By Blaise Wabo
A recent study has shown that the average size of a data breach has increased 1.8 percent to more than 24,000 records since 2016. It is now more important than ever to implement preventative measures to help mitigate the risk of cyber attacks and train employees on cybersecurity best practices.
The weakest link is often not the technology itself, but the users who can unknowingly cause a security incident through events such as opening a phishing email or allowing a visitor on-site without checking their access. Due to these risks, organizations must invest in their employees by teaching them how to prepare for, prevent and respond to these risks as they arise. Here are seven tips for enhancing and educating your employees on cybersecurity awareness.
1. Education from the Top Down
This is number one for a reason. Individuals in management may think that because they have an incredible IT Security Director at the helm, their duties regarding risk mitigation are fully out of their hands. However, ensuring that management and employees fully understand the potential cybersecurity risks innate to your organization is important in preventing attacks.
The development of policies and procedures on how to prevent data breaches is essential, and educating employees both new and old on these policies and procedures is critical. Because the cybersecurity landscape is constantly changing, regularly educating management and employees on updated cybersecurity policies and procedures is important in mitigating risk. In addition, your organization should inform employees on new scams or potential new risks as they arise—for example, new phishing scams or websites with potential vulnerabilities.
2. Social Engineering and Phishing Scams
Typically, there are a few details that can indicate that an email or website may not be coming from a legitimate source. These tells include poor spelling and grammar, abnormal sender, and unfamiliar URLs. Also, abnormal requests such as an unanticipated account verification can also indicate that an email is part of a phishing scam. Verify the source before making a click.
3. Change Your Passwords Periodically
Do you use the same password across all of your accounts and devices? In the event your account is compromised, utilizing the same password across platforms makes it easy for hackers to access your information. Additionally, not changing password defaults immediately is a serious vulnerability that can compromise your system if not changed, as they tend to be the same across all systems and accounts. This lack of oversight can damage the security of a system.
New rules for creating passwords were announced by the National Institute for Standards and Technology (NIST), which include having a password between 8-64 characters long, and using longer phrases that are easier to remember. Furthermore, you can implement two-factor authentication. This will provide a secondary form of authentication outside of your typical password, which will strengthen your security.
4. Verify Sites
Before conducting any activity on a site, users need to make sure that the site is secure. You can check to see if the site is using a secure certificate and employing SSL (Secure Socket Layer) to secure your data in transit. This can often be done by looking at the address bar in your internet browser. Google Chrome users can often see a little lock that will show whether a site is using SSL by displaying a green lock to the left of the web address. Look for the lock!
5. Disable Automatic Wi-Fi and Bluetooth Connection
When you are in public, your phone and computer can automatically connect to an unsecured WiFi or mobile hotspot. In addition, it might connect to other devices through your Bluetooth capability. Be sure to disable this auto-connection feature on your phone to ensure you are safeguarding your personal information and to keep hackers at bay.
6. Always Secure Your Devices
Your device, whether it’s your computer, tablet, or phone, contains valuable, sensitive information. It’s important to always lock your device when you are away from it, to prevent hackers from having access. Additionally, implementing two-factor authentication (as noted in tip three) will increase the security of your devices when you are away.
7. Be Conscientious about What You Are Sharing
This might be an obvious one, but people tend to share sensitive information without realizing it. A hacker can use information like your birthday, address, where you work, and even pictures of your family to compromise your account. Consequently, the more information a hacker has on you, the easier it is for them to steal your identity.
Making Sense of the Information Security Tips
Managing cyber-risk is a multi-faceted, organization wide effort that requires implementation at the top levels down. With these seven information security tips in mind, you can protect your personal information and identity to prevent a data breach from occurring in your organization. For more information regarding cybersecurity and data protection, review The Ultimate Cyber Defense Guide to educate employees on the data breach landscape and cybersecurity best practices.
Blaise Wabo is a managing consultant at A-LIGN, which focuses on performing SSAE 16, SOC 2 and ALTA Best Practices certifications in the title insurance and settlement industry. He can be reached at firstname.lastname@example.org or 888-702-5446 x129
Copyright © 2004-2018 American Land Title Association. All rights reserved.
This article has been used and reprinted with the permission of The American Land Title Association. The material is for general information purposes only and is not to be relied upon or used for any particular purpose. Title Industry Assurance Company, RRG and The American Land Title Association shall not be held responsible in any way for, and specifically disclaims any liability arising out of or in any way connected to, reliance on or use of any of the information contained or referenced in this article. The information contained or referenced in this article is not intended to constitute and should not be considered legal or professional advice, nor shall it serve as a substitute for the recipient obtaining such advice.