October is not just the month for getting into the Halloween spirit. It’s also National Cyber Security Awareness Month, which is sponsored by the Department of Homeland Security and the National Cyber Security Alliance (NCSA). The government made this declaration in 2004 to raise awareness of the role cybersecurity plays in everyone’s lives. Since the emergence of major cybersecurity events this year, such as the WannaCry ransomware attacks and the Equifax breach, there’s now an even greater urgency to adopt safer cybersecurity practices.
What are some online safety tips?
One of the themes for this month is “Simple Steps to Online Safety.” The theme encourages people to take simple actions to protect themselves online and to recover in case a cyber event occurs. StaySafeOnline, an NCSA website, provides online safety basics on a few topics.
- Spam and phishing: Cybercriminals will use sophisticated methods to manipulate people into clicking on a malicious link, disclosing personal information, or sending them money. The email will instruct you to act quickly because of a compromise on your account or because there is an urgent matter to address. Follow up with the company using the contact information on their website, not the email. Also, make sure to enable filters on your email accounts, hide emails from social media profiles, and report spam.
- Online shopping: With the rise of e-commerce websites, cyber thieves can use shady websites to trick online shoppers into handing over their credit card information or paying for goods they will not receive. If you are considering buying items from an unfamiliar website, make sure to read the reviews of previous customers beforehand. Also, the website should display an https:// address to show it will protect information the visitor submits, such as credit card numbers.
- Data backups: Your business can lose its data due to equipment failures, theft, malware, human error, and natural disasters. Make sure to keep backups at a data center and in the cloud. Also, the backups should have file versioning, which means the service should collect multiple backups at different time intervals.
- Malware, botnets, and ransomware: Cybercriminals can spread malicious software that can steal, corrupt, and destroy valuable data. Plus, they can include the device in their bot network to infect other victims. Make sure to scan your devices with anti-virus software regularly. Also, keep your operating system, device application, and web browsing software up to date.
What cybersecurity framework should your business follow?
Another theme for this month is “Cybersecurity in the Workplace is Everyone’s Business.” This theme urges organizations to create a culture of cybersecurity and for each employee to take a role in preventing cyber-attacks. The National Institute of Standards and Technology (NIST) provided a cybersecurity framework you and SwiftTech can refer to when improving your business’s cybersecurity practices:
- Identify: Determine your company’s most valuable assets, such as customer records, employee tax information, and credit card information. NIST recommends keeping an inventory of your data and technology assets. Also, make sure to keep track of the employees who have access to each of those assets.
- Protect: Set up safeguards to prevent and protect your assets against cyber threats. Basic protection involves scanning devices with anti-virus software regularly, keeping device software updated, and limiting access to network drives to those who need it. NIST also recommends not reusing passwords on accounts, using a VPN on a public Wi-Fi hotspot, implementing two-factor authentication for online accounts (when possible), and participating in periodic cybersecurity training.
- Detect: Monitor IT systems continuously and receive alerts of any cybersecurity events. SwiftTech uses advanced software that monitors your network around the clock for any threats. However, NIST recommends that each employee should be able to spot suspicious activities (e.g., phishing, ransomware, and scams) and then report them. In addition to the tips mentioned in the “Simple Steps to Online Safety” section, make sure to inspect links closely on emails and texts before clicking. Also, do not open unexpected attachments, especially from contacts you do not know.
- Respond: Act in response to detected cybersecurity events. In case this happens, SwiftTech will work diligently to resolve problems that result from the event, such as restoring network operations, recovering lost data, or finding replacements for damaged equipment. However, your organization should have a business continuity plan in place for continuing operations during a disaster, alerting customers and third parties of the event, and reporting to industry regulating agencies.
- Recover: Resume normal workplace operations promptly after a cybersecurity attack. Determine the cause of the security breach, implement fixes across the entire organization, and then update your IT policies. For example, if someone experienced a ransomware attack because they were using an outdated Windows operating system, such as Vista, you would need to update that person’s system, and then ensure all company devices are kept up to date going forward. Also, if an unsuspecting employee pays a fraudulent invoice, you contact the bank to stop the charges and educate your staff regularly on phishing scams.
SwiftTech Solutions wants to make sure your business stays protected. If you have any questions about your company’s security, feel free to contact us by calling 877-794-3811 or emailing info@swifttechsolutions.com.
What is included in our Security as a Service?
Also, our subscription-based cloud service, called Security as a Service, provides added protection against security breaches. The service includes:
- Ransomware Protection
- Email Security
- Web Security
- Enterprise Anti-Virus & Anti-Malware Protection
- Intrusion Prevention, Detection, & Management
- Security Monitoring
If you’re interested in subscribing to our Security as a Service, please contact SwiftTech Solutions at 877-794-3811.