Your Cyber Hygiene & Security Checklist

Here at ITFIRM.COM, we never shut up about cybersecurity. We can’t afford to. If the cybercriminals are looking for (and finding) new, innovative ways to rob you, we have to find new ways to stop them. It’s a never-ending game of cyber ‘Whack-a-Mole.’

Business is all about digital connectivity these days. With the massive amount of business conducted through cyberspace, underestimating the importance of cybersecurity is a fatal flaw. The threat matrix advances every bit as fast as technology, if not faster.

It’s sad but true that our own actions (or lack thereof) are often what leaves us most at risk of a cyberattack or online scam. Risky behaviors include weak passwords, lax security policies, and the false security of thinking “It won’t happen to me. We’re too small.” That thinking is exactly why human error is the cause of approximately 88% of data breaches.

The risk management platform CybSafe is working together with the National Cybersecurity Alliance (NCA) to correct poor cyber hygiene. Each year, the duo publishes a report on cybersecurity attitudes and behaviors, with the goal of educating both consumers and businesses on how to better secure their digital landscapes.

The 2024 survey asked about several things, including knowledge of security risks, security best practices, and challenges faced. Some truly some eye-opening insights are revealed in the report, including how people perceive and respond to cyber threats as well as what they can do to improve their overall security posture.

Everybody is Online

It should come as no surprise that a whopping majority of the study participants are online every day. As a result, the rate at which we create logins continues to expand, as well as those considered ‘sensitive.’ Sensitive accounts hold personal information that could be harmful if stolen.

Nearly half of the study’s respondents reported having ten or more sensitive online accounts, which amplifies the risk, especially if people are using the same password for two or more of those accounts.

The Frustrations of Online Security

Online security is a priority to the vast majority of people, but more than a third feel frustrated, and nearly the same number feel intimidated. While it may occasionally feel like you just can’t get ahead of the hackers, a little more than half of the people surveyed thought digital security was under their control. BUT: that still leaves a whole lot of folks that don’t think so.

That is no reason to let down your defenses and become an easy target. There are best practices you can put in place to safeguard your online accounts that work, including:

Enable MFA (Multi-Factor Authentication) on your accounts

Use an email spam filter to catch phishing emails

Add a DNS filter to block malicious websites

Always use strong password best practices

Provide Security Awareness Training for your Staff

As stated, the huge majority of data breaches involve user error, so the absolute BEST way to reduce human errors associated with through ongoing Security Awareness Training, yet the survey found that just about a quarter of respondents had access to this critical training.

In the report. access was also broken down by employment status. Those not actively employed are most lacking. Which is not to say that those employed can use more training access and encouragement. A little over half the respondents reported having access to security awareness training - and taking advantage of it.

Security Awareness Training is the single most way employers can significantly reduce their risk of falling victim to a data breach. Business owners and managers need to not only beef it up but make it mandatory.

The Constant Increase of Cybercrime

Year in, year out, cybercrime increases – not just in occurrence, but in the severity of damage. Over a quarter of survey participants said they had been a victim of cybercrime.

The most common types of cybercrimes reported include:

Phishing (almost half)

Online dating scams (over a quarter)

Identity theft (over a quarter)

Millennials reported the most cybercrime incidents of all the generations. With younger generations tending to be more tech-savvy, it may seem to defy logic that Baby Boomers and the Silent Generation reported the fewest.

How to Reduce Your Risk Online

1: Create Strong, Unique Passwords:

This is the most basic, and most overlooked factor. Start with the basics of creating strong, unique passwords for each online account.

How to Create Strong Passwords:
It takes time to come up with strong, complex passwords, but a good password manager will usually have a built-in password generator. They create strong, complex passwords that are difficult to crack and save them for you. When sharing passwords with employees, employers can use these generated passwords. They ensure that employees are using strong, unique passwords for each account.

By employing this tool, you can preclude the widespread practice of using weak passwords, or the 2^nd deadly password sin: reusing passwords across many accounts. This feature mitigates the risk of security breaches.

In the final analysis, do you want to follow the dangerous path of using the world’s most common password, ‘123456’ - which can be cracked in Less Than a Second – or do you want to use something like ‘ImMLw0&23o&i5Mc’ – which PasswordMonster estimates would take 9 trillion years to crack. Trust me, cybercriminals don’t have that much patience.

2: Multi-Factor Authentication (MFA):

Multi-Factor Authentication gives your account security a huge boost by adding an extra barrier to unauthorized access, even if you have weak or compromised passwords.

3: Updates your Software Regularly:

Keep all your software, including operating systems and mobile apps, up to date with the most security patches. This is critical.

4: Learn to Identify and Avoid Phishing Attacks:

Always exercise caution when clicking on links or opening attachments, especially in emails from unknown sources.

Before you click, verify the legitimacy of emails and websites. Check for subtle signs, such as misspelled URLs or email addresses, unfamiliar sender addresses, or strange behavior from ‘trusted’ sources. Know what suffixes are correct. Anything coming from the government, like the IRS or the Social Security Administration will ONLY end with ‘.gov/’ – nothing else A popular ploy is to end the phishing address with ‘.us.’

5: Do NOT use Unsecured Wi-Fi Networks:

EVER. You and your employees should only connect to secure and password-protected Wi-Fi networks.

Avoid using public Wi-Fi for sensitive transactions, but if you must, then protect yourself by using a Virtual Private Network (VPN), which will encrypt your communications.

6: Backup, Backup, BACKUP!:

To be blunt, anyone who fails to do this is a fool who’s just waiting for the day when their business implodes. Regularly back up important data to an external device or a secure cloud service.

7: Use Antivirus and Anti-Malware Software:

You should already have these in place, but if not, immediately install reputable antivirus (AV) and anti-malware software on all devices and perform regular scans of your systems for potential threats.

8: Exercise Caution with Social Media Settings:

The weaknesses that abound in social media are sought out and highly valued by cybercrooks. Review and adjust your privacy settings on social media platforms.

Limit the amount of personal information visible to the public to the bare essentials.

9: Protect your Personal Devices:

Always lock your devices with strong passwords or biometric authentication.

10: Be Informed and Educated:

Ongoing Security Awareness Training will keep yourself and your team educated and informed about new threats. This goes a long way in fostering a culture of vigilance and preparedness.