By DAVE COURBANOU //
’Tis the season to be ready.
The wild west of the web is endlessly expanding, and each year brings new frontiers of technology and technological exploitation. Are you prepared for what’s coming in 2023?
We’re big proponents of employee security-awareness training. There’s no substitute for a human who’s actively paying attention. If your company doesn’t deploy some kind of awareness training – at least once a year, though we recommend quarterly – all of your best-laid plans and security features can go to waste.
Phishing is no joke. It’s still around because it works, and hackers still reel in plenty of victims. The Federal Bureau of Investigation’s 2021 Internet Crime Report, produced by the bureau’s Internet Crime Complaint Center, estimated $2 billion in phishing-related losses last year, a staggering amount that rises annually.
Dave Courbanou: People person.
As does the victim count: From 2020 to 2021, phishing casualties increased from 241,342 to 323,972, according to the report. It’s a safe bet the numbers will continue rising this year.
Password protection is also important. Most people don’t change their passwords, and those who do usually try a variation on a theme.
The best defense against a bad password is multi-factor authentication. It’s easy enough to turn on using Microsoft 365 and G-Suite, and apps like Microsoft Authenticator and Google Authenticator make it even simpler. Even if a hacker has your password, the extra factor – which only you have – will prevent access.
Be careful, however: New phishing scams attempt to trick you into revealing that second factor to hackers. Never give your MFA code to anyone, for any reason – the only person who needs it, ever, is you.
Keeping up with server updates is essential. Security patches and updates roll out fast these days, and even just a few months of unpatched software could leave you open to attack.
Make sure you schedule regular maintenance updates for all your equipment, from the firewall to the lowly wireless access point and every server and workstation in between. Monthly maintenance is our recommendation, though firewalls can receive security updates on a daily – even hourly – basis. Make updates an active priority.
Of course, backup is always important. Whether you employ remote backup servers, on-site external hard drives, tape backups or some combination of these, make sure you have multiple copies of your data.
And make sure it’s on multiple mediums. Remember, ransomware can invade entire systems without detection, and backup systems connected to your network face the same ransomware risk as the network itself. If your backup server is encrypted, your data could be lost for good – or you could roll the dice and try paying the ransom, which we do not recommend.
The new year will definitely bring new cyber threats. Remember, cybersecurity isn’t just about technology, it’s also about the people.
David Courbanou is information technology administrator of Intelligent CloudCare, a subsidiary of Hauppauge-based Intelligent Product Solutions, and the head of CloudCare University.
