During the runup to the Russian invasion of Ukraine, numerous foreign policy experts speculated on the moves Russia would make and the US responses to those moves.
One strong speculation was that, if the US would impose sanctions on Russia, one of the responses could be cyberattacks by the Russian government or private hackers.
Now that war is actually being waged between the two countries, the threat of cyberattack may seem trivial. When it’s your organization that’s attacked, though, it really is nothing trivial to deal with.
So, this is a good time to review some basic ways to keep yourself and your family cybersafe.
CISA, the Cybersecurity and Infrastructure Security Agency, is the group that leads the national effort to understand, manage, and reduce risk to our cyber and physical infrastructure. CISA suggests four basic steps.
Turn on MFA
You’re probably telling users to change their passwords frequently (and make them strong; see below) in order to keep hackers from accessing their accounts, but that may not be enough. Multi-Factor Authentication adds a second step for confirming a user’s identity. As CISA says, “Prove it’s you with two … two steps, that is.”
The second step after a user enters their password can take many forms. It can be a challenge question that the user has previously provided the answer for, a PIN number, or a one-time security code sent to the user’s cell phone or email.
All of these options make it harder for a hacker to access your systems.
Update your software
Updating software across the enterprise can be a pain even if your IT department is fully staffed. Keeping up with patches can be a full-time job by itself. Keeping up with Microsoft Windows updates, for example, means keeping alert for “Patch Tuesday” on the second Tuesday of each month when updates and patches are released.
But it’s vitally important for cybersecurity. It’s so important that CISA recommends setting your software to automatically apply updates when that option is available.
Think before you click
CISA says, “If it’s a link you don’t recognize, trust your instincts and think before you click. We all need to Phight the Phish! “
We agree. That’s why LRS IT Solutions promotes Cybersecurity Awareness Month every October, but making users aware of phishing and spoofing attacks really needs to be a year-round priority.
Use strong passwords
According to CISA, the most common password is “password” followed by “123456.”
As the agency says, picking a password that is easy is like locking your door but hanging the key on the doorknob. Anyone can get in.
Here are CISA’s tips for creating a stronger password. Make sure it’s:
- long – at least 15 characters,
- unique – never used anywhere else,
- and randomly generated – usually by a computer or password manager. They’re better than humans at being random.
And, of course, don’t use the same password on all of your online accounts.
Those are just the four most basic ways to keep yourself and your organization cybersafe. To learn more, contact us for a free consultation.