Written by Robert SicilianoFollow Robert Siciliano on Google+
What's it gonna take for companies to crack down on their cybersecurity? What's holding them back? Why do we keep hearing about one company data breach after another?
Well, there's just not enough IT talent going around. The irony is that most company higher-ups admit that cybersecurity is very important and can even name specific situations that could compromise security, such as
having multiple vendors vs. only a single vendor; not having quality-level encryption in place; allowing employees to bring their own mobile devices to work and use them there for business; and having employees use cloud services for business.
Many even admit that they lack confidence in preventing a sophisticated malware onslaught and are worried about spear phishing attacks.
So as you can see, the understanding is out there, but then it kind of fizzles after that point: Businesses are not investing enough in beefing up their cybersecurity structure.
Let's first begin with signs that a computer has been infected with malware:
- It runs ridiculously slow.
- Messages being sent from your e-mail-behind your back by some unknown entity.
- Programs opening and closing on their own.
What can businesses (and people at home or traveling) do to enhance cybersecurity?
- Regularly back up all data.
- All devices should have security software and a firewall, and these should be regularly updated.
- Got an e-mail from your boss or company SEO with instructions to open an attachment or click a link? Check with that person first-by phone-to verify they sent you the attachment or link. Otherwise, this may be a spear phishing attempt: The hacker is posing as someone you normally defer to, to get you to reveal sensitive information.
- Mandate ongoing security training for employees. Include staged phishing e-mails to see who bites the bait. Find out why they bit and retrain them.
- Never open e-mails with subject lines telling you an account has been suspended; that you won a prize; inherited money; your shipment failed; you owe the IRS; etc. Scammers use dramatic subject lines to get people to open these e-mails and then click on malicious links or open attachments that download viruses.
- Install a virtual private network before you use public Wi-Fi.