Share this
7 Security Tips to Wrap Up Cybersecurity Month
by Kory Underdown on Oct 31, 2022 12:00:00 AM
In the spirit of DNSFilter’s 7th birthday, and the close of Cybersecurity Awareness Month, we did something brave. We asked our Security team for their very best cybersecurity tips—then watched as the slack channel flooded with messages. They offered up a ton of really great advice, but we went ahead and narrowed it down to a reasonable list, just for you.
1. Post-it notes are not a viable password manager
Unauthorized users will look for the easiest way to hack your network. A post-it note sitting on your desk? You’ve basically handed them the keys to your house!
Don’t make it that easy. Invest in a password manager that encrypts your passwords and keeps them stored in a safe location. Another benefit to password managers: It’s easy to create stronger passwords and click to fill. No more reusing passwords because you can’t remember them all.
2. Beware of BEC (Business Email Compromise) attacks!
Business email compromise is an attack on business email systems in an attempt to defraud the company for money. These scams are rising rapidly—U.S. businesses reported more than $2.4 billion in losses in 2021.
One of the common scams you’ve probably seen for yourself is an email posing as being from your CEO. They may ask you to run to the store to buy them gift cards, or some other task that requires the use of your credit card, and they almost always insist that it is urgent.
Make sure to protect your organization and team by requiring multi-factor or 2FA authentication, enforcing consistent security training, and utilizing a DNS filtering security solution.
3. How to spot a social engineering attempt
Social engineering is a method of hacking via humans. A threat actor will often use social engineering to manipulate a person into handing over sensitive information, or to gain access to their network.
This type of attack relies on humans having an innate tendency to trust and can be done in many different ways. Phishing, Vishing, and SMiShing are commonly utilized for these attacks, and many times they will iterate urgency so that the victim doesn’t have time to think twice.
A recent example of social engineering was the attack behind the Uber breach. The threat actor allegedly fatigued an Uber contractor by repeatedly pushing multi-factor authentication request notifications to their phone. The contractor eventually wore down and approved the notification—giving the hacker access to Uber’s internal systems.
Take a second to think twice when you receive an abnormal urgent request. When in doubt, utilize a secondary channel (like slack or a phone call) to clarify that the request is real and from the person it appears to be.
4. Endpoint security is just as important as core network security
Work From Anywhere can complicate an organization’s security protocol. Once upon a time, an in-house server room was all you needed. Now, end users are becoming more and more dispersed and brick and mortar security practices aren’t enough.
What’s the answer? Decentralized Cybersecurity.
Secure your end users, wherever they are, by placing a security bubble around their devices via DNS security, VPNs, DLP, antivirus, etc. Read more about Decentralized Cybersecurity here.
5. Compliance and security are not the same, especially in healthcare
Knowing the difference between compliance and security is critical for protecting patient data. Healthcare data is particularly vulnerable due to the personal and sensitive information included. A breach in healthcare has potential to put real, human lives at risk.
Don’t just check the boxes to be in compliance—ensure your organization is actively working to protect patient data with additional security measures. Read more on keeping patient data secure here.
6. There are no silver bullets in cybersecurity
Unfortunately, even with a security strategy and consistent employee training, attacks can still happen with today’s heightened threat landscape. It’s important to have multiple layers of protection for every device utilized by your organization.
7. Secure your public Wi-Fi
Offering free Wi-Fi at your organization can be great for your customers. In fact, 76% of Americans say that they’re more likely to frequent businesses that offer free Wi-Fi hotspots.
But public Wi-Fi networks come with risks—unsavory content, botnets, and employee filter circumvention to name a few.
Secure your guest Wi-Fi with DNS protection and content filters to ensure that your hotspots aren’t putting your business at risk.
Share this
Categories
- Featured (264)
- Protective DNS (21)
- IT (15)
- IndyCar (9)
- Content Filtering (8)
- Cybersecurity Brief (7)
- IT Challenges (7)
- Public Wi-Fi (7)
- AI (6)
- Deep Dive (6)
- Malware (4)
- Roaming Client (4)
- Team (4)
- Compare (3)
- MSP (3)
- Phishing (3)
- Tech (3)
- Anycast (2)
- Events (2)
- Machine Learning (2)
- Ransomware (2)
- Tech Stack (2)
- Secure Web Gateway (1)
Customer experience is the secret sauce that sets successful Managed Service Providers (MSPs) apart from the rest. In a market teeming with competition, you need to offer more than the best technology or the lowest prices. It's about how clients feel when they interact with your services. A stellar customer experience can transform a one-time client into a loyal advocate, while a poor one can send them running to your competitors. According to a ...
In July I published a blog on the DNSFilter website where I looked closely at our passive DNS data, highlighting early election trends in relation to threat domains.
The Children's Internet Protection Act (CIPA) is a critical law designed to ensure that students are protected from harmful online content. It requires schools and libraries to implement Internet safety measures, such as filtering and monitoring, to safeguard minors. Compliance with CIPA is essential for institutions seeking E-Rate program discounts for Internet access and internal connections.