With the uptick in ransomware attacks this past year, it’s more imperative than ever to take a proactive approach to stay safe and secure online.
Protecting yourself is your first and best defense against cyber threats.
Learning how to protect yourself online may seem like an overwhelming task, but individuals and organizations can–and should–take steps to ensure they are safe in cyberspace. Protecting yourself is your first and best defense against cyber threats. October is Cybersecurity Awareness Month, and this initiative, spearheaded by the National Cyber Security Alliance and Cybersecurity and Infrastructure Security Agency, promotes the stronger “implement[ation] of security practices, raising community awareness, educating vulnerable audiences, or training employees.”1
There are four significant opportunities to provide notable improvements to cybersecurity postures for insurers writing personal lines and small commercial business. Implementing solutions in these categories makes it more difficult for bad actors to compromise protected systems. Nothing makes a system impenetrable, but protecting credentials and having backups are good bookends to a comprehensive security program.
These solutions can also reduce the impact, if compromised, for end-users and offer peace of mind for both organizations and individuals:
- Password managers
- Data theft alerts
- Multi-factor authentication
- Cloud-based backup services
Using unique passwords and routinely changing them restricts the time window and the number of sites that bad actors can access with users’ stolen data. But remembering large numbers of unique logins and passwords can present their own challenge. A password manager can help address this problem, providing the ability to make entering complex passwords easy. Password managers can also aid in routinely changing passwords with little manual effort if the authenticating site supports the feature. This allows you to use complex passwords that are routinely changed while affording you an easy-to-use service across your phone and computer.
Some password managers can even create unique email addresses for each service you use, keeping track of multiple addresses and credentials. This feature breaks the direct link between your email address and your identity. Monitoring whether your business or personal accounts have been exposed is a good long-term practice to adopt.
Data theft alerts
Internet users with a password manager–and even those without–can benefit from awareness surrounding data breaches of specific websites, especially those that have resulted in the public exposure of private credentials.
These public reveals of data have made monitoring your data online imperative. Some security research sites, like “Have I Been Pwned?” track passwords and accounts implicated in publicly disclosed data breaches to make it easier for users to search if their email addresses or potentially sensitive data have been exposed. Users can create accounts to receive alerts if their information is exposed on the dark web. These websites aren’t just for personal use–companies that own their own email domains can receive reports of compromised accounts associated with their domains.
Multi-factor authentication (MFA) has been a prominent cybersecurity defense for years. Still, after the increase in remote work due to the COVID-19 pandemic, it’s become more widely used than ever before. MFA is used at the time of authentication for virtual private networks (known as VPNs) and software as a service (known as SaaS) products. MFA removes the single point of reliance on passwords and forces users to authenticate their identity in a supplemental way–typically by entering a code sent via SMS or email, using a separate application to authenticate, or with a biometric confirmation.
Instead of relying on a single password, using multiple layers of security helps prevent bad actors from easily gaining access to accounts enabled with MFA.
MFA is also available from more than just work or job-related technologies. Financial institutions, messaging platforms, shopping sites, game sites, and other personal use technologies are expanding support for MFA. MFA is especially beneficial when it pertains to protecting personal financial data or additional important, identifiable information.
The risk of lost data from a hard drive failure used to be the primary motivation for backing up one’s computer. But over time, hard drives have become more reliable, while new threats have appeared, including ransomware and malicious destruction of data (or “wiper malware”), which have become significant risks that need to be addressed.
For home users and small businesses, backing up data to limit the amount of interruption experienced if a system is infected may be the fastest way to restoration available.
Cloud-based backups that provide data encryption and MFA are readily available from many leading technology companies. Implementing these solutions has become exceptionally easy and provides a post-breach capability to restore your computing devices with cloud-based backups.
Some cloud-based backup solutions can enable MFA verification before removing data. This prompt can be an added data safeguard against wiper malware.
The best defense against cybersecurity threats is taking proactive measures to protect yourself and your personal data. It’s your responsibility to ensure your information is safe on the internet. Cybersecurity Awareness Month provides an important reminder to take a closer look at your digital behavior and implementing online safeguards, not just in October, but year-round.
Learn more about cybersecurity risk at Verisk.