Using a strong password may seem like a given safe practice but, your passwords might not be as strong as you think. Adding a couple numbers to the name of your first pet won’t take long for the hackers to crack. Try using passphrases that would be easy to remember but difficult to guess. Better yet, we recommend the use of a password manager that can randomly generate a strong and unique password for you and securely store it in an encoded vault. 

To add an extra layer to the security of your credentials, we strongly recommend you enable multi-factor authentication (MFA) wherever possible.  

It’s critical to back up your data in case there is a situation where you lose your data such as in a ransomware attack. In a ransomware attack your data is stolen and encrypted and in some cases, you may never get it back. If you have copies of your data stored elsewhere, whether that be through a hardware, software or cloud solution, then the damage to your business for lost data will be minimized.

This may seem obvious, but many people aren’t sure what is or is not a secure place to store data. For example, confidential information should not be stored on a device without a firewall or antivirus and anti-malware software nor should it be stored under an account with weak login credentials. If you use tools like SharePoint or OneDrive then storing them here and sharing links to them is a much more secure method to store and share files. 

Firewalls prevent the incoming of malicious or unnecessary traffic to your devices. By preventing access to your device from outside sources, it significantly lowers the risk of your device being tapped into. Firewalls should be enabled on devices both at home and at work. It’s likely your networks at home don’t have near the amount of security in place as the networks at work therefore, you will need the extra protection while out of the office. 

 Any kind of confidential data being accessed by users with privileged access should be monitored. By monitoring the data, you will be able to see where it has gone, who had access to it, and what kind of alterations (if any) had been done to the data. You should also be using the principle of least privilege in which users only have access to as little data as needed in order to sufficiently do their work. Access from third-party users to any kind of data in any case should also be closely monitored for the same security reasons.  

Having employees work from home means that the attack surface will grow. Hackers are going after remote devices as they often contain gaps in security so it’s critical that you make sure these endpoints are secured. 

The internet of things encompasses devices that connect to the internet from anything like speakers to smart watches to security cameras. These devices typically lack in security so they require extra effort to ensure hackers can’t use them as a door to get around your firewalls and into your network.  

Be wary of emails sent outside of your organization, especially ones that come from suspicious looking emails. If you are opening an email that seems out of the ordinary, avoid clicking on anything within the email as it could take you to a malicious site or download a malware-ridden file onto your device. Email is the number 1 attack vector for common threats like ransomware because it is relatively easy to trick people. Always be on high alert.

Check out this post for tips on how to tell if an email or text is a phishing scam: https://lighthouseintegrations.com/phishing-scams/

When surfing the web, be sure to only visit websites that have “HTTPS” at the beginning of the URL. HTTPS is HTTP with encryption meaning that it is much more difficult to be intercepted by third-parties therefore, it is safer to use than websites with just HTTP. Most modern web browsers will alert you when you are trying to access an HTTP site but don’t count on this alone. 

Public networks have weak security and are notoriously unsafe to connect to. Hackers target these networks because there are many different devices of varying security levels to crack into. If one device is infected, it’s likely the hackers will be able to gain access to a whole bunch of other devices connected to the same network including yours. If you do need to access a public network, make sure your firewall is turned on, your security software is up to date and use a VPN whenever possible. 

Similar to implementing cyber awareness training sessions, we also advise maintaining a security-first work culture and with this, people-centric security. People-centric security means that the people of a business are trusted to handle business safely and securely and that they understand they are responsible for upholding such security. A security-first work culture may look like hanging posters around the office, encouraging security related discussion, or even sending out monthly security reminders. Keeping security a top priority in the workplace encourages users to practice safe surfing and reminds them that every action they make (or don’t make) should be in the best interest for the security of the organization. 

There really is no such thing as being secure enough in today’s digital world so it’s time to lose that mentality. Any business no matter the size, big or small, is susceptible to being hacked. Just think, even the biggest companies like Volkswagen and Facebook, who spend millions on their cybersecurity, have been hacked. Small businesses may have a lower payout for the hackers but it takes less effort and is easy money. 

When done correctly, your security infrastructure should not be complicated. Just because you have hundreds of security tools in place doesn’t necessarily mean you’re that much more secure. Many tools out there do a lot of the same things so you might be spending extra time and money keeping them up and running when you don’t need to. These tools also don’t always communicate with each other and can cause data jams or other inefficiencies.