为了保证贵公司的安全 opportunistic and targeted attacks,我们编制了一份快速防御清单.
1. Enable two-factor authentication.
增加的安全层总是一个加分项. Two-factor authentication 由两种不同形式的标识组成. A factor can be:
- 你知道的东西(密码、PIN码或安全问题)
- 你有的东西(电话、钥匙卡或卡片)
- 你是什么(一个生物特征因素,如指纹或声音识别)
This second level of authentication strengthens any login and gives you more peace of mind.
2. Use a VPN.
A VPN (virtual private network) is a great way to avoid possible attacks while using public WI-FI. 网络充当中间人,保护你的数据并更改你的IP地址. You’ll browse on public WI-FI without fear of hackers using the opportunity to steal your information.
vpn是远程工作或经常出差的员工的理想选择. vpn有免费和付费两种版本. 花点时间研究一下最适合你公司需求的社交网络.
3. Install security updates.
Without fail, security update windows pop up right in the middle of that important project you’re working on. The remind-me-later button is nearly a reflex, making sure it doesn’t slow you down. 毕竟,当你完成时,你会记得更新. Won’t you?
We’re all human. 不幸的是,这意味着我们都很健忘. When the pop-up comes back, 我们又要谈重要的事了, and the cycle continues.
Your computer’s security, and ultimately your company’s security, 取决于简单的漏洞被修复. A hacker could take the most insignificant vulnerability and turn it into a serious security incident.
花点时间保存您的工作并安装更新.
4. Use strong, varied passwords.
这可能是五个建议中最简单的一个. A strong password 有助于保护您免受黑客猜测您的凭据. We tend to use passwords that contain words easily found in a dictionary or maybe our pet’s name. 这是可以理解的,因为我们喜欢选择我们知道我们会记住的东西.
就像它让我们容易记住一样, this method makes it even easier for a hacker to guess your password and access your personal and work information. Even worse, if they guess that password, 而且你在多个账户上使用同一个账号, 他们现在很容易接触到大量的信息.
5. Train your employees.
问题不是“你的员工会不会被黑客入侵??而是“你的员工什么时候会被黑客入侵??” While employee actions can circumvent almost every security control you have invested in, security awareness training is critical to prevent your employees from being your number one risk. 用户通常是网络防御的最后一道防线, and there is no patch for people wanting to be helpful or wanting to do the right thing.
In this podcast, I explain why ongoing employee security training is crucial to ensuring employees know how to spot a hacking attempt, 最终保护您的组织免受潜在的网络攻击.
Listen to my Podcast Now
Key takeaways:
- 为什么员工常常没有意识到他们在这个过程中有多重要
- How not enabling multi-factor authentication on remote access to email allows hackers to easily access employee email accounts
- 为什么91%的网络攻击是从鱼叉式网络钓鱼邮件开始的
- 为员工设置强密码的重要性
- 为什么备份数据是防止网络攻击的必要手段
Subscribe to the Cybersecurity Sense Podcast on iTunes.