Tip of the Week: 11 Security Best Practices Every User Should Know
- Published byadmin
- June 23, 2017
You might spend a significant amount of time thinking about your business’s security practices, but the same can’t be said for your organization’s employees. Unless you give them a reason to care about security, they likely won’t. The resulting apathy could eventually become serious problems that could hinder operations in the long run, or worse, expose your business to threats that could put your employees and your clients in danger.
In order to keep these instances to a minimum, consult the following cheat sheet. This will give your employees a great way to follow critical best practices.
Essential Cybersecurity Considerations
- Use the company’s network to store files: Always store your organization’s data on an in-house network. This is because any files stored locally on your desktop might not get backed up. Do not use personal cloud accounts, like Google Drive or Dropbox, to save or share company-owned documents.
- Never leave your workstation unlocked and unattended: Always lock your computer using the Windows Key + L shortcut before stepping away from it, even if only for a moment.
- Don’t connect unknown devices to your work PC: This is especially important for small devices like USB drives. You never know what could be on them.
- Don’t download or install applications without approval: If you download an app without permission from IT or a network administrator, you could cause problems for other employees. Always ask for permission before downloading or installing software.
- Don’t respond to unsolicited or suspicious emails: If you receive a message that has an unknown or unfamiliar sender, it could contain malicious ransomware or other nasty threats. Be sure to notify IT immediately so that they can investigate the issue. Be especially cautious around unsolicited proposals or resumes.
- Don’t accept support from unexpected callers: If you receive a phone call from someone claiming to be from Microsoft support (or other well-known companies), just hang up. These callers are often fraudsters hoping to remote into your PC and access company information.
- Adhere to password best practices: Keep your passwords strong and complex at all times, and never use the same password more than once.
- Get approval for mobile devices from your manager: Don’t use your smartphone, tablet, or laptop for work purposes until you’ve been granted approval. This is to keep company data as secure as possible.
- If you see someone, tell someone: If you think that something is out of the ordinary, like an intruder in the workplace, be sure to alert management. Visitors should not be allowed to roam around the office unattended.
- Think twice before clicking: If you’ve received a link in any correspondence, you should avoid clicking on it until you’re sure it’s from a trusted source. Links can often be considered cyber threats, especially those that are in spam messages.
- Report issues as soon as they appear: If you experience something that seems troublesome, report the issue to management immediately. Proactive vigilance is the best way to prevent downtime, and it only serves to make your job easier.
Print this list out and hand it off to any employees who could use training on security best practices.
Keeping the business secure isn’t just your responsibility–everyone should be involved in the process. By following this list of best practices, you stand to protect your business against threats that could harm operations. To learn more about how to secure your business, including external technology solutions that prevent issues from transforming into major problems, reach out to us at (317) 705-0333.
4 Ways a Unified Threat Management Solution Covers Your Company’s Security Needs
- Published byadmin
- June 23, 2017
Your company’s network contains a gold mine of sensitive information that you need to protect at all costs. While it’s absolutely the case that you need to make network security a top priority for your business, thankfully, multiple aspects of your security can be covered easily enough by implementing a single, enterprise-level security solution.
The solution we’re referring to is a Unified Threat Management (UTM) tool. It’s a powerful tool that combines the fundamental security features that every business needs, into one easy-to-manage package. If you’re looking to get a handle on your company’s network security, then consider these four ways that a UTM provides comprehensive protection.
A firewall is the first line of defense for your company’s network, protecting your business from the onslaught of online threats trying to sneak their way in. One can go so far as to compare a UTM firewall to a sort of virtual bouncer for your network that; assesses the threat level of your network’s traffic, garners if it’s a security risk, and then clears for passage only what’s deemed to be safe.
Every good firewall needs an antivirus solution to compliment it. After all, some forms of malware are sneakily engineered to play on a user’s ignorance so as to bypass the firewall. In such a scenario, antivirus software is there to quickly catch and eliminate threats such as viruses, trojans, spyware, ransomware, and more. Given the destructive nature of many of these threats, you’re going to want a powerful antivirus solution in place that prevents such viruses from spreading across your network and wreaking havoc on your systems. Additionally, while there are many kinds of antivirus solutions on the market, businesses will want to take advantage of a centrally located antivirus solution like what comes with a UTM. This way, updates and scans can be done automatically and in one fell swoop, instead of being left up to each individual user.
Having spam in your inbox is totally annoying, and it can also be dangerous. One common way for hackers to spread malware is by attachments found in spam messages. Plus, savvy hackers will employ spam as a phishing tactic to trick users into opening the message and following its instructions which appeal to emotions. Examples include a fake summons to jury duty, a fake package that couldn’t be delivered, a fake resume for a job opening, etc. A quality spam blocker will prevent these messages from hitting employee inboxes in the first place, which greatly reduces the risk of a user being tricked by spam.
Businesses also need a way to protect their networks from the vast amount of online threats that come from visiting dangerous websites. Unfortunately, it’s all too easy for an employee to stumble upon a website that’s designed to harvest credentials or download an attachment designed to infect your network with a virus or even ransomware. With a content filter protecting your network, you’ll be able to block users from accessing suspicious websites in the first place. Additionally, a UTM content filter allows you to block time-wasting websites like social media, YouTube, Netflix, etc., making it a valuable tool that both protects your network and enhances productivity.
In order to be adequately protected, your business needs all four of these security features. A UTM from Catalyst Technology Group conveniently offers your network protection in all of these ways, and more. To equip your network with a UTM security solution that’s customized to fit the needs of your business, call us today at (317) 705-0333.
With Great Power Comes a Greater Security Risk, Study Finds
- Published byadmin
- June 22, 2017
Every user on your network adds an additional level of risk, whether it be risk of user error, making a mistake that causes a data breach, or worse. One would assume that a company’s biggest risk would come from an untrained employee that disregards security policies, but surprisingly, that’s not always the case. Research has shown that a company’s CEO along with the rest of its C-level executives are the greatest security risk.
There are multiple factors that go into this. Take for instance the sheer amount of sensitive data that a CEO has access to. Whereas an average employee may just have access to data pertaining to their job or their department, a CEO generally has carte blanche to access any data they desire.
Then there’s the fact that CEOs typically have a poor work-life balance. This means that they put in way more hours than the average employee. You don’t have to be an expert in risk assessment to understand that a user accessing a company’s network 60, 70, or even 80 hours each week is a far greater risk than a user that only accesses the network 40 hours per week.
Both of these factors contribute to another reason why CEOs make for such a large security risk: the mobile devices they carry. In an effort to always be connected to the office, a CEO’s mobile device may have unfettered access to company records and sensitive information–more so than an average employee’s personal device.
In the case of an employee that has separate mobile devices for their work and personal life (often a luxury that CEOs can’t enjoy), the risk of data leakage or a breach resulting from the device getting lost or stolen goes down dramatically. Alternatively, CEOs aren’t restricted to the office and this mobility increases the risk of being hacked outside the office, especially when it comes to using their mobile devices in venues that offer public Wi-Fi, like coffee shops, cafés, conference centers, airports, etc. Hackers know this and they go to great lengths to make public Wi-Fi hotspots traps for unsuspecting users. This is why CEOs should be wary about accessing public Wi-Fi, and why it’s preferable that CEOs even avoid public Wi-Fi altogether (unless you are using a secure VPN to access all of your data).
A 2017 security report by iPass confirms this risk of cyber-attacks at popular Wi-Fi hotspots. The report ranks the riskiest public venues as follows.
- Coffee shops and cafés, 42 percent.
- Airports, 30 percent.
- Hotels, 16 percent.
- Exhibition centers, 7 percent.
- Airplanes, 4 percent.
How much time do your company’s C-level executives spend doing business from these locations? The more business that’s done using Wi-Fi at these locations, the more of a risk an executive or even a mobile employee is to your organization.
Finally, CEOs are in a category unto themselves when it comes to another risk: CEO whaling scams. This is where scammers spend time researching the lives and motivations of CEOs so they can specifically target them with scams from a variety of sources, including email, phone calls, traditional paper mailings, and whatever other means they can use to get in contact with a CEO. This is an extremely dangerous scam because, unlike traditional scams like spam messages where the same message gets sent to thousands of people (and it’s often easy to recognize that it’s a scam), a CEO whaling correspondence is personalized to play on a CEO’s deepest fears and desires. For the scammers that go after CEOs like this, the effort is worth the time investment, due to the simple fact that CEOs make for such lucrative targets.
So, there you have it. CEOs are one of a company’s biggest security risks. For your business, this means you’ve got to take additional measures to ensure the protection of your C-level executives. Generally speaking, the same security plan and policies that work for the average employee won’t cut it for an executive, which is something you need to take into account when coming up with your company’s security and BYOD policy. Need help protecting your company’s data? Give Catalyst Technology Group a call today at (317) 705-0333.