What does it mean to have Good Cyber Hygiene? It means implementing the best practices and doing your due diligence to keep your data safe.
Video 1: Hackers
Video 2: Internal Threats
This is the final video in our Cyber Hygiene series, and it is the most important. It covers the 3 Key Areas to keep your organization’s data safe. Check it out below!
What You Can Do To Keep Your Organization Safe
One of the biggest risks to your organization’s cybersecurity is people.
95% of cyber-attacks are caused by human error. As you saw in the first video, one accidental click can end up taking down a whole organization. And in extreme cases that can cause the organization to go out of business.
So, what can we do about it? More specifically, what do we need you to do to keep your organization safe?
There are three key areas where your actions can have a huge impact. They are:
- Software updates
- Passwords
- Awareness of social engineering
1. Software updates
If you’re in the middle of doing something on your computer and a software update pop-up appears on your screen, it can be very annoying. The temptation is to hit “remind me later”. And it’s all too easy to keep on doing that because you’re busy.
However, avoiding software updates can give hackers a chance to be successful, which can have enormous repercussions for the organization.
If you think that sounds farfetched, consider this: 80% of companies that incurred a data breach could have prevented it if they’d installed key software updates when they were meant to.
Updates are essential. Sometimes they may feel like a nuisance, but they’re there to keep your computer and organization safe. So next time you’re tempted to snooze or delay an update, don’t. Save your work, run the updates, and find something else to do while you wait.
Or better still, get us to do the updates for you.
2. Passwords
People can be very careless when it comes to passwords.
Let’s say your password is ‘password1’. How long do you think it would take a password cracker to gain access to your account? Just 0.19 milliseconds. And that’s not even the most commonly used password! That would be ‘123456’, and the second most popular is ‘123456789’. They’re an absolute gift to hackers (learn more here).
Using pet names, children’s names, or birthdays is not much better. If you opt for ‘Fluffy1’, for example, it’ll take a bit longer to crack, but will still be easy to crack. These are not good options for passwords. Don’t use any personal information that links to you as a password.
Don’t ever give your password to anyone. That includes your IT support team. It can be tempting to jot down usernames and passwords on sticky notes and stick them to your monitor or inside your desk drawer. That’s making it too easy for anyone in your organization to access your account.
Make sure that you use a unique password for each account you have. If hackers get one password, the first thing they will do is try those credentials on all other sites.
What makes a good password?
Let’s look at the key components of a good password. They are:
- The longer your password, the better. Aim to use at least 16 characters
- A password should be random. You can create an easy to remember 16-character passphrase from a random collection of common words, for example: “yellowdogballoon”. Or use a random password generator
- A password should include additional complexity. Include upper- and lower-case letters, numbers, and special characters. The ideal password should contain at least three of these; for example: Yellow!DoG?BALLOON
Now you have a long, random password that includes upper-case and lower-case letters, and special characters. And even though it’s random, it’s memorable.
Additional ‘best practice’ steps
These additional steps may be outside of your control, but it’s important for you to be aware of them.
The first is multi-factor authentication, or MFA. This is where a system requires you to provide two or more pieces of evidence when logging into an account. You’re likely to have used this technology yourself; for example, when you’ve logged into your bank and been texted an access code, or had to generate it on a separate device.
The exciting thing about MFA is that it stops your password from being the sole gatekeeper to your account. A hacker needs the second piece of evidence – such as the code that’s been generated – to gain access.
The next very useful tool is a password manager. This is a secure platform that stores your passwords and even generates long random passwords for you. The benefit of this is that you’re only required to remember one master password; the password manager does the rest.
If your organization isn’t using these technologies but you feel they could help, speak to your line manager.
3. Awareness of social engineering
This is where hackers pretend to be someone in authority in an attempt to gain crucial information. This can be personal details, or even your password. They might email or telephone you, or even stop you in the street.
Here’s an example of social engineering from Jimmy Kimmel Live