As we ring in the New Year, many experts are making predictions that 2017 will bring dramatic events in cybersecurity. Small and medium-sized businesses should be vigilant about updating their cybersecurity preparedness plans and educating employees about company security policies and best practices. Here are some action items that should be included in everyone’s cybersecurity defense plan.
Ransomware, a type of malware used to encrypt all of your computer or smartphone data will continue to be a problem and will likely get worse in 2017. As a rule, don’t click on any online ad links. Too many are tainted with adware so it’s better to err on the side of caution. Make sure all security software is kept up to date with regular patching. Data should be regularly backed up, preferably offsite or in the cloud and the backups should be tested. Consider using an application whitelisting program which will prevent unapproved files from being installed on your PC or smartphone.
Secretary of Homeland Security Jeh Johnson has said that the most devastating attacks by the most sophisticated attackers almost always begin with spear phishing emails. These are emails with malware-infected links that lure victims into clicking on them. Never click on a link in an email or text message unless you are absolutely certain that it is legitimate.
Mobile devices will be increasingly targeted by cybercriminals as increasingly companies and individuals utilize smartphones and other mobile devices for sensitive activities with many companies and individuals not utilizing proper security precautions. In order to make your smartphone more secure you should have a PIN or a password for your phone. Only about half of people take this essential step. You should also install security software and keep it up to date with the latest security patches. Only get apps from legitimate sources such as the App Store or Google Play. Refrain from using public Wi-Fi for sensitive communications and use a Virtual Private Network (VPN) which will encrypt your communications. Limit the sensitive material that you store on your smartphone and make sure that whatever information you do store on your smartphone is encrypted.
Finally, conduct frequent vulnerability scanning of your organization’s’ external and internal network, networked devices, and web applications to identify security holes or any known security vulnerabilities.