Protect Your System Against Cyber Attacks
Cybersecurity threats are rapidly increasing, and cybercrimes have also transformed to be more advanced and more sophisticated than ever. Damages related to cybercrime is expected to reach $6 trillion per year in 2021, and it won’t only affect big enterprises and multinational companies. In fact, many cybercriminals are now turning to smaller, ‘weaker’ targets.
As people become more and more reliant on the internet, the opportunity for various digital attacks also grows, and with this rise in cybercrimes, there’s also an increased awareness of the importance of cybersecurity. We have to look for better ways to protect our business and our personal assets from DDoS (Distributed Denial of Service) attacks, malware, ransomware, brute-force attacks, and any other threats to cybersecurity.
Here, we will share some cybersecurity tips your company needs in 2020, so you can better protect your digital assets against cyber attacks. By the end of this guide, you should be able to implement these tips to protect your company and digital assets from various cyber attacks.
Table of Contents
Top 6 Tips To Protect Against Cyber Attacks
#1. Improve Your Password
It’s pretty obvious that we should use strong and secure passwords, but it’s actually often overlooked by so many people. In fact, according to the 2019 Data Breach Investigations Report (DBIR), weak passwords are the cause of 80% hacking breaches.
So, make sure to use strong passwords that are randomly generated if possible. Make sure to communicate this with all team members. There are two fairly simple ways you can use to achieve this:
-
Use Strong Passwords
A strong password is one that is at least 12 characters long and contains diverse characters (both cases of alphabets, numbers, symbols, and spaces). There are various random password generators out there like Secure Password Generator and today there’s also Google’s autofill password to help with this. In short, there are now various tools that can help you in this aspect, so make the most of it.
-
Enable 2-Factor Authentication
2-factor authentication is essentially using a second piece of information besides your password (and username) to confirm your identity. 2FA can be:
-
-
Something you know
-
A secret question, a PIN, a visual pattern, etc.
-
-
Something you have
-
A dongle or token, a credit card, NFC chip on your smartphone, etc.
-
-
Something you are
-
Biometric information like face ID, fingerprint, retinal scan, and voice recognition.
Ensuring your whole team uses strong passwords can be quite difficult especially if you have a big team. However, this is very important, and various password management tools can help you in this aspect.
#2. Prevent Human Error
A lot of cyber attacks are caused by human errors. Above, we have discussed how weak passwords are the main cause of various hacking attacks. Also, more than 90% of cyber attacks began with phishing, especially via email.
So, educating yourself, your staff, and your whole team about the importance of preventing cyber attacks is very important. They have to know about phishing emails, social engineering attacks, malware/ransomware, and signs of hacking attempts. Conduct regular training, and make sure the training is repeated and updated regularly to take account of new risks:
-
Set up company-wide policies
Communicate plainly how and with whom each team member can share sensitive information. Obviously, never share any sensitive information like personal info, passwords, and bank account numbers in a social media post or even an email. Use secure means to send these sensitive pieces of information (in person, encrypted links, direct mail, and yes, the old-school fax machine is very secure).
-
Educate your team for the latest modus operandi
For example, BEC (business email compromise) is a relatively new and popular phishing method. Yet, according to the FBI, BEC-related attacks account for more than $700 million each month. In BEC phishing, the attackers attempt to impersonate someone within a company. For example, an email might come from the HR manager that asks the recipient to provide their bank account details.
So, educate your team for potential human errors. Set up clear policies on information sharing, and always stay up-to-date for the latest cyber attack methods.
#3. Protect Against Identity Theft
Identity theft is a very common cybercrime when cybercriminals use your personal information to impersonate you. The most common use is to use your credit card information to purchase things, but identity theft can cause more serious damages than financial issues.
Not securing sensitive personal data is obviously the most common reason for identity theft, and here are some things you should consider regarding personally identifiable information (PII):
- Do not post any sensitive information on social media posts (and including DMs).
- Do not share your social security number (SSN) or the equivalent in your country with anyone you don’t trust
- Don’t display sensitive personal information on your social media profiles. A general rule of thumb, displaying your full name is your limit.
- Never share any OTP (One-Time PIN) code sent to your phone, even if it’s someone you know
- Make sure to check when you receive any OTP SMS about any services.
- Don’t fill out your personal data on untrustworthy websites (especially when it involves prizes or suspicious offers.
Also, here are some additional tops you might implement in preventing identity thefts:
-
Prepare a response plan
Anticipate that no amount of protection will be 100% effective–it’s actually a pretty comprehensive approach. Create a response plan on the steps you’d do when your personal information has been breached, who to inform, and how to communicate to the public and stakeholders when necessary.
-
Watch your mail
Stolen mail is actually one of the most common causes of a stolen identity. Trust your mails with a trustworthy neighbor or family member when you are our of town, or you can get a lockable mailbox. If you are located in the U.S., you can also sign up for informed delivery, where the USPS will provide a preview of your mail so you can tell when anything is missing.
-
Protect your mobile devices
Use a password on your phone and biometric identification if it offers the feature. Always make sure the phone’s software and all apps are properly updated. Also, turn off Bluetooth unless you are going to use it, and be careful when you are using public Wi-Fi.
#4. Back-Up and Encrypt Your Data
An effective strategy to prevent cyber attacks is essentially about two important elements:
- Preventing access to sensitive data
- Ensuring stolen data is not usable if it falls into the cybercriminals’ hands
With that being said, we have to remember that no matter how good our cybersecurity measures are, we can’t completely eliminate the risk of data breaches and thefts. So, it’s very important to ensure you have a data back-up ready so your site and your business can still operate during any cyber attack attempts.
You should keep three back-ups of all your data. Store two of these backups on external storage, and keep another copy off-site (as a cloud backup, for example).
In fact, backing up your data on the cloud might be one of the most effective measures in preventing cyber attacks. You should make your sensitive data, information, and even applications only accessible from the could server. Even today, putting your assets on the cloud is one of the best ways to secure them from various cyber attacks.
Also, another important thing to consider here is to encrypt sensitive and valuable files like bank account numbers and personally identifiable information (PII). Make sure that only those who are authorized for access can access the content. This way, even when your data is stolen, it won’t be useful for the criminals and you can prevent further damage from happening.
#5. Develop a DDoS Response Plan
DDoS (Distributed Denial of Service) is one of the most common cyber attacks all around the world, and in recent years the number of DDoS attacks has also increased dramatically. In the first quarter of 2019, we saw an 84% increase in DDoS attempts compared to Q1 2018.
The thing about DDoS is, right after we’ve detected that there’s an incoming attack, we simply don’t have time to figure out our options and develop a strategy. The longer we wait to take the first step, the bigger the DDoS traffic can build up, and the bigger the risk it’s going to crash our system.
Here are the three principles in planning a DDoS response plan:
-
Plan a response team
Assign key responsibilities to key team members. This is to ensure a proper, organized response for all team members to the incoming DDoS attack when it happens.
-
Assess your system
Have a full list of assets (hardware and software) and make sure you can detect the incoming DDoS attack as soon as possible. Also, assess the availability of application-level and layer 7 DDoS protection, filtering tools, and the required hardware.
-
Communication plan
Make sure to define who should contact whom in the case of a DDoS attack. Include the list of both internal and external contacts (stakeholders, customers) that should be informed about the DDoS attack and potential damage.
#6. Protect Your System With Firewall and Anti-Malware Software
Malware infection is also among the most common cyber attacks, and ransomware is now one of the most prevalent cybersecurity risks for small and big businesses alike. So, protecting your system from malware and ransomware is very important.
Make sure to invest in reliable antivirus software. Free antivirus tools nowadays are—unfortunately—not very effective against ransomware attacks. Ransomware changes as quickly as new antivirus databases are updated, so you might need a premium antivirus tool offering a predictive analytics technology. A good antivirus is a very important first line of defense against cyber attacks.
Also, you will need to invest in an optimized firewall, and a good VPN to add another layer of security. A VPN creates an encrypted network between your system and any sites you visit, so it’s useful in protecting your data and information.
End Words
Cybercrime isn’t going anywhere soon, so there’s no other way besides having a robust system in place to prevent and mitigate the incoming attacks.
It’s important to note that human errors are the most important cause of various vulnerabilities related to cybercrime threats. So, educating your team about the importance of strong passwords and knowledge about various common cyber-attack methods are very important. Also, maintain the quality of your anti-virus tool and firewall, and ensure you have at least three backups in place.
To further ensure your defense against various types of cyber attacks, you might want to develop a proper DDoS response plan, including choosing a proper DDoS mitigation service to work with.