Defend What You Have
Learning Objectives
After completing this unit, you’ll be able to:
- Implement basic defenses to protect your systems, devices, and applications.
- Locate resources to provide cyber hygiene expertise and tools.
- Identify regular protocol and processes needed to best protect your business.
- Explain the impact and dangers of malware, ransomware, and other cyber threats.
Simple Defenses Can Be the Best
Spyware, malware, ransomware—they all sound scary, and protecting yourself from these persistent threats can seem daunting. Fortunately, there are some basic steps that can make a significant impact on your organization’s cybersecurity. These steps include patching and securing your website.
Patching
When your favorite pair of pants needs mending, you patch them. The patch strengthens and reinforces the fabric to prevent future damage. Similarly, all organizations must ensure that every system that carries data follows a rigorous patching strategy.
When the systems were first installed, it’s likely that they were up to date. However, technology evolves quickly and versions of systems and applications change frequently. These changes often occur so systems work more efficiently and securely with other systems and applications. With this comes the need for regular updates.
Hardware and software developers continually monitor new and evolving threats, and then issue updates to protect systems and applications from them. Watch for these updates and implement them as soon as they are issued. This provides built-in security to protect your systems, applications, and devices, making it more difficult for hackers to infiltrate. Every out-of-date system or program poses a security risk.
Tip: You can set these updates/patches to occur automatically. This simplifies the process of having to keep track of new updates for a system or application. This ensures that it gets done at the time when it offers the most protection. Who can’t get on board with that?
When you think of patching, don’t forget about your legacy systems. No one means to ignore them, but in the hectic nature of today’s business world, it’s not uncommon for organizations to fail to resolve issues and bugs within older systems. They helped you get where you are. Keep them protected.
Check out our resources section for tools that will help you update your systems and run scans to identify any vulnerabilities before hackers and cyber criminals do.
Your Website: The Front Door to Your Business
It’s easy to set up your website and just forget about it. But like other systems, your website’s security settings must be updated and monitored. Unsecured websites allow hackers to gain access to your information. While rummaging through your website, they can identify weaknesses and compromise your website by stealing data. This can do irreparable damage to your reputation. Use the tools listed in the Secure Your Websites section available on the Global Cyber Alliance’s Update Your Defenses toolbox for small businesses to identify and locate weaknesses and vulnerabilities on your website.
Security by Design
Security by design means that security is part of the entire development process. It’s in the very foundation of your business strategy and company culture. Security by design usually applies to software development, but security should be part of all business models, every launch, and every customer relationship. Is it part of your operating strategy? As you release a new product or service, have you confirmed that it is updated and secure? Be sure to resolve all high-risk vulnerabilities before releasing a new application or system.
A simple rule is to make security part of every plan and every initiative. Combine that with a strong commitment to patching and you are on the road to good cyber health.
Strong Password Habits and Multi-Factor Authentication
Weak passwords are the enemies of cyber hygiene and make it easier for hackers to gain access to your systems. Strong passwords and multifactor authentication (MFA) are effective ways to protect your organization.
Weak passwords and password reuse are the leading causes of data breaches. Fortunately, the Fast Identity Online (FIDO) Alliance and the World Wide Web Consortium (W3C) have created an open standard that enables the replacement of weak password authentication. It’s a great resource to ensure that everyone in your organization creates and maintains strong passwords.
Check out the resources available in the Global Cyber Alliance’s Beyond Simple Passwords toolbox for more information and resources.
MFA is another effective way companies protect themselves and their customers. It’s offered for free on many sites. Once you log in with your password (hopefully, a strong one), another piece of authentication is required, often a PIN or prompt sent via message or to an authenticator app on your phone. To access information, like your accounts or customer data, you need both sources of authentication. Even if a hacker guesses your password, they can’t get anywhere without the second source. That’s the beauty of MFA: a double layer of protection. It’s easy to install MFA on your website and systems. Check out our resources section for more information. Once you’ve set up MFA, you can even receive alerts every time there is a fraudulent attempt to access your system.
Play the Game of Password
So, what makes a password strong?
There are simple rules we all should follow (both personally and professionally) for password setup.
- Make your password complex but easy to remember. Consider using a passphrase that isn’t easy to guess.
- Create a password that combines letters, numbers, and symbols.
- Use unique passwords for every account.
- Protect your passwords and never share them.
- Use a password manager to create and store passwords.
Here’s a great video series that covers strong password hygiene.
Malware, Ransomware, and Viruses… Oh My
Surfing the Internet. Sometimes—OK, a lot of times—we do it for fun. However, it’s part of many people’s job responsibilities. Across the Internet you can find an array of threats designed to wreak havoc on your business and your life. What are these threats? How do you protect yourself?
Ransomware is a type of malicious software designed to block access to a computer system by encrypting and locking the data. Then, the perpetrator demands a large sum of money to enable access again. Ransomware not only threatens the secure data of you and your customers but also prohibits you from conducting business.
Malware is software that is specifically designed to disrupt, damage, or gain unauthorized access to a system.
One of the most effective ways to combat ransomware and malware is to perform regular backups of your systems and devices. Backups create copies of data that are then stored separately from your computer or device. Backing up valuable data regularly enables recovery of data and prevents downtime and lost opportunities.
As for viruses, there are new ones popping up every day. It’s nearly impossible to keep up. Fortunately, there are several companies that specialize in just that and inform the hardware and software makers of these new threats. Install and update antivirus software regularly to prevent viruses and attacks from malicious software.
Equally important is protecting your organization when employees visit sites through their work devices. One of the best means of protection is Domain Name Service (DNS) security, which manages how you navigate the Internet and ensures sites are safe and secure. DNS security also acts as an ad and pop-up blocker by verifying IP addresses.
Sum It Up
New cyber threats occur every day. There are a few simple measures you can take to protect your systems and data, including regular updates, strong passwords, MFA, and consistent backups. These all contribute to good cyber hygiene. It’s your responsibility, but the tools and resources provided should make it easier to protect your business.
