Cyber Tips & Tricks for SMBs in All Verticals

Cyber Blog

Cytellix Cyber Tips & Tricks

by Brian Berger, EVP of Commercial Cybersecurity

A while back, I wrote up this list of tips and tricks for customers and partners.  As with everything else, reminders are a great as we have very busy lives and sometimes important items are given a lower priority.  As I was reading this list today, it reminded me to take care of a few personal items on this list.  Send it along to friends, colleagues and family – there are some good tidbits in here.

  1. Never open email from unknown senders
  2. Right click on email addresses to verify sender’s domain is legitimate, prior to opening an email message. Take a minute and make sure all the spelling and addressing is correct.
  3. When in doubt about an email and its intentions, call the sender to verify.
  4. Use two step verification / authentication if possible
  5. If it’s being offered for free, it’s never free
  6. Use a modern anti-malware / anti-virus product
  7. Always update security when requested by legitimate publishers
  8. Back-up your data, use multiple places/locations.
  9. Back up your data offline when possible
  10. Do not download applications from unknown publishers or sites
  11. Never share USB keys/drives
  12. Do not open attachments in email messages from suspicious senders – verify sender and intentions
  13. Using mobile devices for browsing is just as risky as laptops for discovering malware and virus’s
  14. Check what ports are open on your network and their behaviors
  15. Segment your network for guest and internal users. And, segment IoT devices from the data networks where possible.
  16. Public Wi-Fi networks are very risky for data protection on your devices – use a VPN
  17. Use a secure password manager for all your unique passwords – some are free
  18. Never us the same password 2x
  19. Physical spying takes place as much as digital spying, watch who is looking over your shoulder.
  20. No one is protected from being hacked, you are, will and have been hacked!
  21. Set strong privacy setting on your devices – you don’t want to overshare
  22. Java script in your browser is insecure, disable it!
  23. Always ask yourself questions about communications sent to you, be suspicious is the best practice.
  24. Use the best browser available from a security perspective, stay aware of exploits of browsers.
  25. Patch, patch, patch!
  26. Pay attention to mobile app permissions and access, some will access very private, personal and proprietary information you want to remain confidential.
  27. Clean up (delete) apps you don’t use
  28. Use device passwords to lock and encrypt the data wherever possible – losing a device is painful enough!
  29. Never leave devices set to default
  30. Change Wi-Fi passwords often and never repeat them
  31. Don’t use family names, birthdates, dogs names, and phone numbers as passwords – be unique and complex
  32. Social media has risks associated with personal information – don’t feed the bad guys information they can use against you.
  33. Inventory and manage your devices and their IP addresses on your network
  34. Remove any devices that are end-of-life from their manufacturer from your network – they are attack points
  35. Log-out of services like banking when your done with your business.
  36. Don’t store UID/PW in cookies on devices, just don’t do it
  37. IoT is pretty cool, but, make sure you manage these IoT devices with the same care as your computer. Attackers are looking for web cams, thermostats, digital assistants and door locks that are not managed properly.