Cyber Security Podcast: Cyber Hygiene

September 15, 2022 · 10mins

Hello, everybody. I’m Terry O’Connor with O’Connor Insurance Associates. And again today, I’m with Bill Haleman with CCP. How you doing today, Bill? Hey. Doing great, Terry. How are you? I’m doing great.

It’s been one of those weeks full of all kinds of cyber activity, as I’m well, sure you’re well aware of. And we’re going to talk a little bit about some cyber hygiene today. Doesn’t that sound exciting?

It does. I mean, one of the most important things you do every day that you don’t really think about as super valuable is that kind of hygiene. Right. Dental hygiene as a good example. And in my opinion, cyber hygiene and stuff is important.

So we should dig right into it. Absolutely. All right. So cyber attacks are becoming more frequent. A lot of people are seeing them, they’re becoming larger and doing some typical cyber hygiene type activities to help protect yourself from cyber attacks.

Very important. Protect from security breaches, data loss, software vulnerabilities, and even antivirus weaknesses. But a lot of the things comes down to also defending your reputation. So we’re going to get into some of the things that you can do for cyber hygiene today that Bill is going to help us out with being in the It sector on what we should be doing for sure with our security.

So, Bill, let’s get into them. What would you say? One of the first things that people should be doing when it comes to their systems and their processes with protecting from cyber? So the most fundamental thing you do every day is have strong passwords that protect your credentials, things to keep in mind.

If you’re using the same password in a lot of different places, that’s a bad idea. If you’re using weak passwords, something that you can write down and never have to worry about, that’s probably a bad idea as well.

Hackers have gotten really about breaching a password in one place and reusing it everywhere else. And if you reuse those passwords, if you don’t have strong passwords. You might be in trouble. Terry, do you have any issues that you’re firing with having weak passwords?

No. I mean, we use some different systems that help us with some password creations that create very strong passwords. You should be looking into that all the time and have a system to be able to to change those passwords on a regular basis.

What are some other things, Bill, that we have on our list? We do have a page we’re going to put out that will give these hygienes listed so that you can check on yourself to see where you’re at right now with these things.

And if you have cyber coverage, you’re going to want to look to make sure you’re doing this because you probably indicated that you were. And if you’re not, that can cause you a problem too. So, Bill, let’s get into a couple of these other ones.

What would be the next one that you think that we should talk about now? Think about this as your cybersecurity daily hygiene checklist. The next thing is your security software. Almost everyone has antivirus in place.

It’s probably something they almost never think about. But is your antivirus updated? Is it one of the more advanced, or is it one of the more basic budget type antivirus software? The speed at which your antivirus software keeps itself up to date is going to help significantly with avoiding attacks.

The third thing I’d highly recommend is that daily backup process. One of the most recurring cyber attackers here now is a ransomware attack, and they go after your data. And the only two options you have if you suffer a ransomware attack is either to pay the ransom or to recover the data.

And if you haven’t backed up the data, that isn’t safe somewhere besides on your computer, that becomes no longer an option. And now you’re just in a we’re out of luck or we’re paying a ransom type of situation.

Yeah. And how many times we’ve heard that lately. And one of the ones that I want you to talk about a little bit today I always think is an oxymoron because it’s firewall. And, you know, you think fire to me has always been dangerous, hot, stay away from it.

You taught that thing. But. This is something that you really want to have in place, isn’t it built? Yeah, absolutely. If you have an office where you think of multiple machines are connecting to a single internet connection, all these machines are tied together.

If you don’t have a firewall, then you are at risk of if one person makes one under fortunate decision on one device, all of your devices are compromised. Firewall is designed to prevent the bad decision from happening, but even more importantly, it’s designed to prevent bad guys from proactively trying to get in and attacking your system.

So having a network firewall, especially if you have an office, is a really important thing. If you have a home office, your internet provider probably has given you a Firewall, but do you know anything about it?

Is it actually configured to protect you? Even at your home office? You should be thinking about the quality of your firewall. Those are some great points, Bill. We do see that a lot and we have people ask us a lot.

They’re not really sure if they have a firewall or not or I guess that’s when they need to contact an expert like the It guy who is going to be able to help them or call you and your firm to go in and do an assessment of the types of things that they have in place.

So the next one that I think is always an interesting one that I wanted to ask you about is multi factor authentication. And first of all, say that ten times and see how that ends up real fast. But it’s a tough one.

But it is something that insurance, when you’re applying for insurance coverage, absolutely wants to make sure that you have it in place. So give us a little quick tip on multifactor authentication and why it’s so important.

Yeah, absolutely. If we’re still sticking with that kind of dental hygiene metaphor, those first four things we talked about, maybe that’s kind of your breaststroke and maybe your occasional flossing.

We get into multifactor authentication now we’re talking about your mouthwash and the things that are going to take you to the next level. Multi factor authentication means even if someone does get your password, they do get your email address, they do understand what your username is.

They have to produce an additional factor to identify themselves. As you usually that comes in the form of on your mobile phone, you know, you receive a text message and that that text message is the third key you need to unlock your account.

So if someone doesn’t have your mobile phone, they don’t have that third key, they can’t open the lock. That is one example of a multiple factor. Now, you’ll probably not love to hear that actually just having a cell phone and text message isn’t as secure as it used to be.

There’s actually even better layers of multivariate authentication. An application, an app on your phone that generates a code instead of receiving a text message, is much more secure. And so having that multifactor authentication in place, which is becoming the new standard for having cybersecurity at a level that an insurance carrier is going to stay as adequate, that is becoming a critical item because it has a huge impact on protecting your account.

The other thing to think about multifactor authentication can be deployed in a lot of different places. Maybe you have on your email a multifactor authentication in place, but do you have it on your web portal for your business application?

Do you have it on your computer? Do you have it in all of the different places you need to have it? Some of the cyber insurance carriers are saying do you have multifactor in place? Yes or no. But that’s a broad question because maybe you have it in one place, but not nine other places that you get a breach in.

And you said yes, but you didn’t. So it’s something that’s important to think about. Having an expert in that area, like myself and our team kind of walk you through what is your true exposure there.

That’s an important piece. The final thing I’ll say, this is sort of the cherry on top when it comes to hygiene. This would be like ensuring that every day, in addition to brushing your teeth, using mouthwash, you just do a quick check in with the dentist and you take a quick look at the mouth.

You’re all good. Employee. Education. Right. So there’s no amount of software in the world that can prevent one of your employees from receiving a text message on their phone and believing the message and proactively reaching out to a cyber criminal.

More and more of those kind of text based attacks are happening. Attacks where there’s not a piece of malware loaded onto your system that a sophisticated piece of software would stop it’s. Someone saying, hey, can you go buy a gift card?

And can you send me the numbers? Text me the credentials from the gift card. Educating yourself, educating your workforce is the best way to prevent that kind of final type of attack. And we highly recommend if you don’t have a sophisticated training program in place, especially if you have an office, more than just a handful of folks, you need to look at getting one of those because the criminals are attacking in different ways.

It’s never evolving sort of a scenario. And having an education program that also kind of follows the trends is a key factor to protecting the organization. Absolutely. And those are some great points and something that even my agency went through with.

Bill did a whole cyber security training with our employees, and it was a great process to go through. I highly recommend it if you haven’t done something like that. So hopefully we’ve educated you on some cyber hygiene best practices today.

So go out, be prosperous, be safe. Bill, please stay vigilant. Subscribe our channel.

Full Video link: https://www.youtube.com/watch?v=Si7RzqN5lu4
To learn more about proper cyber hygiene, contact us.