Every day we hear of massive attacks at large organizations, leading many people to believe they are too small to be targets. NOT TRUE! We are all under attack. 90% of attacks are against firms with less than 1000 employees, 35% of breaches are against firms with less than 100 employees, and 90% of them are caused by human error or carelessness. The good news is that criminals aim at easy targets and there are things we can to make ourselves “harder” targets. Do everything on the list below and you will minimize your risk by being be a HARD target.
1. Backup personal data to the cloud: Carbonite, Mozy, iBackup.
2. Change your passwords, make them strong, keep them private. NEVER use the same password for more than one site. Use Last Pass or another secure password manager.
3. Use 2-Factor/Multi-Factor Authentication (2FA, MFA) wherever possible.
4. Keep your Computer, Anti-Virus, Browsers, Flash & Java up to date. No Win 7, XP, Vista
5. Configure Anti-Virus to scan anything plugged in to your computer.
6. Beware of unsolicited links or attachments. Never open a link or attachment unless you are ABSOLUTELY sure it is safe. Report anything that is suspicious –DO NOT CLICK ON IT!
7. Beware of Pop-ups telling you that you need to call to remove a virus or update/optimize your computer. If you get one, close out of all programs and reboot your computer. NEVER call the number on the screen.
8. NEVER allow anyone to access your computer unless you are absolutely sure they are from your corporate help desk. If you are unsure, call your corporate help desk to confirm that they are who they say they are.
9. Beware of phone scams –”I’m from the Help Desk, Microsoft, the IRS, your bank….” HANG UP the phone immediately. NEVER engage the hacker in any way!
10. Lock your computer when you are leaving it for any period of time.
11. Logoff your computer every night. Leave it on, though, so it can receive updates.
12. Reboot your computer at least once a week.
13. NEVER email Personally Identifiable Information (PII). Use secure encrypted portals to share files containing PII.
14. Never e-mail work products to your personal email account.
15. Never use Flash Drives you “found” or ones given to you. Buy and use brand names.
16. Smartphones: Beware of the apps you use. Delete the ones you don’t use.
17. Smartphones: Use biometrics & strong passwords. Wipe them before discarding them.
18. Never use public USB charging stations-Always use your own charger.
19. Encrypt laptops that have PII or confidential data on them.
20. Only use secure websites (httpS://) when entering any personal or financial information (credit card numbers, Social Security Number, Driver’s License, etc.).
21. Always convert sensitive files to PDF before sending them to strip out metadata.
22. Never use “free” music/video sharing sites. Legitimate streaming sites like Pandora and Spotify are fine, though.
23. Protect and encrypt your wireless networks with passwords..
24. Check your bank accounts daily and credit cards at least monthly for suspicious activity.
25. Freeze your credit reports. It is easy and it is the best protection against identity theft.
26. If you think you have been breached: TURN OFF THE COMPUTER and CALL FOR HELP!