Read time: 5 minutes
Did you know:
It takes most business about 197 days to detect a breach on their network.
More than 4,000 ransomware attacks occur every day.
43 percent of cyber attacks are aimed at small businesses.
1 in 131 emails contains malware.
Ransomware attacks increased by 36 percent in 2017.
The prevalence of cybercrime is undoubtable, and is rising at an exponential rate. Not everyone is an expert in IT or cybercrime, but everyone is most certainly at risk. So how do you enforce greater security on your computer and mobile devices without having the knowledge that those within the industry have? These are a start…
1. Patch As Often As You Can
Unpatched software continues to be one of the top reasons computers are exploited, this is because old software houses vulnerable points that newer software has since remediated. Flaws that initiate the creation of updates and patches are generally found by security researchers, or attackers. Most large companies run a ‘bug bounty’ program, whereby if someone finds a flaw or vulnerable point in their system and contacts the company to let them know, the vendor will pay them for finding it and then they’ll patch it to ensure users are safe from cybercriminals wanting to exploit it.
When a flaw is discovered, a vendor will generally try and keep it a secret so there isn’t a chance of it being exploited. However, once a patch has been released for a vulnerability, cybercriminals usually reverse engineer it in order to create an exploit, which will take anywhere from 24-hours to 4 days. Users have this timeframe to ensure that their systems are patched and therefore immune from any exploit that is subsequently created.
Businesses with an IT Provider are usually on a maintenance plan which allows them to get any updates or patches released immediately, meaning they’re as safe as possible from known exploits. If your business isn’t with an IT Provider, or you’re a home user, we recommend you check your settings to ensure automated updates are enabled. Here’s a link to show you how to do this.
2. Set Complex Passwords
According to TeamsID, 10,000 of the most common passwords (including 12345, qwerty, 123456), can access 98% of all accounts in the world. That’s a staggering statistic. We might sound like a broken record, but complex passwords are immensely important. Imagine you had all the latest and greatest security on your systems, but you had a relatively easy password that allowed a hacker to infiltrate your systems. It’s important you remember that no matter what, you’re only as strong as your weakest link.
If you find it difficult to come up with and/or store a password, there a tonnes of free password generators that will both create and store passwords for you. Checkout our recent blog post for best practice password tips.
3. Use A Firewall:
For those who don’t know, Firewalls are software and hardware that protects your computer from attacks coming from the internet. It does this by enforcing all incoming and outgoing traffic to pass through it, and only allowing authorised traffic through to your computer. Anything picked up as dangerous is blocked, giving you instant security when using the internet.
Having a Firewall on your internet connection not only allows it to filter out malicious websites, pop-ups etc., it also allows you to set up rules for users. For example, if you’re in a business environment, you might want to block certain websites or full categories – such as all social media sites, job search sites, the list goes on. You can even limit user rights to time of day, so for example, you might want allow the use of social media during lunch hours, but no other time of day. This gives you real-time control and peace-of-mind in how your staff are utilising your network.
4. Protect Mobile Devices
It’s widely known that mobile devices simply can’t offer the same kind of protection that your computer can, that’s why it’s important to be extra savvy in the security you enforce on all of your mobile devices, including laptops, tablets and mobile phones. Here are three ways you can ensure you’re being mindful when enforcing security on your mobile devices:
- Ensure your software is up-to-date. Whether you’re using a laptop or a mobile phone, this is imperative. As we stated above, most updates exist as exploits were found. If you’re not keeping your mobile devices up to date, you’re essentially leaving a door open for cyber criminals to come through.
- Ensure you’re using strong passwords and screen locks when available. In a recent blog post, we outlined dangers of brute force attacks, and how users who leave default logins and password settings on their devices are extremely vulnerable to this. It’s important to ensure you’re using complex passwords wherever possible to put up a strong fight against hackers. Also ensure that if your mobile device offers the option of screen locking, you take it! Pins more than 4 digits long are the way to go here, and any device offering fingerprint scanning as a way of gaining access is more than sufficient security.
- Take care when using public wifi. We recommend that anyone using public wifi utilises a Virtual Private Network (VPN) to ensure everything they’re doing over the internet is private and safe from hackers intercepting their connection. You can get safe, advanced VPN connections for business use, or if you’re a home user, there are plenty of free options you can utilise. Here’s a list of some of the more well-known consumer grade VPN providers. For a more advanced solution for your business, feel free to contact us.
5. Use Two Factor Authentication (2FA)
Two Factor Authentication works as a second security layer that confirms your identity when you log into an account. It’s purpose is to make life difficult for hackers in ensuring that even if they crack one of your passwords, it’s almost impossible for them to gain full access through 2FA. 2FA works by prompting a second device for a verification to your log in before you can access your account.
So say you’re logging into your emails, once you type your password in, you’ll also receive a text with a unique code for you to input into your email login, in order to gain full access to your account. Unless a cybercriminal had access to multiple devices, it’s very unlikely that they’d succeed in getting into your accounts with 2FA.
There is 2FA available on most major accounts, including social media, emails, etc. There is even software and APPs you can utilise to enable 2FA on business accounts. Email us to find our more about this tool.
These are only five of the many ways you can enforce greater security on your computer and mobile devices. View our C3 IT page to get in idea of additional security measures your business can take.