Cyber Security 101

We all know someone who has fallen victim to a phishing attack or scam, either personally or in a business capacity. The purpose of these attacks ranges from password theft through to ransomware and the crippling of business functionality, but the impact is always long-term harm to the reputation of a business or person. This raises the question, ‘what can be done to protect ourselves and our businesses?’

The key thing to keep in mind is that security must be implemented in a layered approach. Each layer of protection is like a puzzle piece – on its own it does little, but combined with others in the correct way, it contributes to a comprehensive suite that ensures you and your business are protected.

One of the simplest puzzle pieces is increasingly robust password requirements. While I know that will draw a groan from almost everyone that reads it, passwords remain the first line of defence in a world of ever-growing cyber-attacks. According to a report by LastPass, more than 80% of confirmed breaches were due to weak or reused passwords.

Creating a unique passphrase (a password with 14 or more characters) is one of the best steps you can take to ensure you do not become just another statistic.

Another great step is to enable Multi-Factor Authentication (MFA). With password theft on the rise (over 24 billion passwords in 2022), a strong passphrase alone is not enough.

The three factors of authentication are: something you know (password or PIN), something you have (cellphone or security token), and something you are (finger or face). Common MFA measures combine a secure passphrase and an app on your cellphone (such as Microsoft Authenticator or Google Authenticator). This means that even if one factor is compromised, your account remains secure.

Another piece of the puzzle is automated security systems. Endpoint Detection & Response (EDR) systems are replacing legacy Antivirus (AV) software. EDR systems use real time analysis and automatic responses with constantly evolving algorithms to detect and respond to threats, as opposed to AV software which uses static rules to recognize and detain already known threats.

Firewalls protect your network by managing outbound traffic and preventing access to malicious websites while also scanning inbound traffic and blocking malicious attacks before they even reach your computer.

Software updates too are extremely important. Companies like Microsoft, Google, Apple, and other tech giants are continuously working to identify vulnerabilities in their software and to patch them before they can be exploited. By ensuring your software is regularly updated, you can take advantage of their efforts.
The final and most important piece to complete the puzzle is user training and knowledge. The weakest point in any automated security suite is the human component, while at the same time being the largest and most crucial.

Over 53% of all cyber-attacks are due to a lack of vigilance by users. If you can consistently recognise an email, SMS message or phone call that is potentially malicious, you have already halved the potential number of breaches! The best approach is scepticism: trust nothing, verify everything. And remain vigilant – your personal life is not separated from your work life when it comes to cyber-attacks.

If you are uncertain about an email or SMS, please reach out to a friend, colleague or IT Admin before clicking anything! I promise you, the time taken to verify is a lot less than the time it takes to recover from a security breach.