5 minute read
How to Keep the “When” from Happening
How Can I Keep the “When” From Happening?
Lynn Bren, SDPAA Director of Member Services
Advertisement
Remember“it’snotif,it’swhen?”AndhowCyber-attacks are on the rise? You may have found yourself thinking, well, how do I keep all of this data safe? Is there anything thatcanbedonetoavoidsomeofthesepotentialbreaches? How do I get prepared in the event there is a breach?
Having Cyber Liability coverage will help get back on your feet after the incident occurs, but, with anything in life,takingstepstomaintainahealthyelectronicsystemis keytoavoidingthe‘ when’fromhappening.Unfortunately, with ever changing technology, your information may neverbecompletelysafe,nomatterhowyouarestoringit, but there are steps you can take to help minimize your exposures. The suggestions below are some, but not all methods that can increase your data security.
Data Encryption
Encrypting your data is one way to avoid having it stolen or ransomed. Encryption is the process of converting information or data into code, especially to prevent unauthorized access. Encryption is one method of protecting your information from someone other than the intended recipient or users. Many email systems offer encryption within the send process. Cloud storage, payment systems and even your entire operating system can be encrypted. Encryption isn’t fool-proof, but it will certainlytakeahackermoretimetoaccesstheinformation if there is encryption involved. Encryption can be as easy as password protecting a certain file or document, to completely locking down your entire file system. Encryption cannot be effective if your system is already infectedwithmalware,ifyouleaveyoursystemunsecured in open spaces or if you have weak passwords.
Passwords
Everyone loves to change their password every 90 days, right?Andkeepingthosepasswordsonastickynotetaped toyourcomputermonitorisA-OK,right?Weakpasswords mean that it takes a hacker less or no time to access the data that your password is protecting. Having strong passwords is the least complicated thing a user can do to protect data. Keeping your passwords secure is crucial to
maintainingasecurenetwork.Tapingyouremailpassword to your computer monitor is not keeping it safe. Similarly, havingafolderinyoursystemlabeled“passwords”isalso not recommended.
Microsoft suggests not using any personal information in your passwords, such as your name or birthdate, or basic words spelled in reverse. Additionally, they suggest not usingwordsorsequencesthatareconsecutiveorneareach other on the keyboard. If your password is 1234, you should plan on changing that.
Manysystemsalsoofferatwo-stepauthenticationprocess, inwhichtheusersetsupaphonenumberalsolinkedtoan account.Afterthepasswordisentered,theuseristhensent a code via text or SMS message which is then entered to allow access to the secured account. The second step makes it more difficult for the protected information to be accessed.
Antivirus
Antivirussoftwareisaprogramorsetofprogramsthatare designed to prevent, search for, detect, and remove software viruses and malicious software like worms, Trojans, and adware intended to obtain and relay information to an unintended outside source. Having antivirus protection is the immune system for your network. However, like any good immune system, your antivirus cannot be effective if it is not kept up to date. Updatingyourantiviruswillkeepthesoftwareinformedto newly identified attacks and threats. These programs are crucialtotheprotectionofyourinformation,astheyserve as the last line of defense should an unauthorized party break into your system.
Firewall
A firewall is part of the computing system which is designed to block unauthorized access while permitting outward communication. Most people do not even realize that the firewall is there protecting their information until they try to access that unauthorized website to find the latestrecipeorreadtheblogaboutthenewfunthingtodo with your dog on the weekends. The firewall works like a security guard for your computer system.
UpdateYour Systems
Most operating systems require updates to ensure that the system is running free of errors and can communicate properly with other similar systems. Updating your operating system also ensures that you will have the most uptodatesecurityfeaturesbuiltintotheoperatingsystem, which is often developed in response to new threats and invasions created by those seeking your confidential information.
Intrusion Detection Systems
An intrusion detection system is a form of network security technology that is used for detecting vulnerability exploits against a target application or computer. It will monitor network traffic and look for suspicious activity and alert users when that activity exists. Similar to any other electronic security or operating system, you must keep the software up to date to monitor for all new and existing threats.
Data Backup
Regular data backups are a way to increase the security of your information. The information that is the backbone of your operation is the most crucial to be frequently backed up. If the information is lost due to an invasion or other type of loss, your backup should be able to replace lost or stolen data. Backing up your data is a key way to protect against malware or ransomware which takes your information hostage seeking payment for its surrender. Once established, saving your backup information to an outside drive, or to the cloud, is a virtually effortless way toensurethatallofyourinformationisputawaysecurely. Having your data taken hostage is agonizing, but knowing
you have a backup of the information can make that situation less stressful.
Restrict InformationAccess
Keeping certain information restricted will make it less vulnerable. Allowing all employees access to all information makes it more accessible for a hacker. The more opportunities to reach the data, the more likely an attack on that data is.
Security PoliciesAnd Procedures
Everyone in your organization can be a security expert. The ideal is to ensure that all employees are educated about the security measures you have in place. Additionally, maintaining policies and procedures regarding such as internet and Wi-Fi use, personal use of company resources, and password requirements serve to keep data safe. Maintaining the policies is only the first step. Having refresher training will serve to remind employees about the various ways that they are involved and are truly the first step in protecting all your data from being attacked.
Any one of these steps or all of them can greatly improve theoddsthatyourorganizationwillbesaferfromanattack against your system. No system that is accessing the internet is 100% safe from a cyber-attack, but by implementingevenjustoneoftheserecommendationswill helpreducethepotentialforaninvasion.Havinggoodloss control policies and procedures in place is the first step in arming your first line of defense, your employees, against outside threats.
The South Dakota Public Assurance Alliance offers loss control surveys and advice through our Member Services staff, as well as through our partnership with Safety Benefits, Inc. Our Members have access to these services at no additional charge. If you would like to speak with someone about the Cyber Liability coverage afforded as partofourGovernmentalLiabilityPackage,pleasecontact our office at 800-658-3633 option 2 or by email at sdpaa@sdmunicipalleague.org.
