Password Protection

Passwords are a fundamental starting point for security for good reason.

A password can be used to gain access to other accounts, impersonate you, and more. Don’t use common dictionary words. Use the suggested combination of upper and lower case letters, numbers, and symbols, a minimum length of 8, ideally 12 characters. Never give out a password, especially in an email. Be careful about who’s asking for you to reset them. Don’t store them on your computer. Don’t use the same password in multiple places. If you find this all too complex, a password manager is a very simple solution, while you can also use a simple algorithm to generate a unique, easy to remember password on your own.

Antivirus, Antimalware, and Endpoint Protection

Viruses and Malware don’t only come from emails.

There are infected servers, USBs and websites. Using antivirus and malware protection are a must for everyone, individuals or organizations, computers or servers, Windows or Mac, and even on your smartphones. These will operate in the background on your computer and ensure that nothing evil is going on in the background. You can set the scan frequency, and how feature rich you want to go will depend on your budget. It’s important to highlight again that smartphones and tablets are vulnerable and require protection as well.

Dangerous Downloads

We touched on malicious attachments, but often these files can be downloaded through emails, and websites alike. Using torrenting sites is quite risky as you often download a compressed file that itself can contain malicious content once uncompressed.

Illegal streaming and many NSFW websites are often boobytrapped with automated downloads and malicious scripts. Popups on these sites will target you with great offers, such as free software and games. They will often give you more than you bargained for. Only download from trusted sources and ideally with IT input. In most companies there are strict download protocols anyway. Your personal policies should be similarly strict.

Bring Your Own Device (BYOD)

It used to be a lot simpler for IT.

With frequent travel and the growth of remote working, people are often using their personal devices for work purposes. The key here is to ensure that personal devices follow the same strict protocols as set out by your IT departments. This means using the same standards of protections, not using illegal websites, and clearing software downloads.

Multi-Factor Authentication (MFA)

Authentication processes often ask for single methods of authentication, usually a combination of username and password. This would be considered single factor authentication Adding on a security question, which you will often get in online banking for example, would be an example of Two Factor Authentication. Other examples might be that to release funds, someone from finance must approve every transaction and then have another senior manager sign as well.

Two-Factor Authentication used to be sufficient, but increasingly we are seeing MFA being needed, especially in cases where highly sensitive information is exchanged. This is becoming especially relevant in the face of CEO Fraud, where criminals are impersonating another party to extract funds. Adding a second layer or protocol can save you from falling victim to socially engineered fraud.

Business Continuity and Disaster Recovery (BCDR)

Failsafes are a key part of any security strategy.

As a failsafe, you need to ensure that in the worst-case scenario, you can rapidly return to your pre-attack state. Having backups that are up to date and continuity plans, whether in the case of an outage or while an attack is being cleaned are essential. It is also very important that they are tested by IT admins to ensure they can be relied on. Email archiving, while less of a cyber security issue, is essential for regulatory compliance in nearly all businesses.

Public Wifi

We are all likely to hop on to public wifi at our preferred local cafe, whether working remotely or while travelling. The only way to ensure safety is to not use them. Using your phone to tether is probably worth the cost. If you are still using public wifi, don’t enter passwords, don’t visit your banking and generally, be very suspicious – imagine everything you are doing can be “listened” to quite easily. In these cases, using a VPN or “Virtual Private Network” can be an effective means to circumvent any eavesdroppers.

The Need for A Security Strategy

With a strong cyber security setup, multiple failsafes are in place to ensure any breaches are compartmentalized. Very much like the Titanic, there are always risk factors to contend with. The unsinkable can sink. In email and cyber security, complacency and overconfidence can lead to disastrous consequences. Covering the basics outlined in this email security awareness training program will dramatically reduce the chance of you being the next victim. With a properly executed continuity and recovery plan, the return to business as usual doesn’t have to be a sustained nightmare.