As I talk to clients and others, I am struck by the lack of connection each one of them thinks they have to the recent hacks that have occurred to the DNC, Democrat staffers and other information constantly being released by hackers. One thing to remember is hackers don’t discriminate, if there is money to be made or they can further their cause they don’t care if you are a large Fortune 500, SMB or even private user.

People need to remember a few things:

1) We are all potential targets of hackers who want what we have, namely customer information, banking credentials, employee information (whether it be health or personal information) and our login credentials to other applications.

Obtaining access to our corporate and personal computer systems is getting harder to identify while the hacker tools are becoming more sophisticated. Many employees can’t resist the temptation to click on an attachment they receive in their inbox even though they know they shouldn’t. Those organizations that have protection at their mail entry points can hopefully identify malware attachments but unfortunately even if you have protection, it doesn’t mean you don’t have to worry about new malware that we can’t identify.

2) Don’t rely only on technology to protect you and your organization. People are an important part of the security chain and if a person is not aware of good security practices, they may be an unsuspecting contributor to breaches. This is also true for home users as many think their spam filter will prtect them from malware laden attachments or URL links. Think before you click is always a good idea and one that should be paired with a question as to why you are opening the link. Many cyber-criminals use global events such as disasters or even the Olympics to trick unsuspecting computer users into clicking attachments or URL links.

3) Your mobile device is the next attack vector. I have seen a case where someones phone SIM was cloned without their knowledge (social engineering techniques were used on the mobile carrier) . Once you have the persons SIM you can “be them” and even though some phones have built in security, it is not enough in many cases to stop theft or worse. Imagine if you are an executive of a large company or SMB and have your CFO’s contact information in your phone. All the cyber-criminal needs to do is wait until you go away for a trip or board a flight and send them an urgent message from your phone that you need $250,000 wired to a certain bank account. They can also text other media contacts with messages that could lead to major representational issues or loss of company confidence.

4) It’s going to get worse. That said, I am an optimist but also a realist so let me explain my logic. Today we have PCs, Tablets, Phones and possibly some other devices that hold our data and could be attacked. What happens when more devices such as your home security cameras, refrigerator or thermostats that you have on your WiFi network are hacked. It’s called IoT (Internet of Things) and currently it isn’t being protected very well. I predict that a new hacker industry will cater just to those devices if it hasn’t happened already.

So what can you do. I have listed below some basic steps that you can follow but the most important thing is to always think in a cyber security frame of mind. While you may not be able to thwart every hacker attempt (based on sophistication), you may be able to have the odds in your favor.

Tips:

• Make sure before you click on an attachment or link that you know the sender and are expecting it. How many times have we all received an email with a link form a friend whose gmail account has been hacked ? While this is not foolproof, it will decrease your odds of clicking on malware.
• If you are uncertain about a link that was sent to you, use free services like Virustotal to see if link is benign.
• Have virus and malware protection installed on your system and keep it updated.
• Make sure your passwords are made up of letters and numbers. Your password length should be at least 6 characters long and should not be used on all your systems since if it is breached, all your systems will have the potential of being breached.
• Call or email your mobile carrier and ask them to put a note in your file never to clone your SIM unless you give them a specific PIN. Make that PIN something that only you have access to and can’t be figured out easily.
• When buying WiFi connected devices for your home, make sure you subscribe to their updates which many times will include security updates as well.
• If you have an SMB, make sure your internal procedures that deal with wire transfers for your company.

There are any more free and inexpensive tips and tricks that can be used to protect your organization whether you are a Fortune 100 or SMB. Proactive Cyber Security was founded on providing economical cyber security solutions which many times do not include the high cost of technology.

Find out more, use the Contact Us link to ask us about our services and follow us on Twitter @procybersecure where we tweet out the latest Cyber Security news.