Cyber Security: 20 Essential Tips
Last month marked the 20th anniversary of #cybersecurityawarenessmonth.
As a cyber essential certified business, we prioritise keeping ourselves and our clients informed on all the latest guidance when it comes to protecting yourself from cyber threats. We have compiled a list of 20 essential tips we recommend all individuals and businesses follow in order to boost your cyber defences.
1. Strong and unique passwords
It’s a simple tip, but one that all too often we see being ignored. A strong password should be at least 12 characters in length, whilst being easy to remember. Never use personal information such as names or birthdays, in-fact, combining 3 random words is a good tactic when it comes to creating a unique password.
2. Two-Factor Authentication (2FA)
An increasing number of online platforms are making 2FA enablement mandatory, which is a positive step forward. Wherever possible we recommend you enable 2FA on your online accounts. 2FA adds extra security through the requirements of two forms of identification to access resources and data.
3. Change shared passwords.
When an employee leaves a business, make sure to update any shared passwords that the ex-employee had knowledge of.
4. Use a password manager.
We highly recommend implementing a password management system. This system stores all organisation passwords (and other sensitive information such as bank account details) in a secure, encrypted environment. This limits the use of weak passwords and recycled passwords, with the management system storing all the data for you.
5. Secure Wi-Fi Networks
Avoid using public Wi-Fi networks when accessing sensitive data on your devices, such as online banking. If regularly travelling on business, use a virtual private network (VPN) to encrypt your connection.
6. Update your software.
Out of date equipment is vulnerable equipment, so don’t doubt the importance of hardware and system updates. It is essential to regularly update operating systems and software as new patches become available.
7. Back up your data
Regularly back up your important files and data to an external device or a secure cloud service. In case of ransomware or data loss, you can restore your information.
8. Be vigilant when it comes to phishing emails
Be cautious when opening email attachments or clicking on links, especially if the sender is unknown or the email seems suspicious. Common signs of a phishing email include poor grammar, suspicious attachments and a tone of urgency.
9. Don’t leave your devices unattended.
Never leave your devices such as laptops and mobiles unattended. For desktops, it is important to always lock your screen before moving away from your desk.
10. Disable Bluetooth on your devices when not in use.
Devices can be hacked via Bluetooth, so when not using it, it is safest to turn it off.
11. Check for HTTPS on websites.
Double-check that a site’s using HTTPS and has the universally identifiable padlock symbol. HTTPS is the secure version of HTTP, which is the primary protocol used to send data between a web browser and a website. HTTPS is encrypted in order to increase security of data transfer.
12. Role-Based Access control
Assign employees access to only the platforms and documents they need to fulfil their job requirements. Limiting the number of users with access to sensitive information, limits the level of risk.
13. Install an antivirus software.
Install antivirus programs on your devices if you haven’t already. Antivirus programs protect your devices from viruses and malware.
14. Use a firewall.
Along with antivirus, it is advisable to also install a firewall. Firewalls protect your network by fileting unknown traffic and blocking outsides from gaining access to your private data.
15. Train your employees
Humans pose the biggest threat to cyber security. 45% of employees lack the confidence to identify a social engineering attack such as a phishing email. We recommend investing in training resources for your staff to minimise this threat, such as our Cybersafe Crew Cyber training modules, that have been adopted by a number of our clients.
16. Attend security awareness seminars.
Cyber security is a complex and evolving landscape there we recommend investing time in keeping up to date with the latest threats by attending online or local cyber security awareness events.
17. Only download apps from reputable sources
Apps can hide malware, therefore only download apps from trusted sources such as the App store and Google play, as these stores scan apps for malware.
18. Avoid public charging stations.
Free electric charging plugs are commonly found at airports, buses and shopping centres; however, experts are warning of the threat of ‘juice jacking’ attacks. Juice-jacking refers to a security attack where threat actors load malware onto publicly available USB-based charging stations through which they can access connected electronic devices as they are being charged (Source: Spice Works).
19. Beware of malware when using removable devices
During the first half of 2023, researchers saw an increase in the number of attacks using infected USB drives. Therefore, we recommend storing your devices in a secure location, and encrypt the USB for extra piece of mind.
20. Mobile Device Management
Businesses should also consider investing in a mobile device management tool. This provides mobile device data protection, security, encryption, remote email configuration, and remote device wiping in case your device is lost or stolen.
Looking for effective cyber security solutions for your vessel? Read about our comprehensive yacht security service offering here.