Whether you are on your own as an entrepreneur, part of a large corporation, or just a frequent user of the internet, Cyber Security is a considerable concern for personal information. With the vastness of the internet at everyone’s fingers, it’s hard to feel safe while browsing around.
How do you have cyber security assurance? The best way to have Cyber Security assurance is by following these ten tips:
- Train your employees in Cyber Security.
- Keep Software Updated
- Protect Your Wi-Fi Network
- Limit Employee Access
- Delete Old Employee Users
- Create Backups of Important Information
- Do Not Download Freeware!
- Keep Your Business Device Only for Business
- Encrypt Your Mobile Device
- Learn How to Spot a Phishy Email
Be sure to read on to find out exactly how to achieve cyber security assurance using these ten tips! You can learn to protect the sensitive data and information on your network, whether it be personal or business.
What is Cyber Security Assurance?
According to Guide IT[1], cyber security assurance is the act of reviewing your current cyber security system for any weaknesses, common areas of hacker threats or vulnerabilities to address in the next update. These systems are those directly connected to the internet, whether over a wireless network or directly via ethernet cable.
The goal of cyber security assurance is to be sure that the data and systems within a singular network are protected.
This can mainly be done by testing the three common areas of security issues:
- Security Assessment – This is to help find any spaces or gaps in the already established security system that hackers can get into. Anything that your current firewall system cannot block falls into this category.
- Phishing Defence – These are the suspicious emails or links that can frequently be sent to employees’ work emails pretending to be you.
- Penetration Testing – This is where a hired third-party “hackers” try to break into your current system for fake data. This type of testing can help the cyber security team find areas that could be vulnerable under a real cyber-attack.
Information Assurance
It is commonly mistaken for cyber security assurance, but the two differ significantly. According to Techopedia[2], information assurance is the act of creating systems to protect the data and information within a network. It uses a five-pillar system to help ensure that a network is safe from viruses, phishing attacks, identity theft, and all the other threats that come with being online.
- Cyber Security Assurance is the act of finding a network’s weaknesses.
- Information Assurance is the act of creating a security system to protect a network from its weaknesses.
Tip #1: Train Your Employees in Cyber Security
From the Federal Communications Commission (FCC)[3], the first tip for cyber security assurance is to train your employees with a basic understanding of cyber security. Because they are the primary users of the network, they must understand how to protect their work information. The simplest, yet most useful, training measure is how to create a strong password.
The following three guidelines should be adhered to when creating passwords for a network:
- Combination of letters and numbers – Your password should always have a minimum of two numbers to ensure added security. You can also replace common letters with numbers (such as “3” for “E” or “1” for “i”). This will make it harder for someone to guess your password.
- Add special characters – These are the symbols on your keyboard (e.g., #, %, &). Adding these to all of your passwords will complicate it more and make it harder to guess.
- Create a new password each time – If you have multiple emails, websites, or anything that requires you to login with a different username, you should have a unique password for each account.
With so many passwords, another good habit to begin is to physically write down your passwords in a journal and keep it with you at all times. You don’t have to list the username, but you should make some mark of the website for ease of use.
Tip #2: Keep Software Updated
If you receive a notification from your applications or from the computer system you are using for an update, update your system! These are usually sent out regularly to help be proactive against an attack. However, sometimes an emergency update will be sent from their system having a recent cyber-attack.
When you do update your software, be sure to also check your malware and firewall for any manual updates you can do. Chances are when your computer needs an update, so does the firewall. It will also allow you to see if there are any upgrades you can get.
Tip #3: Protect Your Wi-Fi Network
First and foremost, you should set your Wi-Fi Network to “Hidden” (also known as “Service Set Identifier” or “SSID”).This setting will keep your Wi-Fi Network from being discoverable by anyone who walks by the building. It will also add some cyber security since the only people who would be able to find it is those who know the name of it.
Another great way to protect your Wi-Fi network is to set an access password. Your Wi-Fi should be password locked regardless if you have it hidden or not. This will add another layer of protection against rogue hackers.
You can create these barriers either through your Wi-Fi Network provider’s website or by going into your Wi-Fi Network settings and changing the internet band to “WPEG 2.” This should hide your Wi-Fi name from the discovery list and ask you to create a password. Only give out the Wi-Fi Network password to those you trust.
If you are going to provide employees with computers or laptops, it is a good idea to have their systems connected to the Wi-Fi Network already before you give them over. That way, you do not have to worry about the password being given to anyone you do not trust.
Tip #4: Limit Employee Access
If you do have employees working on the same system, especially if you provide the work computer, limit your employee’s ability to change any settings. This means you do not want them to have the ability to install new software on the computer. When it comes to cyber security, you want to have as much control over what is joining your network as possible.
Another limitation you should implement for work computers and laptops is data accessibility. You should have individual folders and files encrypted so that only specific, authorized users may access them. This will help ensure that only the necessary people within a department see that department’s files. There’s no reason for someone from Public Relations to have full access to patient information!
The easiest way to limit employee access and heighten cyber security is to create a user account for each employee.
Tip #5: Delete Old Employee Users
As soon as an employee has been terminated, you should remove and disable their user account. They should not have any access to their company email, databases, or any other IP addresses.
If you can, remove their entire user account from your system’s network. If even with administrative abilities you cannot do this, then simply restrict their account to the most basic level of access.
Tip #6: Create Backups of Important Information
From all of the computers within the system, you should regularly backup the system’s files and data to an offsite location.
The offsite location could include any of the following two:
- Separate data storage unit- This could be anything from an external hard drive for smaller businesses to an entire tower system for corporations.
- Electronic data storage – The most common version of this is the “Cloud” or any other virtual offsite backup.
The reason you want to create backups onto systems that are offsite from the computers within your network is in case there is a cyber attack. One offense option is to wipe the system clean. If this occurs, you want to be sure you have a backup of all of your essential files to reinstate onto the network.
When you are creating backups of valuable information, you should include the following six types of files:
- Word Processing Documents
- Electronic Spreadsheets
- Databases
- Financial Files
- Human Resources Files
- Accounts Receivable/Payable Files
Tip #7: Do Not Download Freeware!
According to CMIT Solutions[4], a great tip to help your cyber security assurance is to avoid downloading freeware as much as possible. This is especially true when it comes to finding anti-virus and anti-malware software. Many “free” anti-virus software comes with the cost of a hacker getting direct and full access to your system’s network.
Before downloading any software, free or not, be sure to do the following:
- Read the reviews of the software – Before you click to download anything, search for the software, followed by the word “Review” in a search engine. If it is legitimate software, there should be multiple articles giving a fair review of the product.
- Do not go off the reviews listed on the software’s website! These could be fake reviews created to give a false sense of security.
- Check the download link before clicking – If you hover your mouse over a link, in the bottom left corner of your computer screen will pop up the download link source. If the source does not match the software’s name, address, or seems phishy, do not download it!
- See if they sell physical copies – Anti-malware software used to be sold via CD-ROM. These physical copies are not as common as they once were, but most legitimate cyber security software is still available to purchase as a physical copy. If the software you are looking at does not provide it as an option, try looking elsewhere.
Never be afraid to invest in proper cyber security software! It is better to pay a little extra upfront for heightened cyber security, rather than pay more to try and recover from an attack.
Tip #8: Keep Your Business Device Only for Business
As tempting as it may be to use your fancy business phone for selfies, you should keep your business and personal devices separate. Because business devices (laptops, computers, tablets, cell phones, PDAs, etc.) usually carry more sensitive data and information on them, you should avoid using them for personal use.
This is especially true for social media accounts as most have a reasonably open algorithm that is used to track your internet and usage traffic to find your taste cluster. Although this can customize advertisements for you, it also means that hackers have an easier route to your sensitive information.
If you are using the Cloud as your primary source for business data backup, do not share it with your family or friends! Keep the two as separate as you possibly can. You might be taking the proper steps towards cyber security, but your cousin who shares the Cloud with you may not!
Tip #9: Encrypt Your Mobile Devices
Even though our devices go everywhere with us, it is essential to ensure that the data within them is protected against thieves. This means both physical thieves as well as cyber security attackers.
To help protect the data that is on your mobile device, be sure to do the following three steps:
- Put a password-protected login on your phone – When you turn your phone on, the first thing that should greet you is an access password. You can usually find this setting under the “Security” preference within your phone.
- If you are going to set a pin, try not to use standard pins such as 1234, 4321, or repeated numbers (e.g., 0000, 2222, etc.).
- Install security apps – If you have a smartphone, you can download security apps that will help encrypt the data on your phone. This can include a photo vault, which requires another password to access the photos, and too many wrong guesses will delete the photos within.
- Encrypt all the data – If you are using your mobile device to transfer data, it should be encrypted. You can encrypt data in several ways, including requiring a mutual password established with the intended receiver, third party apps, or through a secured Cloud.
Tip #10: Learn How to Spot a Phishy Email
The most common cyber security attack comes from phishing emails and links. To avoid becoming a victim of these types of attacks, it is essential to train your employees and self on how to spot them.
Below are the top three most common ways to tell if the email you received is a scam:
- You were not expecting the email – If you get an email from your “boss” or “co-worker” on a situation you were not expecting, it is most likely a scam.
- An easy way to check the legitimacy is to send a separate, direct email to your boss asking about the situation.
- The spelling and grammar are entirely wrong – The easiest way to spot a phishing email is the spelling. Did they spell your name wrong on multiple occasions? Is the company name spelled wrong? Is the grammar far less superior than it should be? Then, all signs are pointing towards a scam.
- The sender is not from a company email – Before you click anything, you should see who the sender is. If they are sending from a Gmail, Yahoo, or another standard email (nothing that would be company based such as “@business.com or @services.org), it is probably a scam.
- They send a link rather than a download – Most of these phishing emails will ask you to “Check out this PDF file!” but will only list a link rather than an actual file.
- Asking for information they should already have – If you receive an email from what seems to be a department head asking for personal information, it is probably a scam.
- For example, if “Human Resources” asks for your social security number or employee badge for “identification,” do not send it!
If you or your co-workers ever receive a phishing email, do not click on any links within the email!
Bonus Tip: Create a System for Dealing with Cyber Attacks
When it comes to cyber security assurance, cyber-attacks can range from getting a virus that wipes the whole system clean to merely receiving a phishing email or link. Either way, you should set up a policy for how to handle a cyber-attack.
The steps could include the following:
- Alert IT to the cyber-attack.
- Forward all messages regarding the cyber-attack to IT.
- Disable all Wi-Fi Network capabilities from that computer.
- Log out of all accounts.
- Clear your cache, cookies, and history.
In Conclusion
No matter how amazing a cyber security system you may have, there is always a serious chance of a cyber security attack. Being proactive with useful cyber security assurance and having an educated staff can help minimize security weaknesses.
References:
[1] https://www.guideit.com/solutions/cyber-security/cyber-assurance/
[2] https://www.techopedia.com/definition/5/information-assurance-ia
[3] https://www.fcc.gov/general/cybersecurity-small-business
[4] https://cmitsolutions.com/hartford/10-simple-cyber-security-tips-for-small-businesses/