, so I don’t need to think about cyber security," puts you at a much higher risk.

You probably already know better, so be better — easier said than done, of course. But whether in your personal life or at work, being the person who cares means acting accordingly — not in panic and paranoia but with awareness and knowledge. Take a balanced perspective with appropriate preventative measures but with an understanding that breaches do happen even if you've done everything "right."

The world of cyber security is constantly evolving, with new scams, phishing attacks, and breaches happening constantly. Keeping your knowledge current is crucial — everything from best practices in networking and operating systems to vulnerabilities and recent breaches can help your security plan stay agile and secure.

As the saying goes, "the shoemaker's children have no shoes" — so too, it often happens with those of us that work in the IT industry that we neglect our personal cyber hygiene even if we are diligent about it at work.

There are plenty of resources out there to find out whether your information has been part of any recent data breaches. We've used this website, Have I been pwned?, for a quick snapshot of email addresses that have been part of data breaches. And yes, we've all had email addresses pwned at some point, so you're not alone if you have, too. (In case you didn't know, "pwned" is gamer speak for getting owned or completely dominated by an opponent.)

Don't panic. It happens all the time, and if you tried out the resource at the link above, there's a good chance you have been pwned (had information that was part of a data breach) at some point, too. Here's a few quick tips on what to do next:

Cat peeking out of the top of a box
  • Change the passwords immediately on any accounts that have been comprised
  • Know what kind of business and/or information has been breached (were credit card numbers, bank accounts, or other sensitive info part of the breach?)
  • Monitor your credit and any accounts that might have been affected.
  • Adopt 2-factor authentication whenever possible.

If your company has had a data breach and you are feeling a bit over your head on how to deal with it, don't be afraid to get help! There are countless companies that specialize in cyber security and can help you. While cyber security might not be our specialty, we always encourage our clients to get the help they need for the healthiest possible data center environment. It's in our best interest, too!

Get Started Now

We want you to consider us an extension of your team, a trusted resource and advisor. Call us today at 855-304-4600 to find out more.

Suggested Content

slide2
slide3

Office Hero

Anime of Angie with scrolls
Kyle - anime version
Bill - anime version
Omari - anime version

Author Note:

By Angie Stephens with contributions from experts at M Global.

M Global Services Offerings

Third Party maintenance support is what we do. We live and breathe hardware support. But we can offer a few other additional services if you need them.