Given the critical nature of cyber and information security readiness, October has been designated as Cyber Security Awareness Month to increase everyone's attention to this topic.

In support of this national effort, we have shared easy-to-use expert tips that you can put into practice to help reduce vulnerabilities in your organization.

Cyber Tip #1: Stronger Password Practices for Greater Security

Good password hygiene can add a significant barrier against unauthorized intrusions into your systems. Our cyber experts recommend the following best practices:

  • Make passwords a minimum of 8 characters, use both upper and lower case letters, and include special characters (e.g., @, %). Ideally, passwords should be a combination of randomly generated characters.
  • Stay away from using people, pet, celebrity, or sports-related names as part of your passwords.
  • Never save passwords to a document on your computer or write them down on a piece of paper in your work area.
  • Do not share your passwords with others.
  • Consider using password managers from leading providers such as LastPass, Zoho, or Everykey.

Cyber Tip #2: Email Best Practices to Reduce Hacks

Given the prevalent role email plays in our daily lives, it's no surprise it is the preferred method of system intrusion by hackers. These steps could reduce the chances of system hacks via email:

  • Never open email attachments that end with .exe, .bat, .com, or any other executable files that you do not recognize.
  • Do not click on links embedded in emails without having first hovered over the link to ensure it is a legitimate site that you recognize.
  • Pay attention to links and domain names from senders. Hackers take advantage of our busy schedules and make fake domain names that look very similar to real ones (e.g., www.amazon.com versus www.amazzom.com).
  • Do not reply to spam emails; simply delete them.
  • Try to minimize your email list subscriptions. More subscriptions will lead to a higher probability of your email address being compromised.
  • If you are unsure about the authenticity of a message, contact your IT helpdesk for guidance!

Cyber Tip #3: Cyber Beaches: Not If, but When

Given our increased dependence on information technologies and rising levels of cybercrime, it is only a matter of time before your organization experiences a breach. Be prepared when a breach occurs by making sure the following items have been addressed ahead of time:

  • Ensure all users are aware that if a malicious activity occurs, they should not shut their machine down. Instead, they should disconnect it from the network and notify the IT department immediately.
  • Have a well-planned and tested backup and restore capability in place. Consider the possibility of a cyber breach when designing such backup and restore procedures.
  • Conduct periodic vulnerability and penetration testing exercises to identify potential system and information handling weaknesses and address them based on severity levels.
  • Have an updated set of cyber and information security policies and procedures in place and reinforce them through ongoing training efforts.
  • Have an updated Incident Response (IR) plan in place that takes into account various elements such as customer communications and the state, federal, and international (i.e., GDPR) regulatory and law enforcement implications of a breach.

***

If you would like to inquire about attending the above event, or you'd like to discuss your organization's cyber needs, please don't hesitate to reach out to Sassan S. Hejazi, Director, Technology Solutions, at Email or 215-441-4600.

Information contained in this alert should not be construed as the rendering of specific accounting, tax, or other advice. Material may become outdated and anyone using this should research and update to ensure accuracy. In no event will the publisher be liable for any damages, direct, indirect, or consequential, claimed to result from use of the material contained in this alert. Readers are encouraged to consult with their advisors before making any decisions.