2019, was yet another year where massive amounts of data were breached, scams never went away, and companies from small to major international players felt the cybersecurity heat.
I could drop, in here, statistics like ransomware went up by 195% in the first half of 2019, with the UK hit hard. Or that in one ransomware attack a company paid out £45 million in recovery costs. But these are just numbers. You don’t feel the real pain until cybercrime comes knocking at your door.
– Engage your staff with scenario-based security awareness training or “In-the-Moment” training.
To keep the cybercrime wolves at bay in 2020, The Defence Works share our view of the best security habits to get into.
Let the Good Security Habits Roll
This is a non-exhaustive list, building on our 2019, good security habits, but it gives you a flavour of the areas to focus in on when changing bad cybersecurity habits into good ones.
Good Habit 1: Scam Aware!
2019, saw a never-ending conveyor belt of scams, both new and re-run. In 2019, CIFAS described fraud as seeing an “‘inexorable’ rise in the UK”. The Defence Works has been cataloguing weekly reports of scams that have fallen on our shores – and we never run out of scams to report.
Begin with good security habits in 2020, by using a fun and interactive Security Awareness Training package that covers how scams work, how to spot them, and what to do to avoid them. Scams, including Business Email Compromise (BEC) scams, have been costing companies around £9.6 million. It is a wise organisation that takes steps to protect itself from fraudsters.
Good Habit 2: Passwords, Passwords, Password Policies
Although there is much talk of passwordless authentication, such as that from the FIDO Alliance, the fact is, for a while to come at least, passwords are going to be needed.
So, being pragmatically secure about passwords in your organisation, is just sensible. Several areas are a must-do for good security habits to form:
- Check that your personal and business app passwords have not been stolen in a data breach. You can do this using this web app: HaveIBeenPwned. If they have been breached, change them on any account they are used – which I know may be quite a few because…
- Passwords are often reused across several accounts. This is no surprise as the average user has 150 accounts. A good practice to get into is to not reuse passwords. In the office, you can enforce policies on this and promote the use of password managers. At home, you may have to work harder to do this. But it is a must to prevent multiple account compromise from credential stuffing attacks.
- The same goes for sharing passwords. Just don’t.
- And, of course, whilst we depend on the password, try to use robust rules of conduct when creating a password – Security Awareness Training teaches your employees to use password best practice.
Good Habit 3: Multiplying the Protection
Whilst we continue to use passwords, access control can be enhanced using a second-factor or 2FA (sometimes also called MFA for multiple -actor authentication). This is where another ‘factor’ must be entered after you’ve input a successful “first factor”, e.g. a password. The usual type of 2FA is an SMS code or three letters from a memorable word. Not all apps offer this option. If they do, get into the good habit of setting up your second factor. This is important both at home and in the office. Having a second factor in place could stop a phishing or spear phishing attack from stealing login credentials.
Good Habit 4: New Cyber-threats, Fake it Until you Make it?
Like an oncoming train that you just can’t stop, deep fakes are entering our lives and will probably be used increasingly for cybercrime, not just fake news.
Be vigilant in all that you do online. Verify before trusting videos and audio. Phone calls could also hide a deep fake. In 2019, a BEC attack on a British firm, resulting in the loss of £200K, was possibly the result of a deep faked voice phone call.
Security Awareness Training will bring your employees up to speed on the latest types of scams and cybersecurity threats. Make sure that you take the training you receive home with you too and encourage your family to be vigilant when online.
Good Habit 5: Back it up!
A good habit for 2020, if you are not already doing it, is to back up on a regular basis. However, and there is always a however in cybersecurity; you should use a ransomware-proof backup. Backups can be infected with ransomware too. But there are ways to protect them and avoid the worst of the impact of ransomware – downtime and data loss. To ransomware proof your backups include:
- Maintain a secondary, offline backup, that is regularly updated.
- Use a backup service that is ‘immutable’ that is, it uses several backup points so it can restore data back to before the infection happened.
- Use anti-malware on your backup server.
- Perform backups frequently.
Maintaining Your Cybersecurity Habit in 2020
The Defence Works encourages habit-forming behaviour when it benefits our organizations and ourselves and NOT the cybercriminal. Human behaviour is something that feeds fraud and cybercrime, cybercriminals using social engineering to manipulate that behaviour. Breaking bad habits and forming good ones is the basis of Security Awareness Training. If you do nothing else in 2020 in terms of protecting your organization, use awareness training to create a culture of security. This will cover many of the ways that cyber-threats work. As the Proofpoint report into cybercrime shows, 99% of cyber-attacks require human intervention – changing bad habits into good ones can break this cycle.
Interested in learning more about how security awareness training can help your organisation? Sign up for a free demo of the world’s most interactive security awareness training.