Even though some of us prefer the combined word “cybersecurity” instead (my blog, my rules!), today begins National Cyber Security Awareness Month (NCSAM). Believe it or not, the Department of Homeland Security and the National Cyber Security Alliance launched National Cyber Security Awareness Month all the way back in 2004 as a broad effort to help Americans stay safe and secure online. With that in mind, let’s touch on a few important cybersecurity tips to keep in mind this month and all year round as well!
Cybersecurity awareness is more important than ever, given all of the additional challenges facing organizations today because of additional remote work forced by the COVID-19 pandemic. The total number of global ransomware reports alone increased by over 715 percent over the first six months of this year compared to the same period last year! Scary times, well before Halloween hits at the end of the month! So, here are ten tips to keep in mind for better cyber health, feel free to suggest others in the comments!
- Keep Your Software Apps and Operating Systems Updated: While software patches may be annoying, malware that takes advantage of security flaws in older versions of software are worse. This goes double for any anti-virus software you use, as hackers are always working to get ahead of software designed to foil malware.
- Don’t Use the Same Password Again and Again: Sure, it’s difficult to keep up with a lot of different passwords, but there are password manager programs that can help you keep track. Using the same password repeatedly is like a “house of cards” – once it’s breached, the entire structure of your online life can be unraveled quickly.
- Avoid Public WiFi as Much as Possible: Sure, they’re offered everywhere, but different WiFi networks have different levels of security. Only connect to private networks (such as the Hotspot on your mobile device) when possible, especially when handling sensitive information.
- Forward Suspicious Emails to Your IT Department: When in doubt, whip it out! – to your IT department, that is. ;o) They have a protocol for how to send them suspicious emails and can help you determine whether that email is phishing or not.
- Keep the Sensitive Browsing on Known Equipment: Resist the temptation to check your bank account or credit card balance while waiting in a public place for goods or services; instead, save that for your own devices. This is a lot less of an issue these days as companies aren’t making public computers available as much because of COVID concerns, but that may someday not be the case (I’m an optimist).
- Back Up Your Data Regularly: As noted above, a lot of companies have been burned by ransomware, especially recently. Frequent and regular backups are protection against a lengthy shut down of your business if you’re hit.
- Identify External Emails: If your organization doesn’t already tag all emails from outside the domain as “External Email”, they should do so before the sun goes down today! Spoofing emails are common and they can look very convincing as though they are from somebody in your organization.
- When Somebody Asks You to Get Money, Follow Up with Them Directly: Many organizations have been hit by the wire transfer email that comes from “the boss”. If someone asks you for money, confirm via other means (phone call, text, separate email, not a reply, to their direct email address) that they requested it.
- Use Multi-Factor Authentication Wherever Possible: If an application or operating system offers two-factor or multi-factor authentication (2FA or MFA), take advantage of it! If someone gets your password, they also have to get your device to authenticate the login attempt or the password is useless.
- Think Before You Click: Finally, be cautious! If you’re about to click on a link or attachment, make sure you feel confident that it is what you think it is. Sometimes, links can be disguised as coming from a reputable organization and attachments can look innocent enough. If in doubt, whip it out (to IT)! Couldn’t resist using that line twice!
Also, just a reminder that on Wednesday, October 7th, ACEDS will conduct the webinar “Zooming” into 2021 with Audio/Video Discovery, sponsored by Nexidia at 1pm ET (noon CT, 10am PT). In this presentation, join Brett Burney, Principal of Burney Consultants LLC, Ashley Griggs, Director of Legal Markets at Nexidia and me to learn how to address the trends and challenges of audio/video discovery in 2021 and beyond!
So, what do you think? Can you think of any other cybersecurity tips or best practices? Please share any comments you might have or if you’d like to know more about a particular topic.
Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by my employer, my partners or my clients. eDiscovery Today is made available solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Today should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.