The Ping: Cybersecurity – Where to Start

Cybersecurity starts first, and foremost, with people. Even with a secure perimeter, the people using the network can introduce risks to the environment. Teaching your employees what to look out for and where their responsibilities lie are the first steps to closing the security gaps and lessen the chances of your business falling victim to a vicious attack.

Employee Awareness

Building awareness with your employees isn’t just about teaching them what to look for but also to show them why they are an important part of the solution. Once your employees can relate to the importance of keeping the network secure, they’re more likely to take their training more seriously. Training your employees to be able to detect and delete just one phishing email, or know which links they should not click on, can save everyone a lot of time and money.  A cybersecurity training course that provides multiple training methods is an effective way to really teach and track progress. Training videos, short quizzes and even test phishing emails that can show you who your “clickers” are allows you to see security training actually work!

Create Strong Login Credentials

We’ve all heard about creating a strong password with complexities, but creating a strong login is imperative to keeping your data safe! Below are some guidelines to help understand how to achieve this.

On your network …

  1. Yes, make your password complex. Make your passwords at least seven characters long. Mandate usage of at least three of the following categories in your passwords: upper case letters, lower case letters, numbers, and non-alphanumeric characters. But also…
  2. Enforce password changes. We recommend changing your password at least every 45 days.
  3. Setup a password lockout policy – Hackers love it when they can try to crack a password by entering different combinations over and over until they get it right. Lock the account if there have been too many incorrect attempts. We recommend locking the account after five attempts.

On your personal website login pages…

  1. Yes, make your password complex. But also…
  2. Change it! Change your security questions occasionally too.
  3. If you have an option to use a login username that is not your email address, do so. (example: jdogbird98 instead of [email protected])

Network Updates

The most common method by hackers is to attack networks that are vulnerable due to lack of updates! Keeping your network updated patches holes that hackers may use to break their way into the network. This is your servers, switches, firewalls, etc.. These updates also keeps your network running smoothly. Upgrading out-of-date hardware/devices on the network is also important. If you’re using hardware that is no longer updated by the manufacturer, you’re not getting any new security patches and thus, creating an opening that can be used by malware. Making sure that this is being done is part of Employer/Employee awareness too. Who is making sure this is happening? Talk to those in charge of your network and make sure that you understand the schedule of updates. Reports should be generated that shows updates are being applied, and quickly.

For more information or assistance in setting up cybersecurity training, updating your network password policies, or looking at your network updates just let us know!

Your UniVista Team
*Celebrating 20 Years of Customer Satisfaction*