Cybersecurity Strategies

Featured Article Featured Article

CybersecurityStrategies

Tips to Protect Yourself, Your Business and Your Employees

By Assemblymember Jacqui Irwin

Cybersecurity has been a hot topic in the news lately, with breaches of large companies a familiar headline. But the size of a business is not what makes it a target; every type of business falls victim to data breaches. From doctors offices to advertising firms to small retailers everyone is a target for hackers. This is because most breaches are the result of indiscriminate scanning for vulnerable networks; if the hacker can get in they will look around, regardless if you have one piece of sensitive information or thousands.

As the Chair of the Assembly Select Committee on Cybersecurity, I’m often asked about the best tips and strategies to protect the data of individuals and businesses. Below you will find five suggestions I recommend to be proactive in the protection of yourself, your business, and your employees:

1) Train your employees on how to avoid phishing emails.

Phishing is the use of an e-mail, usually made to look official or from a trusted person that asks you to open an attachment, click a link, or asks for personal information like

a username and password. By using social engineering, the practice of manipulating people using personal information or relationships, these e-mails trick the recipient into giving more information or access to the sender. Your employee’s first reaction to any suspicious or unexpected email should be to first delete it, and then call the sender to verify the authenticity. A deleted message can always be resent if the message was legitimate. For more routine messages between your staff that requires a link or an attachment utilize a secret keyword (e.g. “Stagecoach” or “Channel Islands”) that will be harder for a hacker to replicate in fraudulent e-mail.

Having your employees, especially those with access to your financial accounts, understand and avoid phishing e-mails is critical. Business e-mail compromise (BEC) is a favored tool of organized crime that uses phishing e-mails to convince employees to transfer funds under the guise it is for a legitimate business transaction. According to the FBI it has resulted in over $3 billion in stolen funds from businesses, big and small. Ensuring that your business practices include verification by phone or in-person for large transactions will help prevent these types of losses.

Many e-mail service providers include prevention of phishing in their security offerings, often within their spam filtering options. Take the time to investigate if your e-mail service provider has additional options to turn on, or if there are competitors who can provide more protection.

10 | ConejoView SUMMER 2018

2) Use two-factor authentication for every account that offers it.

Two factor authentication is a log-in process that requires the user to use two types of credentials; something you know (such as a password), something you have (such as a cell phone), or something you are (such as your fingerprint). The most common two factor authentication is a password and an additional security code sent to a separate device. It is most often triggered when you use a new device or are at an unusual location. Two factor authentication will stop fraudulent attempts to guess your password. These services also notify you to check your accounts and change your passwords if there are unsuccessful authentications.

3) Update your software.

Did you know that the Equifax data breach happened because of a failure to update software? In fact, Equifax had received a notice letting them know that they should download a security patch or they would be at risk of being hacked. It’s very important that businesses and individuals take the proper steps to continuously update their software, including on your smartphone. These simple five minute updates can save you a ton of time and money in the future.

4) Use unique passwords and keep them secure in a password keeper.

The era of using basic passwords as well as protecting all of your accounts with the same password is long over. Using the same password for all of your accounts is setting yourself and your business up for catastrophe. With data breaches happening everyday, it is only a matter of time before one of your passwords is hacked. One compromised account is hard enough to fix, imagine if all your accounts were taken over simultaneously. Several reports indicate that passwords need to be at least twelve characters in length and should be a mix of letters, numbers, and symbols. You can use a password generator to help craft unique passwords. If you have multiple accounts, these passwords will be difficult to remember, so it’s recommended that you use a password keeper to protect all your passwords.

Password keepers are an encrypted virtual vault that can keep the passwords to all of your accounts secure. With a password keeper you only need to remember your “master password” that tells the keeper to fill-in your other more complicated passwords.

5) Avoid using public WiFi.

Hackers will often set up fraudulent open WiFi networks and name them something similar to popular public places like “Airport WiFi” in an attempt to lure victims. Connecting your devices to public WiFi services gives hackers access to your information, including the information you send and receive. If you own a retail business, it is also worth periodically checking to make sure there are not any fraudulent networks making your customers believe your business is providing them secure internet access. To prevent your phone from using public WiFi make sure that your device’s settings do not automatically connect to unknown WiFi networks like iPhones or Androids are set by default to do. If you have to use public WiFi while traveling, research VPN (Virtual Private Networks) services that can help mask your identity and the data you transmit.

I hope these tips will help you to begin to contemplate cybersecurity for your business and personal life. As always, feel free to reach out to my Assembly office for more information on this or any other state issues 805-482-1904.

ASSEMBLYMEMBER

Jacqui Irwin

DISTRICT 44

ConejoView SUMMER 2018 | 11