Cybersecurity is a growing issue in our digital-focused world. Both individuals and organizations, large and small, have become targets of cybercriminals.
But there’s good news, too. Organizations like ours are fighting back with information security. It’s all about protecting the confidentiality, integrity, and availability of information.
The goal is to prevent unauthorized access, use, modification, and destruction of our vital information. As an MPI business partner, you have an important role to play in the solution.
The following are tips to help you be more aware and proactive with your business’s information security.
Be Vigilant with Emails
Cyber criminals often use emails with false links or infected attachments to hack into computers.
- Review emails thoroughly to ensure that the email address is legitimate and the subject line is something that applies to you or your business.
- Don’t open emails from unfamiliar individuals or organizations.
- Don’t click on links or open attachments in unsolicited emails or emails with suspicious messaging. Emails can include malware in Microsoft Office documents, PDFs, and ZIP files, which can jeopardize your privacy or compromise your device.
If you’re suspicious about an email, contact the individual or company directly (don’t reply to the email), to verify that the email and any attachments are legitimate.
Protect Your Devices
It’s important to ensure that devices are secure and up-to-date to prevent the latest cybersecurity attacks.
- Install security software from a reliable company on your computer(s). Security software should include features like anti-spam, anti-virus, anti-malware, and a firewall.
- Make sure your operating systems, applications, and devices are enabled to automatically install updates. Cyber criminals often infect computers or devices by exploiting vulnerabilities in outdated software. The more current your software is, the fewer known vulnerabilities your systems have and the harder it is for cyber criminals to infect them.
Backup Your Information
Backups are copies of your information stored somewhere other than on your computer. When you lose valuable data, you can recover that data from your backups.
- Set up an automated file backup system.
- Check your backups periodically.
- Destroy outdated backups that are no longer needed.
If you’re using a cloud solution, research the policies and reputation of the provider, and make sure they meet your requirements (for example, encryption, strong authorization, two-step verification).
Secure Your Router
Your internet router is the gateway in and out of your business’s network. If someone gets access to your router from the outside, they can access files and information from your computer and devices.
- Change the default administrator user IDs and passwords. The admin account is what allows you to configure the settings for your wireless network.
- Upgrade to the latest firmware on each device.
Set Strong Passwords
Strong passwords are key to protecting devices and online accounts. When setting a password, keep the following things in mind:
- Focus on length over complexity.
- Use capitalization, numbers, and/or special characters (if allowed).
- Don’t use personal or accessible information as your password.
- Never give out your password for any reason (including requests from IT or business partners) – see Social Engineering below.
- Don’t use the same password for different applications and devices.
Beware of Social Engineering
Social engineering is a technique used by cyber attackers to trick people into doing something they shouldn’t do, such as share their password or other confidential or sensitive information. Social engineers use influence and persuasion (such as claiming to be the CEO or staff from the IT department) to manipulate people into divulging personal information.
Common social engineering scenarios include:
- Someone contacts you claiming to be a system administrator. He claims there are problems with your account and needs your password to fix it.
- Someone contacts you claiming to be from a credit card company. He needs to verify your account and asks for your credit card number and expiration date.
- Someone contacts you claiming to be a new staff member. He has forgotten his password and asks you to give him yours because he needs to get into the system very quickly or he'll be in trouble with the boss.
- Someone from somewhere far away wants to give you millions of dollars, but needs your help in the form of money for bribes, expenses, etc., in moving the money from there to here.
The basic goals of social engineering are to gain unauthorized access to systems or information in order to commit fraud, network intrusion, industrial espionage, identity theft, or simply disrupt the system or network.
Not sure how to make your devices more secure? Ask your internet service provider (e.g., BellMTS, Shaw, etc.) or check the documentation that came with your router. Alternatively, check your service provider or router manufacturer’s websites for information to get you started.
Thanks for your commitment to protecting our customers’ information through information security.