Good cyber-security is a lot like protecting your home from robbers. We want to layer the defenses. For a home you might have a fence with no trespassing signs around the yard. Doing so will restrict access like the neighborhood kids and stay dogs. Net we have doors with dead bolt locks, maybe bars on the windows. Install an alarm to alert the police. For valuables a safe etc. Each layer will stop some level of intrusion, and we put the strongest layers around the most valuable Items.
We need to define what data & software is most valuable and most vulnerable. In part one we talked about having a good anti-virus software, a strong firewall and two spam blockers one at the server level and one at the PC level. In Part 1 we also talked about training your team to recognize spoofed emails and do their part in cyber-security. As 91% of Hackers gain access through a phishing email that got opened by one of our own people.
So what is the next layer we need to add? Two factor authentication – Dual Factor Authentication. Yes this can be annoying having to remember our User Name, Password and then enter a third code we get via Text (Or different email address). Yet it is one of the best ways to prevent access because it requires access to another device or secure email or phone. This combination creates a major hurtle for a hacker to overcome. There are several ways to use it.: 1. upon initial set up to verify the IP address and pc you are using, 2. when ever logging in from a remote location – non-company IP address 3. Every single time a person logs in.
The biggest advantage when using Two Factor Authentication is Even If a Hacker gets your User Name and Password they still can not log in with out the Second Factor – Code send usually via Text.
Complex Passwords are the Next level of security, it is important to have password security policies for our people to follow. Having a great front door with a strong deadbolt lock won’t do any good if the door is left wide open all day. The same is true for Cyber-Security. Common policies are: Long Complicated Passwords that are not iterated when changes, that is the old password is reused with a 1 at the end then next time a 2 etc. Have more than one password. A different password for access for access to different software’s, that way if one is compromised they hacker does not have the keys to the kingdom.
Make compliance with Cyber Security Policies easy for example:
To create complex yet easy to remember password is: A. Use a maternal relatives hometown, B. combine that with the numbers of a relatives address C. then pick the name of your favorite candy as is kid. D. combine them in a string with a few Caps E. Sprinkle in a % * ! ? . Now you have a easy to remember password that is complex an if you write out a few clues to help you remember it would be very difficult to get them all. Be creative. Things to avoid: Dates of any sort, you children names, School names, pets names etc all of this is often on social media or easy to guess.
Next test the system, send folks a phony email from an email address they don’t know. See if they open it. It is easy to set up as many email addresses as you want to test your people. Reward those that catch on and Report the intrusion attempt. Then privately re- train those that get fooled. It is always a work in progress because cyber criminals are always looking for a new way to steal your data.