Written by Sarah Greeley
———-
Think your data’s cyber-secure? So did millions of Americans before news of Equifax’s massive data breach broke in September. While we (unfortunately) can’t go back in time and fix the vulnerabilities that led to the Equifax breach, what we can do is move forward with a new and heightened awareness of cybersecurity—and what steps we can take to keep things as locked down as possible.
October is Cybersecurity Awareness Month. And while that probably sounds like something only your IT guy at work needs to know about, that’s not the case. Because so much of our time is spent online these days—at home and at work—cybersecurity is really everyone’s responsibility. Cyber criminals do not discriminate in targeting; they simply look for vulnerabilities and then exploit them.
Luckily, there are things we can all do to help keep data secure. In an effort to help keep the general public informed and protected, the Department of Homeland Security has put together Stop.Think.Connect. Toolkits for everyone from students to small businesses to older Americans, and we recommend you download the toolkits most relevant to you and your loved ones.
Here are some basic cybersecurity tips to keep in mind:
Sign up for alerts from the United States Computer Emergency Readiness Team (US-CERT).
This will notify you any time there is a known vulnerability in electronic devices, social networking sites, browsers, apps, and more.
Secure your mobile phone.
Use the FCC’s Smartphone Security Checker to generate ten simple steps specific to your mobile operating system. This will help you protect your personal data, safely use public Wi-Fi, and take action when your phone is stolen.
Report suspicious cyber incidents.
THIS ONE IS HUGE! We all see spammers and scammers on a daily basis… but do you report it when you see it? Doing so could mean the difference between that scammer continuing to prey on vulnerable individuals and them being stopped in their tracks. Use this handy guide from the DHS to determine when and how to report suspicious cyber incidents.
Use 2-factor authentication.
2-factor authentication is just one way you can better protect your data online.
Is it a pain in the neck? Yes. Is it worth it? Absolutely. Accounts become much more secure when you initiate 2-factor authentication because in addition to needing a password, you’ll also have to verify it’s really you using another method—most commonly a security key, biometrics (such as a fingerprint), or one-time code. The good news is that many online services—from email to financial services to social media—offer this extra layer of security for free. All you have to do is turn it on.
Educate employees about cyber security and acceptable use policies.
Your people are your biggest asset, but if you do not educate them on how to keep their (and your!) data secure, they can also be a vulnerability. Set up at minimum an annual lunch and learn to educate employees on cyber security best practices and your company’s acceptable use policies. Doing so will help you prevent problems instead of having to deal with the aftermath. StaySafeOnline has some great resources and talking points.
———-
Cyber security and digital risk management for businesses is a bit more complicated; with so many individuals involved with the company and so much noise online, it can be difficult to predict problems, spot issues, and keep data secure.
Here are just a few of the things we monitor for our clients, which we recommend all businesses keep in mind:
Website security.
Are all your plugins up to date? Is the website backed up? In a 2016 study from Sucuri, 78% of websites that were compromised were built in WordPress (this is mostly due to its popularity as a CMS), and 25% of those hacks happened because of outdated plugins. We can’t count the number of times we’ve taken over old websites from clients only to find they had been previously hacked… and believe us: it’s a lot easier to prevent a hack than it is to clean up after one! In addition to making sure your plugins and CMS are up to date, we recommend setting up a website firewall and monitoring system that will alert you to potential hacks or other issues (Sucuri and Wordfence are two good options), limiting failed login attempts for your site, and setting up password protection for your website’s admin directory.
Copyright protection.
Believe it or not, some people still haven’t learned that it’s not acceptable to copy someone else’s content. In fact, under the DMCA (Digital Millennium Copyright Act), all content online is protected under copyright law regardless of whether the copyright © symbol appears. Many of our clients have had copy from their websites stolen by other websites (usually illegitimate, scammy websites). Our job is to a) monitor online and let our clients know when their copyright has been violated; and 2) help resolve the situation.
The process for resolving these situations includes contacting the website owner, sending a cease and desist letter, and, if necessary, reporting the site to Google and their web host. Do yourself a favor and get a free DMCA badge on your website. If the badge is on your site, DMCA.com will do one free DMCA takedown request.
How do you monitor for copyright infringement? If you don’t have a tool or agency like Agile Impact to help, it can be time consuming. We recommend at minimum setting up Google Alerts for your company’s name, as well as any top executives or products associated with the company. To check for plagiarized content, you can use Google Search to scan the internet for unique pieces of your content. There are also many free plagiarism checkers available online for this same purpose.
Unauthorized use of images.
Another common copyright problem is our clients’ images being taken and used without their permission. The most flagrant violations in this category include the following:
- Unauthorized use of company images on social media.
- Creating spammy social media accounts using legitimate executives’ pictures (think: stealing headshots from a website and then creating fake social personas with those images).
- Cloning entire client websites, updating some of the text but leaving all of the imagery intact. This gives off an aura of professionalism and authority, making a complete scam look legitimate. (Yes, this happens regularly to our clients)
Luckily, on social media, reporting unauthorized use of company images is farily simple. Each social media network has a section dedicated specifically to reporting copyright abuse. Here are the more popular networks:
- Facebook: https://www.facebook.com/help/contact/634636770043106
- Instagram: https://help.instagram.com/contact/372592039493026
- Twitter: https://support.twitter.com/forms/dmca
- LinkedIn: https://www.linkedin.com/help/linkedin/ask/TS-NCI
The company not knowing about one of the latter two situations does not matter as far as public perception is concerned. Someone running a scam that looks like it’s related to your business, whether or not it is, has the power to do a lot of damage if not shut down quickly. Monitoring regularly for issues like these is an absolute necessity for well-known companies. (Remember when someone created that fake Equifax security breach website that Equifax itself linked to because it looked so legitimate? Us, too.)
Social media imposters, squatters, and impersonators.
Sometimes it’s not just a headshot that gets stolen for social media – sometimes, it’s a name, too. This is a problem especially for well-known executives, but lesser-known or niche execs are not necessarily safe from it. For just one executive we work with, we have taken out over 200 social media imposters in the past two years. While that’s an extreme example, it begs the question: are you monitoring for imposters? And do you know what to do about it if you find one?
Social listening and monitoring of online media can be tedious and time consuming, even with the proper tools to do the job—often you still have to manually sort through what’s “noise” and what’s not. And no tool, no matter how powerful, can catch and triage all the issues… sometimes a human touch is needed. Shoot us an email if you’re curious about how Agile Impact can help lower your company’s digital risk.
Do you have a cyber security plan to monitor for potential issues and outline steps to take should you find yourself a victim of a hacker, spammer, or scammer? Do you think we missed any important cyber security tips in our article? Share your insights with us in the comments.
Agile Impact Group is proud to support National Cyber Security Awareness Month. Please share this article with your network to help spread knowledge about cybersecurity.