Top 7 Concerns About CMMC and What it Means for DoD Contractors
September 15, 2020Fragile Supply Lines Common Target by Cyber Criminals
October 3, 2020Living in a connected world has its advantages, but it also creates a larger attack surface for bad actors to steal sensitive private and corporate information. Now, with many of us working remotely, it is more important than ever to use best practices to stay cyber safe. For this reason, Gray Analytics subscribes to a “verify, then trust” model, also known as a zero trust policy.
“Verify, then trust” is an adaptation of “Trust, but verify,” an old Russian proverb used extensively by Ronald Regan in the 80s when discussing nuclear disarmament. The phrase simply means don’t make assumptions that everything is always as it seems. We’ve applied this concept to cybersecurity for verification when dealing with third party software and technology providers and internal operations. From technologies, to processes, to people, verification of authenticity is the first and foremost tenet of protecting yourself and your business from cyberattacks.
Below, we’ve outlined a few tips on how you can better protect yourself and your business using the “Verify then Trust” approach.
Protect your email security.
Email is the number one attack vector for bad actors and there are signs to lookout for to determine if you are the target of a phishing or business email compromise.
You may be the target for a phishing attempt if someone:
- Offers a financial award;
- Threatens you or claim to need help;
- Asks for your personal information; or
- Asks you to download a file or click a link
You may be the target for a business email compromise attempt if someone
- Asks you to wire money or purchase gift cards; or
- Requests sensitive personal information about someone in your organization
Always assume that a suspicious email is a bad email. If you’re unsure who an email is from, do not respond or click on any links or attachments. If it appears to come from someone you know, call or text them and ask if they sent the email. Verify, then trust.
Keep your devices updated.
Any device that connects to the internet or internal network is vulnerable to various cyber risks. In fact, 68 percent of data breaches occur because of poor patch management. The best defense is to keep devices, software, web browsers and operating systems up to date. Never assume that devices and software are getting patched. Verify, then trust.
Strengthen your password practices.
Always use long passwords or passphrases that cannot be easily guessed. Use different passwords or phrases for different systems or accounts and never use the same password at home than you use at work.
Another way to enhance your privacy measures is to use multi-factor authentication. Using multi-factor authentication could save you a lot of time and money because it greatly reduces the likelihood of an attack.
Beware of ransomware.
Ransomware is a type of malware that prevents users from accessing systems or personal files unless they pay a ransom, typically in cryptocurrency. Nearly 59 percent of U.S. small and medium-sized businesses do not have a contingency plan that outlines procedures for responding to and reporting data breach losses. The best defense against ransomware data loss is to make electronic and physical backups of all important work. However, backing up your data only takes you so far. Verify your data recovery processes to ensure that you can actually recover your data.
In this digital age, protecting your private and corporate information is crucial. Don’t assume that cyberattacks won’t happen to you. Verify, then trust that you are protected.