What is Cybersecurity?
Cybersecurity (or Data Security) concerns the protection of data from accidental or intentional, but unauthorized modification, destruction or disclosure through the use of physical security, administrative controls, logical controls, and other safeguards to limit accessibility.
Why Worry
About Cybersecurity?
Most small businesses take the attitude of "Why would anybody care about our data? We are just the little guys." The problem is that hackers tend to target small businesses because they do not have the resources to implement high-end cybersecurity protection and they do not think they would be a target because they are small.
According to the recent reports, 61% of breaches in 2017 were of small businesses, up from the previous year's 53%. Small businesses store not only their own critical data and information but also customer records like credit card and social security numbers, vendor information, customer lists, passwords, and much more.
Top Cybersecurity Threats for 2018
Social Engineering Attacks are how hackers and data thieves cleverly access your secure information through phishing, impersonating other companies and people, and other common tactics. It is estimated that phishing attacks cost U.S. businesses more than $5 million each year.
Ransomware is a relatively simple form of malware that breaches defenses and locks down computer files using strong encryption. Global cost damages from ransomware exceeded $5 billion in 2017, up from $325 million in 2015. Experts expect the number of cloud-based ransomware attacks to greatly increase in 2018.
IoT Attacks will continue to increase. While IoT devices have many uses and are designed to make life easier and simpler, they connect to the Internet and are vulnerable to bad actors if proper security measures are not in place. It is estimated there will be over 20 billion connected "things" by 2020, each representing a portal to the network which can be hacked or compromised.
Data Breaches are confirmed incidents in which sensitive, confidential or otherwise protected data has been accessed and/or disclosed in an unauthorized fashion. According to a recent study, 500 million records had been exposed by data breaches in 2014. By July 2017 that number was closer to 6 billion records.
How Can Data be Better Protected?
Strong Passwords are at least eight characters long and contain a combination of upper and lower case letters, special characters, and numbers. (See below for additional password tips.)
Computer Maintenance and software updates are perhaps one of the most important data security tools the everyday user needs. Hackers can exploit weaknesses found in computer programs that security updates can prevent.
Data Encryption translates data into another form so that only people with access to a secret key or password can read it. The purpose of data encryption is to protect digital data confidentiality as it is stored on computer systems and transmitted using the Internet or other computer networks.
Security Testing and regular vulnerability assessments by certified technology experts are a must. This testing can provide a comprehensive and prioritized view of what should be done to best protect data from attacks by cybercriminals.
Tips for Strong Passwords
by Liz Caulder
IT Support Specialist
Make passwords longer.
Many experts have increased the recommendation to 12 or 15 characters minimum. Use a long phrase that is memorable such as "Ben and Jerry like to eat ice cream."
Use a combination of letters, numbers and symbols.
Experts recommend at least one each of upper case letters, lower case letters, numbers and symbols. E.g., Ben&Jerryl1k32e@t!cecreaM
Do not use the same password for multiple sites. A password manager such as those recommended here can be a useful way to manage your passwords. Many of these can be used with a smartphone. Note: be sure to create a master password you can remember. Credible password managing programs will not provide a way to reset of retrieve your master password.
Change your passwords often.
If offered, use
Two-Factor Authentication
which pairs your password with another key (e.g. a PIN sent by text to your cell phone) to confirm your identity. A thief would then have to have both your password and your cell phone in order to log-in as you.
Do not provide your password to others or leave it written where it can be found. Be wary of any requests for your password. (such as phishing emails sending you to a site where you are asked to "log in").