Remember “it’s not if, it’s when?” And how Cyber-attacks are on the rise? You may have found yourself thinking, well, how do I keep all of this data safe? Is there anything that can be done to avoid some of these potential breaches? How do I get prepared in the event there is a breach?
Having Cyber Liability coverage will help get back on your feet after the incident occurs, but, with anything in life, taking steps to maintain a healthy electronic system is key to avoiding the ‘when’ from happening. Unfortunately, with ever changing technology, your information may never be completely safe, no matter how you are storing it, but there are steps you can take to help minimize your exposures. The suggestions below are some, but not all methods that can increase your data security.
Encrypting your data is one way to avoid having it stolen or ransomed. Encryption is the process of converting information or data into code, especially to prevent unauthorized access. Encryption is one method of protecting your information from someone other than the intended recipient or users. Many email systems offer encryption within the send process. Cloud storage, payment systems and even your entire operating system can be encrypted. Encryption isn’t fool-proof, but it will certainly take a hacker more time to access the information if there is encryption involved. Encryption can be as easy as password protecting a certain file or document, to completely locking down your entire file system. Encryption cannot be effective if your system is already infected with malware, if you leave your system unsecured in open spaces or if you have weak passwords.
Everyone loves to change their password every 90 days, right? And keeping those passwords on a sticky note taped to your computer monitor is A-OK, right? Weak passwords mean that it takes a hacker less or no time to access the data that your password is protecting. Having strong passwords is the least complicated thing a user can do to protect data. Keeping your passwords secure is crucial to maintaining a secure network. Taping your email password to your computer monitor is not keeping it safe. Similarly, having a folder in your system labeled “passwords” is also not recommended.
Microsoft suggests not using any personal information in your passwords, such as your name or birthdate, or basic words spelled in reverse. Additionally, they suggest not using words or sequences that are consecutive or near each other on the keyboard. If your password is 1234, you should plan on changing that.
Many systems also offer a two-step authentication process, in which the user sets up a phone number also linked to an account. After the password is entered, the user is then sent a code via text or SMS message which is then entered to allow access to the secured account. The second step makes it more difficult for the protected information to be accessed.
Antivirus software is a program or set of programs that are designed to prevent, search for, detect, and remove software viruses and malicious software like worms, Trojans, and adware intended to obtain and relay information to an unintended outside source. Having antivirus protection is the immune system for your network. However, like any good immune system, your antivirus cannot be effective if it is not kept up to date. Updating your antivirus will keep the software informed to newly identified attacks and threats. These programs are crucial to the protection of your information, as they serve as the last line of defense should an unauthorized party break into your system.
A firewall is part of the computing system which is designed to block unauthorized access while permitting outward communication. Most people do not even realize that the firewall is there protecting their information until they try to access that unauthorized website to find the latest recipe or read the blog about the new fun thing to do with your dog on the weekends. The firewall works like a security guard for your computer system.
Update Your Systems
Most operating systems require updates to ensure that the system is running free of errors and can communicate properly with other similar systems. Updating your operating system also ensures that you will have the most up to date security features built into the operating system, which is often developed in response to new threats and invasions created by those seeking your confidential information.
Intrusion Detection Systems
An intrusion detection system is a form of network security technology that is used for detecting vulnerability exploits against a target application or computer. It will monitor network traffic and look for suspicious activity and alert users when that activity exists. Similar to any other electronic security or operating system, you must keep the software up to date to monitor for all new and existing threats.
Regular data backups are a way to increase the security of your information. The information that is the backbone of your operation is the most crucial to be frequently backed up. If the information is lost due to an invasion or other type of loss, your backup should be able to replace lost or stolen data. Backing up your data is a key way to protect against malware or ransomware which takes your information hostage seeking payment for its surrender. Once established, saving your backup information to an outside drive, or to the cloud, is a virtually effortless way to ensure that all of your information is put away securely. Having your data taken hostage is agonizing, but knowing you have a backup of the information can make that situation less stressful.
Restrict Information Access
Keeping certain information restricted will make it less vulnerable. Allowing all employees access to all information makes it more accessible for a hacker. The more opportunities to reach the data, the more likely an attack on that data is.
Security Policies And Procedures
Everyone in your organization can be a security expert. The ideal is to ensure that all employees are educated about the security measures you have in place. Additionally, maintaining policies and procedures regarding such as internet and Wi-Fi use, personal use of company resources, and password requirements serve to keep data safe. Maintaining the policies is only the first step. Having refresher training will serve to remind employees about the various ways that they are involved and are truly the first step in protecting all your data from being attacked.
Any one of these steps or all of them can greatly improve the odds that your organization will be safer from an attack against your system. No system that is accessing the internet is 100% safe from a cyber-attack, but by implementing even just one of these recommendations will help reduce the potential for an invasion. Having good loss control policies and procedures in place is the first step in arming your first line of defense, your employees, against outside threats.
The South Dakota Public Assurance Alliance offers loss control surveys and advice through our Member Services staff, as well as through our partnership with Safety Benefits, Inc. Our Members have access to these services at no additional charge. If you would like to speak with someone about the Cyber Liability coverage afforded as part of our Governmental Liability Package, please contact our office at 800-658-3633 option 2 or by email at firstname.lastname@example.org.
Lynn Bren, AIC SCLA
Director of Member Services
Codington County joined the SDPAA in 1989 and truly appreciates everything SDPAA has done to assist the County. In July 2017 Codington County incurred damage to numerous County owned vehicles due to hail damage. SDPAA was on the spot with an adjuster and made prompt payment to the County for the damages incurred by the hail event. The staff at SDPAA is the best to work with and you can present them with any question and they will answer you quickly and/or direct you to the correct party to resolve any issues or claim questions. Codington County looks forward to working well into the future with SDPAA.Cindy Brugman, Codington County Auditor