Page 43 - index
P. 43
hacking. Employees should be trained to recognize these con games. Think of this like
teaching street smarts and “Stranger Danger” for the office.
• Teach your employees “if they see something, say something”. This isn’t about
breeding a culture of tattletales. Social engineering is often a trial and error process.
Hackers that fail at getting information from one employee will almost always try again with
another. Whether it is a phone call or a person that looks out of place, when something
suspicious happens everyone in the office should be made aware.
• Make sure your customers know that your company will never request personal
information by email. Although this isn’t an inside job, cybercriminals have been known to
spoof emails from a company to contact their customers and ask for account information,
social security numbers, passwords and etc.
• Avoid browsing websites and processing online orders using the same computer.
This includes clicking on unfamiliar links in orders received by email. All it takes is clicking
on a bad link and an infected computer instantly becomes a compromised computer. That's
why a click inside the wrong email can open a customer database up to hackers.
Physical security is just as important as network security. Even the best computer security
becomes useless if a bad actor gets physical access to the machine. Most small offices are
reasonably secure with decent locks and an alarm system. The problem is that the keys and
codes never change, regardless of employee turnover.
• If possible, use an alarm code that is at least 6-digits long.
• Change your alarm security codes every 12 to 24 months. Most small offices never change
their alarm codes until they get ripped off – without any sign of forced entry.
• Rekey your office locks every three to five years, sooner if you have high employee
turnover.
• Any mission-critical computers with sensitive data (e.g. - customer information, inventory,
production files, financials, websites, etc) should be kept in a closet or office space with a
lockable door. This includes network equipment such as cable/DSL modems, routers and
firewalls. All it takes is a few minutes and an ounce of moxie to remove a piece of equipment
that can shut an office down indefinitely – sometimes permanently.
Enforce stronger passwords. Without a well-defined IT policy, most small offices allow staff to
choose passwords that are easy to remember – and hackers can crack them in minutes. Staff
should choose passwords that fit the following criteria:
• at least 12 characters long,
• uses upper and lowercase with one or more numbers and special characters,
• does not use proper names or words from the dictionary,
• unique (as in not used for anything else), and
• stored only in a Password Manager app (e.g. – KeePass, 1Password, LastPass, etc).
A good rule of thumb to follow: any password that is written down or in print should be
43 Cyber Warnings E-Magazine – July 2015 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
