From a security perspective, it’s extremely important to remember that you’re simply a number on the internet; a number that hackers are scanning regularly, just looking for an opportunity. To protect yourself, consider these five basic cybersecurity steps to mitigate your risk and begin understanding what your network looks like to an attacker from the outside.
Know What You Look Like to a Bad Guy
If you’re not sure how to find your external IP, simply Google “what is my IP,” which will provide you many different website options (www.whatismyip.com or www.ipchicken.com are good places to start). However, it goes beyond just knowing your current external IP address.
It’s important to understand what devices you have that directly face the internet, and how vulnerable those devices are currently. Running a quick external port scan of your external IP address(es) is a quick way to understand how your network is communicating with the internet, as well as ask if there’s a reason certain ports are open.
Check out these free, online port scanners (or do your own Google research) to give you more information about how your network is communicating across the internet:
Use a Password Manager
Much has been said about how long and complex passwords should be today, as well as how frequently passwords should be changed. Passwords today – especially for business applications and operating systems – are all about length and avoiding reuse, which is a big challenge for most standard users.
Enter the Password Manager, which is a rare win-win-win in terms of security. When deployed correctly and securely, users can 1) utilize lengthy passwords (20+ characters), 2) without having to remember any of those passwords (except the master password), and 3) the organization can increase password security by a large margin.
Before deploying a password manager, however, it is strongly recommended that you do your own research into the security features and reviews around the vendor and use (cloud-based vs. locally installed) for the application. Some top-rated and secure password managers include:
Back-Up Your Stuff
There’s no good excuse for not having top-notch backups of your critical business data today. Memory has never been cheaper; backups have never been easier and more convenient, and there have never been more options to perform offsite backups.
The 3-2-1 Backup Rule is highly recommended for any organization looking to back up their data:
- Always have 3 copies of your data – 1 production copy and 2 backup copies
- Utilize 2 different types of media when performing backups (cloud, disk, tape, etc.)
- Always keep 1 copy of your data offsite (and ensure that offsite backup is air-gapped)
Here are a handful of quality and affordable cloud-based backup solutions to get started if you don’t currently back up your data (Google Drive, iCloud, and Dropbox can also serve this function):
Turn on Multi-Factor Authentication
One of the best controls to implement for both businesses and individuals is to turn on Multi-Factor Authentication (MFA – sometimes referred to as Two-Factor Authentication or 2FA) wherever possible. Most online applications today, especially those that are widely adopted, standardly offer MFA as an additional layer of security to protect your data. Most MFA offerings utilize the following types of additional authentication:
- SMS-based authentication - a code sent to your phone via text
- Email-based authentication - a code emailed to you
- “Soft-token” authentication - a code or push-notification appears via a smartphone app, like Microsoft Authenticator or PingID
- “Hard-token” authentication - a physical device that either displays a code or can be inserted into a device
While MFA will not and cannot guarantee absolute security, Microsoft recently published a report via its Security blog stating that “MFA can block over 99.9 percent of account compromise attacks.”
View a list of websites that offer MFA/2FA here: https://twofactorauth.org/.
Monitor Your Accounts and Credit
As we continue to trend towards digital-everything, especially our bank accounts, payment options, and purchases, it’s never been more important to pay close attention to your online accounts and credit scores. The great news when it comes to monitoring your online identity is that it’s never been cheaper or easier to do so. Here are a few tools you can use to keep track of your identity without impacting your wallet or credit score:
- Credit Karma – check your credit scores for free, anytime, anywhere
- Mint – monitor all of your financial accounts from one place (also provides credit scores)
- Have I Been Pwned – check if you have an account that has been compromised in a data breach (run by legitimate, well-respected security researcher Troy Hunt)
Additionally, the ability to freeze your credit has gotten much easier recently and is now 100% free. Freeze your credit (don’t forget to freeze your children’s credit as well!) at each Credit Bureau here:
Additional Resources – Just In Case
If you do find yourself in trouble, knowing where to start the response or recovery process is a good idea. Here are some great resources to help you after an incident:
Read our recent blog post Modern Cyberattack's Big Secret: We Are All Targets to learn how many organizations make the mistake of thinking that most cyberattacks are “targeted” attacks against large businesses or high-value targets. In today’s environment, nothing could be further from the truth.
Written by: Jon Waldman
Partner, EVP of IS Consulting
SBS CyberSecurity, LLC
Join our growing community of financial service professionals showing their commitment to strong cybersecurity with a cyber-specific certification through the SBS Institute. Click here to view a full list of certifications.
Hacker Hour webinars are a series of free webinars hosted by SBS CyberSecurity. Unlike paid webinars, Hacker Hours are aimed to meet on a monthly basis to discuss cybersecurity issues and trends in an open format. Attendees are encouraged to join the conversation and get their questions answered. SBS will also offer products and services to help financial institutions with these specific issues.