If you’re new to cybersecurity, it can quickly become overwhelming. In today’s world, there are countless threat actors scheming up creative ways to outsmart our rapidly aging technology, and it sometimes seems impossible to keep up. But like with most competitions, the best way to win at cybersecurity is to stay on top of digital best practices and know the rules of the game. Here are some tips for cybersecurity to get started with.
Our top 5 tips for cybersecurity beginners
1. Know the types of cyber threats
As technology has advanced, cybersecurity threats have become more sophisticated. Today’s attackers also have a lot more data to tap into. Think of all the places that your personal data is stored online: apps, email, e-commerce sites, social media, etc. As an organization, you have the responsibility to protect not only your proprietary data and assets but the data of all of your customers, too. All of this information requires multiple layers of security to keep it safe, which comes in many forms, each with their own vulnerabilities.
Here are a few of the main types of cyber threats to be aware of:
- Malware: Any type of malicious software that is implanted into your network via a file or program and can be used to harm you. Malware takes on a variety of shapes, including computer viruses (malicious software that is loaded onto a user’s computer without their knowledge and replicates in their systems), worms (malware that spreads copies of itself between computers), Trojan horses (malware that is disguised as a legitimate software) and spyware (software that gathers information about the user).
- Ransomware: A file encryption software program that locks a user’s data or network and demands a ransom in order for the user to regain access to it. In an incident in July 2020, Garmin technology was targeted by ransomware that rendered all of Garmin’s user functions useless until the company paid a reported $10 million ransom.
- Social engineering: This cyber threat uses social networks to trick users into breaking security procedures, leaving sensitive information vulnerable.
- Phishing: This includes spam emails that are disguised as coming from a legitimate source. Sometimes, these include a folder or downloadable item containing malware.
- Cryptojacking: A new form of threat, this is the action of injecting mining codes into currency systems to mine virtual currency like Bitcoin, Ethereum, Monero or Litecoin.
2. Practice the principle of least privilege
The old “need to know” rule forms the backbone of the principle of least privilege. This principle asserts that a subject (including both humans and computer systems) should only be given privileges and permissions that are needed for them to do their job.
For example, a mail server may be allowed to receive mail from the internet and spool that mail into a directory, which is picked up by a local server. Once the mail server has finished copying over the mail into the directory, it no longer has access to the mail files. Similarly, the local server cannot access mail files before they are spooled into the directory. These systems are practicing least privilege as they can only access and act on the information that is given to them.
Practicing least privilege can strengthen your organization’s cybersecurity because it limits the number of gatekeepers to sensitive information and reduces the likelihood of malware spreading from system to system.
3. Maintain good data hygiene
Just like you regularly clean (or should clean) your car or office, you should also keep your data clean. Data hygiene is a broad term that involves several key best practices, including:
- Monitoring firewalls and routers to make sure that they’re installed and deployed properly
- Keeping authorized and unauthorized user lists up to date
- Practicing the least privilege principle
- Regularly updating all operating systems, applications and other network systems
- Checking to ensure that all anti-malware protection software is functioning properly
- Segmenting computer networks with secure routers and active firewalls between segments
- Backing up sensitive information
4. Manage your passwords
Passwords are the holy grail for cyber attackers, so you should guard them as such. One of the most important — and most simple — things you can do to protect yourself and your workplace from cyber threats is to maintain good password practices.
- Change it up: Never use the same username and login for multiple sites. That way, if one site does get compromised, the others will remain secure.
- Use long phrases, not single words: A simple phrase such as “bartatecookiemonster” is easy to remember, but hard for hackers to guess. To strengthen it further, you can add capitalization, numbers and special characters, like “Bart!atecookie7monster.”
- Don’t get personal: Avoid making a password with easy-to-find personal facts such as your birthday, dog’s name or alma mater; hackers will target personal details first.
- Use multi-factor authentication (MFA): This adds another layer of protection on top of your password. You might be asked a personal question, or be asked to enter a code that is from your phone to validate that you’re the user you say you are.
- Get a password manager: If you’re prone to forgetting passwords or are prone to slacking on your password security, you might consider a third-party password management solution that generates strong passwords and saves all of your passwords securely for you.
5. Social media
Whether you’re an individual or an organization, it’s critical that you follow social media best practices to protect your accounts and information from getting in the wrong hands. It’s easy to fall into the trap of believing that whatever you share on social media will only be seen by the people you are connected to, but that small circle can widen quickly without your knowledge.
- Develop an official social media policy: By laying out rules for your employees for how and when to engage on social media, companies can ensure that their brands are being represented in a professional and unified manner.
- Update social media account passwords frequently: The easiest way to prevent hackers from getting their hands on your accounts is to update your passwords at least monthly.
- Prune your network: It’s best to block or remove any followers that seem questionable (i.e., accounts that are excessively negative or controversial accounts or seem spammy).
- Set up your privacy preferences: While corporate accounts are often public to attract awareness and new customers, individuals may choose to set their accounts on “private,” which allows them to accept or reject any new followers or messages.
- Never post personal information: Avoid sharing exact locations, email addresses, phone numbers or the names of employees or clients without their permission. Also, be sure to not mention any company holidays, as these are prime times for threat actors to infiltrate.
- Have a dedicated social media manager: It’s imperative for companies to designate someone to be responsible for monitoring all branded social media accounts. This way, logins and passwords can be kept in the hands of one person, rather than spread among many people. The social media manager should review, approve and publish every post for the accounts to ensure that the post is accurate and follows brand guidelines.
Get Secure with Deepwatch
Want to increase your cybersecurity posture? At Deepwatch, we bring game-changing managed detection, leading-edge products and relentless service to curb your risk and defend your brand. Let us help set up your cybersecurity infrastructure. Contact us today.