October is Cyber Awareness Month as designed by the Department of Homeland Security. Established in 2004, it was set up with the purpose of raising people’s attention to their internet security. In the years since, cyber threats continued to increase and now it has become an international issue with many different actors across the world threatening businesses and government entities alike.
In 2024, we have seen several large-scale breaches. One of the biggest was the NPD data hack. Revealed in August, the database had over 2.9 billion records compromised, with social security numbers being the most valuable compromised. The lawsuit that followed revealed that there were attempts dating to December with penetration happening in April. Compounding it was that someone had inadvertently left their credentials in public view. This breach shows two things that are apparent. One is that everyone, even those supposedly protecting your data is at risk from a cyber-attack. Two, the attacks are getting bigger and more complex.
In the wake of such uncertainty regarding cybersecurity, here are some simple tips that can mitigate your risk of a cyber breach or limit the damage.
- Change your passwords frequently: Perhaps the simplest is to establish a routine to change your passwords every so often, typically 60-90 days. Having a minimum password length is also key as studies have shown that the longer and more complex the password, the harder it is to crack. (1)
- Multifactor Authentication: Multifactored Authentication or MFA is the concept of using a two-step or more process to get into sensitive data on your server. Using a phone or a device that’s independent of your servers, you can confirm with a code or a button push that it was who entered the system legally
- Lockdown your sensitive data: Your company has a lot of data and therefore a lot of hands figuratively handle it. With regards to sensitive data, only allowing certain people access to data like financial and employee records will limit who can be compromised in the event of an attack
- Double check the emails you receive: Perhaps the simplest hacking attempts you might run into regularly are the phishing attempts. These attacks troll your social media and other public facing information. Then they send an email with fake links and pdfs asking you click on them. Among the signs to look for:
- Email domains being different
- Capitalization in the wrong spots
- More formal address
- PDF files
- Check with the sender: Often times you get tricked because the sender is someone you know. By checking with the supposed sender you can find out if it is a legitimate message. Many companies have disclaimers that they wouldn’t ask for certain information because of this easy way to trick people
- Establish a protocol in case of a breach: It’s a matter of when not if you get breached. Having a plan of attack when this happens and assessing your employees’ reactions is a great way to prepare them for this
Cyber hacks are becoming more complex and more expensive. But by practicing diligence you can prevent most of the damage a breach can cause before it gets worse.