Skip to main content

Resources

Top 5 Ways to Mitigate Your Risk – the Basics

Top 5 Ways to Mitigate Your Risk – the Basics

From a security perspective, it’s extremely important to remember that you’re simply a number on the internet; a number that hackers are scanning regularly, just looking for an opportunity. To protect yourself, consider these five basic cybersecurity steps to mitigate your risk and begin understanding what your network looks like to an attacker from the outside.


Know What You Look Like to a Bad Guy

If you’re not sure how to find your external IP, simply Google “what is my IP,” which will provide you many different website options (www.whatismyip.com or www.ipchicken.com are good places to start). However, it goes beyond just knowing your current external IP address.


It’s important to understand what devices you have that directly face the internet, and how vulnerable those devices are currently. Running a quick external port scan of your external IP address(es) is a quick way to understand how your network is communicating with the internet, as well as ask if there’s a reason certain ports are open.


Check out these free, online port scanners (or do your own Google research) to give you more information about how your network is communicating across the internet:


Use a Password Manager

Much has been said about how long and complex passwords should be today, as well as how frequently passwords should be changed. Passwords today – especially for business applications and operating systems – are all about length and avoiding reuse, which is a big challenge for most standard users.


Enter the Password Manager, which is a rare win-win-win in terms of security. When deployed correctly and securely, users can 1) utilize lengthy passwords (20+ characters), 2) without having to remember any of those passwords (except the master password), and 3) the organization can increase password security by a large margin.


Before deploying a password manager, however, it is strongly recommended that you do your own research into the security features and reviews around the vendor and use (cloud-based vs. locally installed) for the application. Some top-rated and secure password managers include:


Back-Up Your Stuff

There’s no good excuse for not having top-notch backups of your critical business data today. Memory has never been cheaper; backups have never been easier and more convenient, and there have never been more options to perform offsite backups.


The 3-2-1 Backup Rule is highly recommended for any organization looking to back up their data:

  • Always have 3 copies of your data – 1 production copy and 2 backup copies
  • Utilize 2 different types of media when performing backups (cloud, disk, tape, etc.)
  • Always keep 1 copy of your data offsite (and ensure that offsite backup is air-gapped)


3-2-1 Backup Rule

Here are a handful of quality and affordable cloud-based backup solutions to get started if you don’t currently back up your data (Google Drive, iCloud, and Dropbox can also serve this function):


Turn on Multi-Factor Authentication

One of the best controls to implement for both businesses and individuals is to turn on Multi-Factor Authentication (MFA – sometimes referred to as Two-Factor Authentication or 2FA) wherever possible. Most online applications today, especially those that are widely adopted, standardly offer MFA as an additional layer of security to protect your data. Most MFA offerings utilize the following types of additional authentication:

  • SMS-based authentication - a code sent to your phone via text
  • Email-based authentication - a code emailed to you
  • “Soft-token” authentication - a code or push-notification appears via a smartphone app, like Microsoft Authenticator or PingID
  • “Hard-token” authentication - a physical device that either displays a code or can be inserted into a device


While MFA will not and cannot guarantee absolute security, Microsoft recently published a report via its Security blog stating that “MFA can block over 99.9 percent of account compromise attacks.”


View a list of websites that offer MFA/2FA here: https://twofactorauth.org/


Monitor Your Accounts and Credit

As we continue to trend towards digital-everything, especially our bank accounts, payment options, and purchases, it’s never been more important to pay close attention to your online accounts and credit scores. The great news when it comes to monitoring your online identity is that it’s never been cheaper or easier to do so. Here are a few tools you can use to keep track of your identity without impacting your wallet or credit score:

  • Credit Karma – check your credit scores for free, anytime, anywhere
  • Mint – monitor all of your financial accounts from one place (also provides credit scores)
  • Have I Been Pwned – check if you have an account that has been compromised in a data breach (run by legitimate, well-respected security researcher Troy Hunt)


Additionally, the ability to freeze your credit has gotten much easier recently and is now 100% free. Freeze your credit (don’t forget to freeze your children’s credit as well!) at each Credit Bureau here:

 

Additional Resources – Just In Case

If you do find yourself in trouble, knowing where to start the response or recovery process is a good idea. Here are some great resources to help you after an incident:

 

Read our recent blog post Modern Cyberattack's Big Secret: We Are All Targets to learn how many organizations make the mistake of thinking that most cyberattacks are “targeted” attacks against large businesses or high-value targets. In today’s environment, nothing could be further from the truth.

 


Written by: Jon Waldman
Partner, EVP of IS Consulting 
SBS CyberSecurity, LLC


SBS Resources: 

 

Related Certifications:

Join our growing community of financial service professionals showing their commitment to strong cybersecurity with a cyber-specific certification through the SBS Institute. Click here to view a full list of certifications.

Certified Banking Security Manager   Certified Banking Security Technology Professional


Hacker Hour webinars are a series of free webinars hosted by SBS CyberSecurity. Unlike paid webinars, Hacker Hours are aimed to meet on a monthly basis to discuss cybersecurity issues and trends in an open format. Attendees are encouraged to join the conversation and get their questions answered. SBS will also offer products and services to help financial institutions with these specific issues.

Posted: Tuesday, December 17, 2019
Categories: Blog