There’s no denying that more and more, we are living lives that take place online. Our name, photos, email, address, credit cards, even our taxes and banking are stored in cyberspace. Our personal information exists online now, and there’s no way around that fact.
In an era of data leaks, there’s never been a better moment to understand how to secure your personal, organizational, and customer data. While there is no silver bullet to avoid becoming the target of a cyber attack, there are many best practices to reduce your risk or lessen the impact of attacks that might occur.
This article will take a sharp focus on cybersecurity for people working within a maintenance department, but we’ll cover tips that are useful for anyone regardless of title or industry. We’ll also cover safe use practices for email, social networks, mobile devices and more. Read on for some useful cybersecurity tips and best practices.
Types of cyber attacks
According to the Transportation Security Administration, there are two categories of cyber attacks and cyber intrusions: cyber attack (CA) or cyber espionage (CE).
Cyber Attack (CA)
- Any actions direction against computers, information systems, networks and/or data stores to disrupt, damage, or destroy them
- Malware that may delete, altar, corrupt, disrupt, or destroy data, files, or networks
Cyber Espionage (CE)
- Actions taken in cyberspace intended to covertly acquire information or access from an attack
- Malware that transfers data and hides itself and its activities
- Persistent, discreet access to a network
What is cybersecurity?
Cybersecurity refers to any efforts or action to secure and protect critical information by preventing, detecting, and responding to cyber attacks. Cyber attacks usually aim to access, change, or destroy sensitive information; extort money from users; or interrupt normal business processes.
It can involve taking action to address known vulnerabilities in your software or operating system or shortcomings in your security practices such as weak passwords. The field of cybersecurity is constantly growing as new types of technology and therefore vulnerabilities are introduced to our systems. That’s why it’s critical to stay informed on best practices promoted by governments, industry leaders, and your organization’s security policies.
✔️ Set strong passwords, and update them regularly. Don’t share passwords with anyone. If you tend to have difficulties recalling your passwords, as many of us do, consider a trusted password managing app like 1Password or Dashlane.
✔️ Keep software, browsers, and operating systems up to date with the latest security patches. When your devices are not up-to-date, you are leaving vulnerabilities open to attackers.
✔️ Get comfortable using privacy settings, rejecting cookies, and limiting the amount of personal info you share online.
✔️ Backup your data. While having backups doesn’t prevent attacks, it certainly can lessen their negative impact.
Protect your devices
Keep a clean machine
Ensure you stay updated across the systems and apps you use to web browsers and your software OS. Update all network, internet and OS patches related to security. Staying up-to-date is an important step to better cybersecurity as many updates are designed to patch known vulnerabilities. Make sure all devices you use have antivirus tools and ensure they stay up-to-date. Any device that connects to the internet from tablets, computers, to gaming consoles should have the latest version of a trusted anti-virus tool installed.
USBs are largely becoming obsolete in favor of cloud-based file transfer methods. A big reason for this is that any USB key can be infected with malware.
Block scripting on email and browsers
Configure your browser to block active content like ActiveX, Java, scripting, popups and other harmful content. A common feature on all the major email clients is to disable scripting and block images until they are downloaded by the user.
Be vigilant with downloading anything off the web
Website’s by and large should not prompt downloads via popups. Hackers can come up with clever ways to legitimize download requests, so be wary when downloading anything from an email or website that you do not know and trust.
Read privacy agreements
I already know this tip is going to be popular! 😉When downloading a tool off the web, how many times do we scroll through without reading a privacy agreement? But, critical information about how your data is stored and monitored is contained in these documents, and shouldn’t be taken lightly.
Avoid clicking without reading
When installing software, read all instructions and look out for default options prompting your computer to install additional software. This can be a particularly clever way to tack on malware to an otherwise trusted tool.
Audit the security of your software vendors
Ask your fleet management software provider about their security best practices. Ask them if they have a third party service organization controls (SOC) report to prove they are following best practices. Inquire about the types of penetration tests that have been conducted on their products. Ask them if they have tested for the OWASP Top 10 security risks. And lastly, understand what kind of training their team is provided to ensure they understand the safe use of certificates and keys. An important action you can take is ensuring you read and understand your vendor’s privacy policies and verify that you understand how your personal and organizational data is handled and stored.
Do not leave unlocked devices unattended
Leaving a device unlocked and unattended is like leaving a vehicle with a door open and the keys in the ignition. Lock your devices using a strong pin.
Read names, emails, and website info
Spoofing is a method used by cybercriminals to appear as another person or source of information. Sometimes a website or email can appear legitimate at first glance. Be careful with emails that appear to be written “On Behalf of” an individual, even if you know and trust the name. Another common type of spoofing may be using a fake email address or name that is very similar to a trusted co-worker, but with a slight change that can be missed without vigilance. Always check a link destination before clicking a link in an email.
Use a VPN
A Virtual Private Network (VPN) connection is an important tool for remote workers to help employees to remotely and securely connect to your business’ network. It creates a secure, encrypted tunnel between your computer and your corporate network. It keeps out any unencrypted traffic.
Disable wireless networking
If you’re not connecting to the Internet, turn off wireless networking. Unknowingly connecting to networks you do not trust can leave your device vulnerable.
Save backups of your data frequently so that you can roll back to an earlier version if your data is ever compromised, corrupted, or held ransom.
How to handle a cyberattack or cyber incident?
Reach out to your IT department
In case of a cyberattack, it is critical that you reach out to IT or system administrators immediately to get the right people informed and ready to take action.
Verify that software is up-to-date
Ensure that all your devices with access to your network are updated to patch any vulnerabilities that could be present.
Disconnect from the internet
Doing this as quickly as possible can prevent bad actors from accessing your system.
Ensure your anti-virus software is up-to-date and complete a full scan
If there is an infection, your anti-virus should help you complete a system restore.
Secure compromised data
If you are aware of any sensitive information that has been compromised, share details with your IT or system administrator.
File a report
If you experience a cybersecurity incident, report the incident right away. If you live in the US, it is also advised that you file a report with the Federal Bureau of Investigation’s Internet Crime Complaint Center. If you live in Canada you can report spam through the Government of Canada website.