Should I use Wi-Fi at a coffee shop?
When you connect your devices to Wi-Fi connections at public places (e.g. coffee shops) you are putting yourself at risk of a potential cyberattack. Without an encrypted communication method (which most people don’t use), any data exchanged along the Wi-Fi signal can be intercepted by others sharing the same connection. This happens more often than people think. Cybercriminals can easily deploy tools that allow them to monitor and intercept files and passwords that you use. It is recommended to always use caution when connecting to public Wi-Fi, and never use public Wi-Fi for sensitive activities such as online banking, sending sensitive documents, or entering passwords.
Defendify Tip: Consider using a cellular personal hotspot which is owned and operated by your company as an alternative.
Is my firewall enough?
Today’s network perimeter has extended outside of the confines of the traditional office. With employees working remotely from home, coffee shops and co-working spaces, the network perimeter has now moved to the endpoint (computer or mobile device). The Small Business market has seen a shift away from Virtual Public Network (VPN) usage, leaving remote users outside of the protection of the firewall. Firewalls also can’t catch every threat or attack, and opening a port in the firewall leaves your network at risk. With these scenarios, additional security layers are often necessary to protect the endpoints.
Defendify Tip: Employ preventative measures that go beyond a firewall to keep your business protected. Additionally, perform regular firewall audits and follow an update schedule to keep your firewall strong.
Is it ok to send sensitive information via email?
Sending documents through most traditional email solutions is similar to sending a postcard in the mail. It can be intercepted and read by bad actors and attackers since there is no encryption. Another risk is sending the email to the wrong recipient simply by mistyping or accidentally selecting the wrong email address – it happens to the best of us. There are cost-effective email solutions available which allow users to send emails in encrypted format in order to protect the information. Alternatively, password-protect the sensitive document before sending, and send the password to the recipient in a different communication channel (e.g. a text message.)
Defendify Tip: Send all sensitive and confidential documents and information in an encrypted format or with a password.
Are my security cameras and systems safe?
Most IP-based security camera systems require regular updates and patches as they are released by the manufacturer. Many of these are released based on discovery of security vulnerabilities found in the firmware or software in the system. Unlike most other software solutions that you use on your computer, the majority of on-premise video surveillance systems do not automatically update or notify you when patches are available. This leaves many systems running for long periods of time, unsecure and with vulnerabilities.
Defendify Tip: Make sure your business or service provider implements regularly scheduled and/or ongoing system updates and patches.
Is my company really at risk?
Unfortunately, yes. All companies, both large and small and in every industry, are at risk of cyberattacks and threats. There is no guaranteed technology or method to prevent a breach and there is no such thing as 100% security.
Defendify Tip: Employ multiple layers of cybersecurity that consider foundation, culture, and technology to help keep your business safe.
What is phishing?
Phishing is a tactic that cybercriminals use where they attempt to lure you into clicking a link or opening an attachment with the goal of obtaining sensitive data, stealing money, or installing malware. These attacks are becoming more sophisticated than ever and often are sent via email, webistes, or even text messages. The communication often looks like it is coming from a legitimate source (e.g. your financial institution, a social site, the IRS, or similar).
Spear Phishing is a targeted approach that attack a specific identified user. Often in this methodology, the cybercriminal will create a fake email that looks almost identical to a normal one that you may receive from a co-worker, customer, or vendor. It can be very difficult to identify the difference between a real email or a malicious one.
Defendify Tip: Always be on the lookout for emails with typos and poor grammar, unexpected messages insisting urgent action, or requests that you click a link open an attachment, enter your credentials, or make a payment.
What is ransomware?
Ransomware is a type of malware that infects a computer or server. Once the ransomware is installed on a device, the attacker uses encryption to block the user from gaining access to important files. These files can be customer information, payroll, or any other types of sensitive information inside your organization. The attackers leave a message on the infected machine demanding that the user sends money, usually in bitcoin, to the attacker in exchange for unlocking the files. The amount of the request varies.
Often, data locked by ransomware cannot be decrypted, even by security specialists. If your data is not backed up appropriately, you may have little choice but to give in and send the requested funds to the attacker or rebuild from scratch. The attacker may unlock the encrypted data, but it’s not a guarantee, and even if you do get your data back, ransomware can cause significant business interruption and downtime.
Defendify Tip: Choosing to pay or not to pay is a difficult decision. They key is to defend against ransomware through good security practices and to always keep backups of your data.
What does Two-Factor Authentication (2FA) mean?
Two-Factor Authentication (2FA) is a required second step, typically a code from a text message or smartphone app, that you enter after your login and password to verify your identity. It’s an important tactic to secure your accounts because even a strong password can be broken by a diligent cyberattacker. Many websites today offer 2FA – it can usually be found in the privacy or account settings feature of many major accounts.
Defendify Tip: Turn on 2FA on your accounts wherever possible. You can search for websites and services that offer 2FA and find instructions to activate the feature at www.turnon2fa.com.