The world is still learning how to adjust to the “New Normal” caused by the COVID-19 pandemic, the “Great Resignation” and shifting geo-political tensions. While North American businesses have shown incredible resilience and perseverance throughout these demanding requirements, the external factors have facilitated a world of chaos. And in a world of chaos, cybercrime thrives. Fortunately, we have 4 simple tips to enhance your cyber security.
Since the beginning of the COVID-19 pandemic, there has been an increase of over 300% in reported cyber attacks. All of the trends in cybercrime point to an increase in the quantity and complexity of cyber attacks. As the world continues to become more digital with the advent of ideas like the Metaverse, Web3, NFTs and cryptocurrencies, the global cyber security market is seeing a large increase in demand.
Are you unsure where to start with your cyber security posture? We don’t blame you. Cyber security is complex. There is a lot of information on the subject, but few recommendations towards action. This article will list 4 easy to implement actions that you can take for your business.
1. Update password policies
According to the Verizon 2021 Data Breach Investigation Report, 89% of Web Application breaches are caused by weak passwords. Our cyber defenses can be incredibly well-developed and robust, however, one weak password can compromise everything.
Passwords can be compromised through the use of a Brute Force Password attack, which is an attempt to discover a password by systematically trying every possible combination of letters, numbers, and symbols until you discover the one correct combination that works. The table below shows just how quickly a hacker could use brute force to compromise your password.
Tips for Password Policy
- Enforce that employees/users create passwords that are:
- Minimum of 10 characters long
- Does not contain any personal information, such as birth year, home address, phone number, etc.
- Must be unique for each website/platform the user has.
- Does not contain any words
- Must contain numbers, Upper and Lower case letters, symbols and special characters.
- A good password looks something like this: &s]9MTnxyPU_
Okay, so how are you expected to remember such a random password? This can be a challenge, that is why we suggest using a Password Manager. A Password Manager securely generates and stores passwords and can be used across all of your devices. The Password Manager will have one main password that encrypts all of your stored user accounts, passwords, and secure notes. One Password Manager we suggest is 1Password!
2. Implement Multi-Factor Authentication
What is Multi-Factor Authentication? This is probably a good place to start. Multi-factor authentication is when a user must provide two or more pieces of evidence to verify their identity to gain access to an app or digital resource. Multi-factor authentication (MFA) is used to protect against hackers by ensuring that digital users are who they say they are
MFA can be annoying, however we cannot let convenience trump security. When MFA is done right, it does not incur any meaningful impact to time efficiency, yet contributes to a strong cyber security posture for your business.
Most web applications and platforms have an option to enable 2FA or MFA, which by default is likely turned off. To instantly improve your cyber security, enable MFA for all your main platforms. If you are unsure how to enable MFA for your particular platform, simply google the phrase “How do I enable MFA for ….”
3. Education and Awareness for your Team
Social engineering is becoming a popular attack approach for hackers. “Social Engineering” is the act of exploiting human weaknesses to gain access to personal information and protected systems. One very common method is through Business Email Compromise (BEC) and other Phishing scams. A phishing scam can be most damaging because they will look harmless, unless you know what to look for.
Therefore, education and training for employees is critical to help them flag emails that look suspicious. The following video is a great short video to bring awareness to typical phishing attacks: https://youtu.be/Y7zNlEMDmI4
4. Test your Defensive Strategies
All of these suggestions are “defensive” strategies, which are essential for keeping your company secure. However, even the best defenses strategies can still leave potential for malicious threat actors to gain a foothold. You might read headlines of some of the biggest companies in the world falling victim to cybercrime. Therefore, this last suggestion is crucial. You must regularly test the defensive measures you have put in place with cyber Assessments and Auditing. This is crucial for the operations of our business, however it also might be required for insurance policies or compliance regulations in your industry. This testing can come in the form of third party:
- Vulnerability Assessments (VA)
- Penetration Testing (PT)
- Social Engineering Assessments
- PCI Penetration Testing
- Red Team Engagements
Nivee is an Indigenous-Owned, cyber security firm which offers Cybersecurity Auditing and Assessment services to test and identify risks that may lead to cyber attacks. This is provided as an independent and third-party evaluation of your digital security. These services are sometimes called “ethical hacking.” This is where we simulate real-world attacks on your digital infrastructure. Our services are offered throughout North America and we are headquartered in the Greater Toronto Area.
Nivee is a collective group of some of the most experienced information security professionals in the industry who are working alongside our exceptional team of entrepreneurs with a track record of effective communication, operational excellence, and detail-oriented project delivery. We maintain a low overhead, which allows us to provide affordable solutions while maintaining the top recognized industry certifications.
Are you considering a cybersecurity assessment for your company? Does your industry require cybersecurity Auditing for compliance? Connect with us today by clicking here to learn more about how we can protect you in the digital world!