You Can Do This! – 11 Ways to Keep Your Organization Cyber-Safe

ComputerUserImage.png

Around the world, computers and smart devices have become a daily necessity.  Businesses, non-profits, governmental agencies, and educational institutions all rely on computers – from large server farms to mobile devices – in every industry.  At the same time, the dangers and complexity of malware keep growing. Small businesses and organizations can feel overwhelmed by threats that defy governments and large businesses, raising doubts about what smaller organizations and individuals can do to protect themselves. An alarming statistic from McAfee shows that sixty percent of small businesses tend to close after a cyber-attack/breach, which, shows the power black hat hackers/crackers have over our economy. But there are actions you can take to mitigate risks on an ongoing basis, and it is essential for all users to have a firm grasp on basic computer security practices.

Below are some tips on ways to help prevent malware from affecting your computer and mitigating the damage and loss if you are infected.

  1. Secure Software. One of the most important security practices is to use up-to-date modern software systems with their latest security patches. The software systems you need to update regularly include your operating systems, browsers, messengers, and security software.
  2. Complex Passwords. Creating and regularly changing a complex password for your most important accounts is imperative. Do not use passwords like “123456” since all simple passwords like this can be stored in a database that makes it easy to access your accounts. Using a simple, easily exploited password is like having an old rusty door knob with a broken lock! Use a combination of capital letters, lowercase letters, symbols, and numbers. The more complex, the more secure.
  3. Backup Files. Develop routine file backup practices. You should automatically backup your files to the cloud; however, since this practice can be vulnerable to encryption based malware called Ransomware, this should not be your only form of file backup. If possible, backup your files offline. If you have pictures, videos, and other important files, it is recommended to back them up to DVDs and file them away by date and type. Make sure you verify the data after the DVDs are created so you know everything is there and accessible.
  4. Top Security. It’s a good practice to install top of the line security software, which you can find at any local computer store. Your internet service provider or bank may also provide an internet security suit for you to use.
  5. Prevention Software. Use prevention type software that can help stop some malicious software from running/infecting your computer, especially Ransomware since it is becoming a huge problem for organizations. Ask major security software vendors if they have anything specifically for Ransomware as it is one of the latest and greatest threats and it is getting a lot harder to combat. Also, ask these vendors about software restriction policies on your operating systems that may help prevent some malware threats and how to add these policies to your operating system to make your computer safer.
  6. Web Site Advisor. Use a website advisor browser plugin/extension to let you to know if the site is good or bad. These plugins/extensions alert you if a specific website has security issues and give you the ability to choose a good course of action before entering the website. You can also report bad sites to these site advisors for future users. To add a browser plugin/extension look for your browser plugin/extension settings, if you are uncomfortable with installing plugins/extensions, then talk to the nearest computer expert.
  7. Ad Blocker. Use an ad blocker browser plugin/extension, found in your browser plugin/extension settings, that blocks obtrusive ads but allows unobtrusive ads. Many times malicious scripts can be embedded in an ad, which can compromise your computer’s security. This way of spreading malicious software is known as malvertising.
  8. Browser Settings. Set browser settings to tell sites to stop tracking with the “Do Not Track” setting. Also, have your browser clear out browser history and data on your browser’s exit.
  9. Attachment Threats. Be aware of email attachments! When in doubt, throw out/delete the email and its attachments (as well as website links). Many computer systems are infected this way. It is getting more common for attackers to use macros in attached Microsoft Word documents and vulnerabilities in attached PDF documents, so keep Microsoft Word and your PDF reader up-to-date.
  10. External Drives. Set your operating system settings so that your computer does not automatically run software on external drives, like thumb drives. Many times computers are infected from other computers that are infected. The malicious software automatically runs when you put the thumb drive in the computer. If you disable auto run in your operating system settings, then this type of attack will not work.
  11. Hardware Firewall. Finally, use a hardware firewall. Many computer routers have hardware firewalls built right into them. If this firewall is not on, then turn it on for the extra security. Keep your networking hardware up-to-date, since even hardware can have vulnerabilities in them.

These computer security practices may seem overwhelming at first, but once these become ingrained they serve as a very good start for the never ending battle against malware, and they may save your important data from being lost or damaged beyond repair. Even if you are a small organization or individual, you can do this, and more importantly, strong IT security awareness habits are now essential.

For more information on keeping your organization safe, the following computer security articles provide information on the latest threats and how to prevent them.

Security Tip (ST15-003)

Before You Connect a New Computer to the Internet

https://www.us-cert.gov/ncas/tips/ST15-003

Alert (TA16-091A)

Ransomware and Recent Variants

https://www.us-cert.gov/ncas/alerts/TA16-091A

Matthew Tyson