What must I do? I've been hacked
Contract a service to monitor and search for stolen, compromised and leaked credentials online and on the cyber underground.
For all the hype around cyber attacks, and every single cybersecurity enterprise talking about cyber resilience to improve a business’s security posture, nobody really knows what to do once they've been hacked. These terms are being used extensively, yet doing so still does not really help the consumer to understand the importance of what hacking can result in, or exactly what it means and what they can do to lower their risk.
Often the focus on corporate risks and acceptable use policies is lost on the end-user. Constantly referring only to the policy will not influence staff to adjust their behaviour. In order to effect real change, one needs to focus more on procedures, steps and the personal effect of better "cyber hygiene" to help employees be more secure.
More importantly, when employees know what to do and what to look out for, they will be better protected at home, and by association, more secure at work.
Companies need to address the pressing aspects of cybersecurity and to cover these issues in a way that will make sense to the non-technical user. It is amazing how making small adjustments can positively influence the behaviour of staff and improve security at the same time. When the employee makes the changes themself, positive results follow.
Passwords, passwords, passwords
Before anybody says that passwords are not the best form of security, or they are outdated, the truth is that we live in an interconnected world and every single system we interact with needs a password. Every system, cloud storage, app and network that we place our information and login credentials into, increases our risk landscape.
When you use a single password for every platform, a breach of one is a breach of them all. You may practise safe cyber activity and still have your credentials compromised in a third-party app that has poor security measures.
A password policy is not only something that you should have in the office. It is a good idea to come up with, follow and assess compliance to a policy for your personal passwords as well. This policy, at work or home, must be practical for your situation. Have a look at the systems and platforms that you work with and follow the policy to ensure password security.
If you make use of a password manager, ensure that it is secure and use it correctly. How often will you change your passwords? Will you only do this when something is compromised; or monthly or quarterly? Whatever the decision, this is your policy and make sure you follow it.
How will you monitor for compliance and breaches? Please ensure that you keep your eyes open for breach notifications and update managers, and check regularly for multiple online sessions or logins on all your platforms. Also, register for a breach notification service on your personal e-mail accounts.
Contract a service to monitor and search for stolen, compromised and leaked credentials online and on the cyber underground. Breaches happen every single day, and knowing that credentials have been part of a breach allows you to take the required steps to stay secure.
Implement multi-factor authentication on every platform possible. The reality is that the extra two or three seconds it takes to punch in the code or verify the login is far simpler than trying to recover data, chase lost money or explain how your credentials were used to drop ransomware on those around you.
Make sure your passwords are unique to you. With the growing number of platforms and passwords, take the steps necessary to secure yourself and always follow your policy.
If you need any guidance or professional advice, contact J2 Software to discuss real and practical methods to remain cybersecure.