Tag: security plan

sitelock podcast principle of least privilege

Decoding Security 110: It’s A Matter of Trust

We’re just days into 2018 and cybersecurity already has its first major headline of the year: Meltdown and Spectre. By exploiting common features found in modern microprocessors, cybercriminals have been able to use the attacks known as “Meltdown” and “Spectre” to steal sensitive information from any computer, device, and even the cloud. We’ll walk you through how and why Meltdown and Spectre happened, and which security patches are already available.

We’ll also provide an overview of the principle of least privilege, the concept of restricting user permissions as a preemptive security measure. Join our hosts, security analysts Jessica Ortega and Ramuel Gall, as they provide important tips that everyone, from parents to CTOs, can use to protect themselves from the cybersecurity risks caused by human error.

Want to learn more about how both businesses and individuals can improve their cybersecurity savvy? Check out our past podcasts on endpoint and website security or social media security. For more Decoding Security, subscribe on YouTube, iTunes, or Google Play!

10 Business Cybersecurity Tips

CybersecurityBudget should never be a reason for ignoring security. Neither should worries that you’re technically challenged. Here is a list of ten things you can do to help defend against cyber risks.

  1. Look in the window. Most business owners look at their websites and security risks from the inside-out, and never see what it looks like from a hacker’s perspective. Even a cursory inspection, but even better a basic website scan, could easily help you spot vulnerabilities quickly.
  2. Understand what the risks are. After all, you can’t fix them if you don’t know what they are. A little light reading on common business and website risks could tell you all you need to know. Focus on technical and procedural risks – from exploits of unpatched vulnerabilities to common errors by employees.
  3. Focus on passwords, and especially to your FTP account. Passwords can be the keys to the kingdom, and even the biggest security breaches at the biggest businesses have been traced to the smallest password mistakes.
  4. If your business has a lot of sensitive information to protect, consider having your website developers use a dedicated computer to access the website. This can significantly reduce the risks of things like keyloggers, which can steal website passwords and give hackers access. By using a dedicated computer that’s not used for anything else, you eliminate the risk of downloading a keylogger or other malware through drive-by downloads, email attachments, or infected files.
  5. Create a list of your Top 10 security rules, that everyone has to follow, and make that everyone knows what those rules are. Ten is a good number. You could easily have a hundred but too many could cause more harm than good. Focus on the biggest risks and vulnerabilities and pursue them relentlessly.
  6. If you accept credit cards, make sure you’re PCI compliant. Achieving PCI compliance is not difficult or expensive, especially for smaller businesses. Not only is PCI a great security place to start, you don’t have an option. Failure could mean big fines and the inability to accept credit card payments.
  7. Don’t forget to get physical. Not all attacks or exploits have to be digital or virtual. Hackers can walk into an unprotected business or rummage through a dumpster. And many of the information-rich laptops and tablets stolen in burglaries end up in the hands of cybercrooks.
  8. Control who you give access to. That can range from access to buildings and rooms to access to computers, networks, and websites, to access to specific files and privileges. It’s not about people getting access to sensitive data, it’s about the wrong people getting access.
  9. Choose your web hosting provider carefully. There are thousands to choose from so pick yours thoughtfully and focus on what they say about security. If they don’t talk about it at all, that could be a warning sign. If they do mention security, present them with your list of top security worries and risks and see what their response is.
  10. Review your security regularly, with a comprehensive top-down review at least a couple of times annually. Nothing stands still, and new vulnerabilities are being discovered or created daily.

Read More

Cybersecurity Starts With a Plan

Cybersecurity policyYou probably already know that October is National Cyber Security Awareness Month, right? Of course every month should be cyber security awareness month because these days no business can afford to let its guard down. Not for a moment.

But because businesses and consumers are often too busy to think about security when it matters most, a national celebration was created as a reminder. And we’re celebrating NCSAM by sharing with you some of the most basic security options that are available to any small business.

Read More

10 Steps to Business Cybersecurity

cybersecurityEven just thinking about protecting your business from all the cyber threats it faces can be daunting. Where do you begin? Do you start with your website, or is it something more basic like having a security plan? Do you train your employees or lock down every computer and let technology do the work? If critical data has to be protected, which data first? Which data most?

It’s this very scenario that creates the biggest security vulnerability for most small businesses. When building an effective security program for your business begins to look like a much bigger mountain to climb, especially as you get closer, you put the project off until another day. And in the meantime, hackers can have a field day.

Read More

Building a Cyber Security Plan

Ever heard the saying “if you fail to plan then you plan to fail”? This is just as true in security as it is in business, and the lack of a clear plan to protect your business from cyber risks usually results in no real protection at all.

An information or cyber security plan is a very simple and free tool that can have a profound impact on how well your business is protected from cyber threats. A security plan is a short document, often no longer that a few pages, that outlines:

Read More

Powered by WordPress & Theme by Anders Norén