With the door firmly closed on 2020, it’s important we look ahead and make Cyber Security New Year’s resolutions that will increase our cyber resilience, reduce risk and protect us from the type of threats that have dominated the last 12 months.
Cybercrime flourished during the pandemic as opportunistic cybercriminals took advantage of remote workforces, launched mass phishing campaigns, tested new ransomware variants and exploited weaknesses in critical supply chains.
Organisations had to adapt rapidly to this evolving situation and quickly implement new systems and procedures to protect their staff from the onslaught of attacks. Cyber Security became a key priority and continues to remain of the utmost importance as we enter a new year where the majority of workforces are still working remotely.
Employees remain vulnerable to attack and must look at ways of improving their security behaviours to help prevent the types of cyber attacks that have dominated the headlines in recent months.
By adopting the Cyber Security New Year’s resolutions below, employees can make small changes to their day to day behaviours that will ultimately make a huge difference to the overall security posture of their organisation.
Top 5 Cyber Security New Year’s Resolutions
1. Remain Vigilant Against Phishing Attacks
2020 saw a huge surge in phishing attacks as criminals exploited the fear and chaos caused by the Coronavirus pandemic. Covid-related phishing lures proved to be an extremely effective way to dupe unsuspecting individuals into clicking on malicious links. Google registered over 2.02 million phishing websites in 2020, and in the UK, HMRC detected a 73% rise in email phishing attacks from March to September.
With the world still firmly in the grip of the pandemic, we can expect these types of attacks to continue well into 2021, so it’s vital that employees are on their guard and can recognise all the signs of a coordinated phishing attack.
Whether it’s via email, text or a carefully crafted website, phishing attacks will typically pressurise you into taking immediate action. Other warning signs include threatening or urgent language, requests for personal or financial information, generic greetings, poor grammar, or a mismatched URL.
2. Create Strong Passwords
One of the easiest ways for hackers to gain access to sensitive company data is to guess passwords. 59% of people use the same username and password for all their accounts so if hackers can gain access to one account, they can potentially access them all.
To protect sensitive company data, you should use strong and unique passwords on all your accounts. A strong password should be between 8-15 characters long, a mix of uppercase and lowercase letters and include numbers or symbols. For extra security, a passphrase can be created which is a password composed of a sentence or combination of words. The first letter of each word will form the basis of the password and letters can be substituted with numbers and symbols to make it even more secure.
When choosing a passphrase, avoid the use of:
- Your name in any form or any abbreviations
- The name of close relatives or pets
- Your username
- Birth dates or anniversaries
- Famous quotes
3. Enable Multi-Factor Authentication
Multi-factor authentication provides an extra layer of protection that can significantly reduce the chance of your accounts being hacked.
In addition to a username and password, multi-factor authentication requires two or more forms of authenticating data to confirm your identity. This could be a pin, code, token, or even biometric data such as a fingerprint.
It’s one of the simplest ways to keep sensitive company information private and secure from interception. This could be for logging in, resetting a password, or to provide a stronger authentication process for the protection of sensitive data like personally identifiable or financial information.
As large numbers of employees continue to work remotely, multi-factor authentication can provide a secure way to access company data without compromising corporate networks.
4. Avoid Oversharing on Social Media
Social media sites are proving to be a lucrative hunting ground for cybercriminals as they can find a wealth of information about potential victims before launching an attack. In fact, more than a third of social media users (39%) have experienced fraudulent activity due to oversharing on social media platforms.
Seemingly harmless posts, photos, and details in your profile could open you up to identity fraud, theft, and privacy invasion. By harvesting the information that is available across different social media platforms, attackers can then develop highly targeted attacks that will exploit your trust and establish entry points for future scams.
To stay safe on social media, be selective about what you share online and with whom, provide limited information on social profiles, don’t tag your location, and use enhanced privacy settings.
5. Regularly Update Security Software
It can be tempting to click on the ‘remind me later’ button when a security software update pops up, but you should always install these updates as soon as they become available. New vulnerabilities are discovered all the time and unless patches are applied, hackers can exploit these vulnerabilities to gain access to corporate networks.
A patch is essentially a piece of code that is installed into an existing software program to correct a problem or ‘bug’ as it’s commonly referred to. It’s also used to improve an application’s general stability or to fix a security vulnerability.
Patching is estimated to prevent up to 85% of all cyber attacks so it’s vital you regularly update your software to ensure you are running the most up to date versions released by the manufacturer.
