The internet has become littered with malicious links, viruses, and trojans. And as data breaches are on the rise, security is top on almost every business’s list, and with good reason. Inadequate or inefficient protection can bring down a company’s network and can cost the company thousands, if not millions of dollars. But for some businesses, just knowing where to start and what to do is the biggest hurdle. With that in mind, we suggest exercising these three methods to help improve your overall network security hygiene to help aid in keeping your devices healthy and hack-free.
Don’t Get Social Engineered At the top of the computer threat list is social engineering. Social engineering is when someone or something pretends to be something it’s not. It often poses as a brand or item that you would generally trust more than something unknown. It then asks you to share confidential information (like a password) or run a Trojan Horse malware program. It’s a scam! 70% to 90% of all malicious digital breaches originate from social engineering. The best thing to prevent device deception is by mitigating social engineering a priority in your computer security defense.
2. Make Software Patching a Priority – Unpatched software is the reason for approx—30% of all computer attacks. Not so long ago, unpatched software, like unpatched Microsoft Windows, was responsible for almost all successful breaches in a single year. But around 2009, social engineering took over the number one spot, and unpatched software incidents have decreased. Still, it’s a close second, so keeping it top of mind and maintaining consistent patching of software should be put on your security defense priority list.
3. Use Different Passwords Between Sites and Services – Contrary to popular belief, passwords do not have to be lengthy and complex. An 8-character password with some level of complexity can block 95% of password attacks. According to KnowBe4, the only attack type it does not mitigate is password hash cracking. And that requires the hacker to already have complete control of your computer. If you are concerned about password hash cracking, which most hackers in real-attack scenarios do not do, your passwords have to be at least 16-characters long (with or without complexity). Regardless of your password’s complexity, the far bigger problem is not reusing your password between unrelated security domains (i.e., various websites, services, networks, devices, etc.). The average person has three to 19 passwords that they split up among 170+ websites, services, and domains. This means there is a lot of sharing going on, and that is very high-risk behavior. Because if a hacker obtains one of your passwords, no matter how he/she got it, they can try and reuse it on other websites and affiliations to which you may belong. Hackers have been using this technique to access people’s critical online accounts and identities for decades. To make a hacker’s life harder, use different passwords on every site, service, and domain you utilize. Which usually means getting a password manager program. Many other computer security experts and I recommend using a password manager program.
So, easy as one, two three! It’s three recommendations, one sentence and 13 words.
Don’t get socially engineered, patch your devices, and use different passwords
You will likely read tens of thousands of words on how to protect yourself and your organization best against hackers and malware this year. But concentrate on the three very essential suggestions above as if they were the top three things you can do to reduce risk in your environment – because they are.