Improve Your Organization’s Security Status by Promoting Internet Safety

At The Lake Companies, we have a secret weapon in our cybersecurity arsenal. That weapon is Geoff Nestor. Geoff is The Lake Companies’ solution to ensure employees heed and follow cybersecurity messages and best practices. Geoff is ever vigilant of the internal human element in the equation, so he continuously sends out informative cybersecurity messages to all employees in our organization warning of the latest hacks, and tricks that cybercriminals are attempting in organizations all over the globe. Your company needs a Geoff Nestor, since not even the best firewalls and software protection in the world are criminal proof.

Consider this:

• Approximately 70% of insider breaches are caused inadvertently by human error or negligence.
• Phishing attacks (fraudulent practice of sending emails purporting to be from reputable companies “fishing” for personal information and/or credentials) continue to pose the most significant threat.
• Approximately 91% of all successful cyber breaches can be traced back to a spear-phishing email.
• Other human factor related threats include poor password management, use of unauthorized file sharing platforms, installation of questionable third-party software, unsafe browsing habits, and loss of devices containing corporate information.

What organizations need are more vigilant guardians like Geoff to conduct cybersecurity training and awareness and who continuously communicate critical issues such as,

• Detecting fraud
• Protecting your personal and business networks
• Guarding against ransomware attacks
• Identifying social engineering and phishing attacks
• Complying with cybersecurity regulations like GDPR
• Defending against IRS scams
• Securing personal devices

Even though October was National Cyber Security Awareness Month, Geoff knows that hackers, ransomware/phishing attacks are relentless and require our vigilance every single day of every year. However, National Cybersecurity Awareness Month (NCSAM) is a collaborative effort between government and industry to ensure every American has resources they need to stay safe and secure online while increasing the resilience of the nation against cyber threats.

Here are the top tips you must share with your teams: (The National Initiative for Cybersecurity Careers & Studies (NICCS))

• Double your login protection. Enable multi-factor authentication (MFA) to ensure that the only person who has access to your account is you. Use it for email, banking, social media, and any other service that requires logging in. If MFA is an option, enable it by using a trusted mobile device, such as your smartphone, an authenticator app, or a secure token—a small physical device that can hook onto your key ring.
• Shake up your password protocol. According to National Institute for Standards and Technology (NIST) guidance, you should consider using the longest password or passphrase permissible. Get creative and customize your standard password for different sites, which can prevent cybercriminals from gaining access to these accounts and protect you in the event of a breach. Use password managers to generate and remember different, complex passwords for each of your accounts.
• If you connect, you must protect. Whether it’s your computer, smartphone, game device, or other network devices, the best defense against viruses and malware is to update to the latest security software, web browser, and operating systems. Sign up for automatic updates, if you can, and protect your devices with  antivirus software.
• Play hard to get with strangers. Cybercriminals use phishing tactics, hoping to fool their victims. If you’re unsure who an email is from—even if the details appear accurate— or if the email looks “phishy,” do not respond and do not click on any links or attachments found in that email. When available use the “junk” or “block” option to no longer receive messages from a particular sender.
• Never click and tell. Limit what information you post on social media—from personal addresses to where you like to grab coffee. What many people don’t realize is that these seemingly random details are all criminals need to know to target you, your loved ones, and your physical belongings—online and in the physical world. Keep Social Security numbers, account numbers, and passwords private, as well as specific information about yourself, such as your full name, address, birthday, and even vacation plans. Disable location services that allow anyone to see where you are – and where you aren’t – at any given time.
• Keep tabs on your apps. Most connected appliances, toys, and devices are supported by a mobile application. Your mobile device could be filled with suspicious apps running in the background or using default permissions you never realized you approved—gathering your personal information without your knowledge while also putting your identity and privacy at risk. Check your app permissions and use the “rule of least privilege” to delete what you don’t need or no longer use. Learn to just say “no” to privilege requests that don’t make sense. Only download apps from trusted vendors and sources.
• Stay protected while connected. Before you connect to any public wireless hotspot – like at an airport, hotel, or café – be sure to confirm the name of the network and exact login procedures with appropriate staff to ensure that the network is legitimate. If you do use an unsecured public access point, practice good Internet hygiene by avoiding sensitive activities (e.g., banking) that require passwords or credit cards. Your personal hotspot is often a safer alternative to free Wi-Fi. Only use sites that begin with “https://” when online shopping or banking.

If you don’t have an IT security gatekeeper like Geoff in your firm, it is not too late to take proactive steps to enhance cybersecurity in your company.  Download the National Security Awareness Month 2019 Toolkit to start your “Own IT. Secure IT. Protect IT.” efforts.

Always heed the advice Geoff provides in his emails.