This week we are getting ready for a hot topic everyone needs to be aware of and to make it part of their business plan. There are a number of things we can do to keep ourselves, our company, and our team protected from cybercrime. I will share some highlights and welcome your thoughts on what you are doing.
October is cybersecurity month and there is a five-week strategy you can use as a guideline for your organization. As a leader, what are you doing to ensure your organization and team are staying safe from cybercrime?
Week 1: Take Stock (October 1st to October 3rd)
Ask everyone to take stock of the digital technologies they are using at the office and at home. Some initial steps to help take stock include the following items. Secure all your digital/online accounts, secure your devices, and secure all your connections. To help make all of us more aware, focus on protecting the things we care the most about today: our devices!
Once you know all your items above, the next step is to confirm the usernames, passwords, accounts, and connections are all current. Delete/remove all non-current ones. Change all passwords. This includes alarm panels, phones, tablets, and so forth. Set a schedule (weekly, monthly, or quarterly) to do this routine of staying current and changing passwords. It will become a good habit.
Our phones are with most of us for most of the day. Ensure your software operating system (OS) is kept updated. There are more malicious incidents on the phone today and it continues to rise. Leaders should be prepared to share information with their team about some of the various ones occurring to help raise awareness and minimize/eliminate breaches of security and malicious activities.
Most are familiar with phishing schemes (e-mails attempting to gain your personal information). The version on your phone is called Smishing Scam which are messages sent to your SMS or text messaging. If you do not recognize the number or the name, or if it seems unusual for the person to be sending you the message, stop and question it! Do not reply.
Add multi-factor authentication to your phone such as your fingertip is scanned to unlock your phone and you require a pin number to access it. Once your phone is unlocked, a non-authorized user has access to a wealth of information with very little effort. Lock your phone whenever not in use.
Lead your team to use strong passwords. As mentioned above, change them on a regular basis. Avoid family names, pet names, company names, and familiar names that can easily be guessed by others. Use unique combinations of letters, numbers, symbols, and capitalize some. Keep your operating system updated on your computer, notebook/laptop/tablet.
Most of us are using e-mail on our computers. Phishing schemes are abundant! Here are seven red flags to be on high alert: it is urgent, asking to share sensitive information, it looks too good to be true, it is an unexpected e-mail, information mismatch such as the name in e-mail and signature name are different, suspicious attachment (be extra careful before opening any attachment or clicking on any links in an e-mail) and the e-mail has an unprofessional design.
We are all connected whether in the office or at home. Our data resides on computers that can be located anywhere such as the office file server room or somewhere in the cloud. How are your computer networks connected and are they secured? How is your wireless setup? Can anyone walk in your area and hop on your wireless network with their own device? Who can access your company data (or your family devices at home)?
Wireless is expected and very common. We want it easy to join a wireless network and we want fast connections. Leaders take a look at your organization’s wireless connections and what devices are authorized to join. It is a good idea to separate your office team devices on their own wireless network and have a second wireless network for your guests. Always have passwords for wireless networks and change them regularly.
How secure is your firewall/router at your office and at home? Work with your tech team and your tech partner to ensure you have a robust firewall. The firewall should be kept updated with the latest security fixes (referred to as firmware upgrades).
Take a look at all your devices and ensure they are updated with the latest operating system, updated passwords, and set them in lock modes when not in use. This includes many smart devices around you such as thermostats, alarm systems, and cameras for example. Anything that has an App on your phone collecting information from a device should be reviewed.
Never provide your password to anyone. In the event you do provide it, change it immediately.
Be careful with personal information such as credit card numbers, bank account numbers, and social insurance numbers. Know the trusted source before sending this information.
Keep your guard up at all times. Read the sender’s name and e-mail address to confirm it is someone you recognize.
‘Tis the Season: Many will receive e-mails from their boss to go out and purchase gift cards. Call your boss to confirm they actually sent you this request. Every year, we talk to many who buy these gift cards with their personal or company credit card which do not exist and the money is sent to an account which is usually untraceable.
For more information to plan your strategy, go to Cyber Security Guidelines
What are you doing for Cyber Security Month?