Today we’re sharing insight from guest blogger, KSM Consulting, a business and technology consulting firm. We hope you enjoy their insight and wisdom on managing cyber risks.
Cyber security is most likely a buzz word you have heard numerous times. With so much information on cyber security, it can be overwhelming trying to stay up to date. To simplify it, we’ve compiled three practices you can leverage for your individual cyber security and the security of your employer.
All too often we hear, “I use the same password for all of my accounts - it’s just too difficult to remember multiple passwords.” This is concerning, because using the same password for multiple accounts is a major security risk.
Consider this example: You sign up for a website your child’s soccer coach created to provide access to an up-to-date schedule. Since you are always at work when you check the schedule, you sign up with your corporate email address. Security was the last thing on the coach’s mind when he set up the free site, and with low security, the site was hacked, accessing the email addresses and passwords for each of the 25 accounts. Because you used your corporate email address and the same password as your corporate account, the hacker was then able to access your corporate email account.
Using the same password to access accounts is a common and easy way for hackers to attack on multiple fronts. If it was all too easy to place yourself in the scenario above, it’s time to update your passwords. Because many people struggle to remember multiple passwords, password management tools have been developed to help.
A password manager, such as LastPass, is a great solution that can help. With LastPass, you only have to remember one password and it manages the rest. The program works with computers, tablets, and mobile phones - anywhere you install the client. As a tip, strong passwords contain a minimum of twelve characters and include an upper case letter, lower case letter, numbers, and characters.
We’ve all seen it before, someone excitedly posts on social media about upcoming travels, only to return to a home with precious valuables missing. Hackers rob people in the same way, slowly collecting information until they have enough to use against an individual.
Imagine you are a rare coin collector. You see an ad or an email come through about rare coins; you’re interested, so you click the link. When you do, malware is downloaded onto your computer. In this scenario, the hacker was able to entice you into clicking on the ad by tailoring it to your distinct interests.
Hackers are using social media to obtain as much information on individuals as possible, using it to their advantage as their practices become more sophisticated and personalized. Keeping personal information private becomes even more essential when you are in a position of authority for a well-known or publically traded company.
When it comes to social media, the easiest trick in the book is to make sure you are willing to shout out the information you are about to post in a room full of strangers. If you aren’t, think twice before hitting tweet, post, comment, or publish.
Watching what comes in and goes out of your inbox is an important component of cyber security. Two common email attacks are phishing and spear phishing. Phishing is a wide net approach attempting to have someone click something and is not targeted to anyone in particular. For example, someone might send an email asking you to check out the newest restaurant in town. When sent to the proper target audience, people will click on the link in the email and malware is often downloaded onto the device.
A spear phishing attack directly targets individuals and has a more significant impact. Attackers use information they have gathered from social media or corporate websites. Then they craft an email specifically targeted at one individual. Hackers may ask for two-hundred thousand dollars to be wired to a company in China if they know the company frequently does work there and the amount seems reasonable for the company.
These emails appear normal at first glance, but upon closer inspection, a few letters may be out of place. To avoid these attacks, be careful about the information you freely give out, think twice about clicking on links in emails that appear to be spam, and personally verify transactions are legitimate before wiring large sums of money.
As cyber fraud continues to increase, it is more imperative than ever to stay current with the latest trends in cyber security. To find out even more ways you can protect yourself, download our Top 10 Cyber Security Best Practices.
This content was written and shared by guest blogger KSM Consulting.
KSM Consulting is a technology, data analytics, and management consulting firm serving the public sector and private organizations in Indianapolis and beyond. KSM Consulting is part of the employee-owned Katz, Sapper & Miller Network.