Ransomware, Phishing Scams, DDoS Attacks, Social Engineering … the list continues to grow for cybersecurity threats in 2017 and beyond. Attacks have become far more sophisticated than the old email from a prince requesting money. With the Internet of Things (IoT) and our increasing connection and dependence on the internet, we will continue to see more widespread attacks across the globe. This should lead you to question and analyze your security measures not only for yourself, but your association and its members, too. Below are just some high level, common things to think about and do.
Some questions to ask yourself:
- When was the last time you updated your passwords?
- Do you use the same password for all of your accounts?
- Do you use strong passwords consisting of upper and lower-case letters, numbers and special characters?
- Do you require your members to regularly change their passwords?
- Do you take advantage of two-factor authentication?
- Do you have your data backed up and can you easily restore it?
- How quickly can you recover from an attack?
- Do you regularly maintain shared data and asset permissions?
- Do you frequently use open Wi-Fi networks?
- Do you access secure information on open networks?
- Do you have anti-virus and anti-malware software installed?
- Do you always check and install the latest updates for your operating system and software?
Things you can do to avoid becoming a victim:
- Regularly update your password(s).
- Do not use the same password on all accounts.
- Use two-factor authentication if it is an option.
- Do not provide personal, financial or other confidential information through email.
- When entering information on a website, check the domain’s security.
- Pay attention to the URL of the site you visit, there can be slight variations to the domain name to cause red flags. I.e. spelling or .com vs .org, etc.
- Install anti-virus / anti-malware software.
- Install a firewall.
- Regularly check for and install software updates. You can have Windows automatically check and install updates on a scheduled basis.
- Most importantly, use common sense and trust your instincts. If something doesn’t feel or sound right, it probably isn’t.
If you think you may have become a victim, report it immediately to the appropriate agency and/or party in charge of your IT. You should also change your password(s) to affected accounts, as well as any that may use the same information of the compromised account. Always remember, it is better to be safe than sorry.