Cybersecurity Resolutions for 2019
By: Frank J. Gillman and Sean B. Hoar
A new year is upon us, which means people across the world will resolve to exercise more, eat healthier, eliminate financial debt and, most importantly, enhance their cybersecurity over the coming year. Good luck to all in their annual quest!
More than the typical New Year’s resolutions, improving your individual and corporate cybersecurity defenses can be easier to achieve and sustain. With that in mind, here are a few cybersecurity resolutions to add to your new year’s list, and a few tips for achieving them in 2019:
1. Embrace Your Role As A Human Firewall
No matter how much a company invests in cyber defense, its personnel are the best tools to reduce risk. Make sure you are fully aware of your company’s cybersecurity policies and recognize that you are a target of hackers who are continually looking to steal personal information from computer networks. Immediately report any suspicious activity you notice to the appropriate personnel. If you are a corporate executive, or if you work in either the human resources or finance departments, you are at a heightened risk of being targeted because of the information you can access. Make sure to remain extra-vigilant to a potential attack.
2. Use Unique and Complex Passwords
The password you use to access the company network should be different than the one you use for online shopping. The one you use for online shopping should be different than the one you use to access financial services, etc. Each separate password should be a minimum of 12 characters consisting of random letters, numbers, upper and lower case letters, and symbols. The best practice is to change passwords every 90 days. Other than password management software, one of the easiest ways to keep track of complex passwords is to take the grammar and first letters of a phrase and turn it into a password: “I bought oatmeal raisin cookies for my dog, Spot!” becomes a password of “Iborc4md,S!”
3. Deploy Multi-Factor Authentication
Beyond your regular password, the best way to protect your online identity is to use a secondary verification method to confirm it is actually you when you are accessing a company network or social online account. Online services like Google, Microsoft Office 365, and others have features you can activate to use options such as your phone number or one-time passcodes in addition to standard passwords. If your company currently does not use multi-factor authentication software, it is worth researching available products to see how this technology can help limit cyber risk.
4. Make a Data Map (Register)
The European Union (EU) General Data Protection Regulation (GDPR), which affords European residents certain privacy rights, is now law. The California Consumer Privacy Act (CCPA), which grants California citizens comparable rights, takes effect on January 1, 2020. Other states are expected to enact similar laws. Before a company can properly implement a data rights management system that complies with these types of laws, it must first identify where the relevant data resides on its internal network. Creating a data map is the best way to start that analysis. It will also identify how data is processed internally, how it is secured, and how it can be deleted in compliance with internal document retention policies and the various data privacy laws.
5. Update Your Devices
When we are busy, there is nothing worse than seeing an update notification that our machine needs to reboot in order to install critical updates. When we are tweeting or texting, we often repeatedly hit “remind me later” when our smartphone wants us to download the latest OS patch. Keep in mind the machine you are using is often the portal to your entire digital world! Adding security enhancements as quickly as possible helps to ensure your digital information stays private.
6. Review Your Privacy Settings
Speaking of privacy, it is a good idea to annually review the privacy settings of your various online accounts, including those related to social media. Settings and options change all the time as developers add new features. Hackers pay close attention to these changes in order to potentially exploit them for personal gain. You need to be diligent as well. For example, verify what information about you is shared publicly in each application or service that you use and restrict information you do not wish to be viewed by others.
7. Draft an Incident Response Plan
Do not wait until your organization has a cybersecurity event in order to determine how to best respond. Plan ahead to ensure that all the appropriate internal resources are aligned. The incident response planning process will help to identify appropriate internal and external responders, and their roles and responsibilities. It should also involve an assessment of whether the organization has appropriate cyber insurance coverage.
8. Be “Securious”
The digital security landscape shifts almost every day making it difficult for companies to navigate and plan effectively, let alone stay ahead of the curve. Researching and learning as much as you can about potential trends, threats, and defenses helps companies make fully educated decisions.
We regularly provide clients and prospective clients with broad cybersecurity insight about all these topics from our team of professionals. If you haven’t already subscribed to our Digital Insights Blog, you can do so by clicking here.
We wish you good luck with achieving your cybersecurity resolutions as well as a safe and digitally secure new year!