VOL. 130 | NO. 217 | Friday, November 6, 2015
Cybersecurity Starts With Employees
By Patrick Tamburrino
Cybersecurity has been a hot topic for companies and individuals alike in recent years. Last month, the U.S. Senate passed the Cybersecurity Information Sharing Act, a new bill aimed to protect companies from hackers. The purpose is to allow businesses to communicate with each other and also share information with the government on cyber-criminal intelligence.
The bill has drawn controversy because of its fine line between security and privacy. Regardless of your stance on the issue, it’s testimony that cyberattacks are a growing national concern, and protecting sensitive data is a constant battle for individuals and businesses alike.
Ninety-five percent of all security incidents involve human error, according to IBM. This is a staggering and sobering statistic. Many of these cyber incidents involve an outside attacker gaining access to info that employees unintentionally provide. Still, many companies do not hold cybersecurity as a top priority and are more reactive than proactive in nature.
At the highest level, cybersecurity drills down to ensuring that all of your online information is secure and that your electronic devices are protected against malware. To do your part in keeping your company data safe, follow these best practices in cybersecurity:
• Set security to highest available settings on the highest-priority accounts. ?You can do this by seeing what authentication methods are available. For example, try two-factor authentication (where they text you a code before you can log in with your password), tokens, cookies and setting the password structure to something complicated (characters, upper-case, numbers and special symbols).
• Install and maintain patches. Keep your work and home computers up-to-date with latest patches from Microsoft or Apple as well as antivirus protection.
• Steer clear of public Wi-Fi. The majority of Wi-Fi data traffic is unencrypted. When in a public place, look for “https://” in the address bar before the address of the site (indicates that the session is encrypted and nobody can decrypt/intercept the info) and always connect to your corporate office via Virtual Private Network before transferring files to and from servers.
• Exercise caution on email. Avoid downloading suspicious attachments or clicking on links from unknown email addresses.
• Ask for permission, not forgiveness. Do not download or install any software on your company equipment unless already approved by management and I.T.
• Finally, educate yourself on attacks and threats, safe browsing, software applications and more. While your I.T. staff should be well-versed in cybersecurity trends, it’s a good idea to be aware of what types of issues companies are facing. Visit the United States Computer Emergency Readiness Team website for tips: www.us-cert.gov/ncas/tips.
Patrick Tamburrino is the president of tamburrino inc., an IT strategy, support and management company in Memphis. He can be reached at firstname.lastname@example.org or Facebook.com/TamburrinoInc.