Refer a friend and earn! Find out how! ×
Lang Company

Lang Company Educate Yourself on Our Practices and the Latest in Office Systems

Cyber Defense Should Be Offensive

February 27th, 2024 by admin

Cyber Security - Lang

No, not rude or unpleasant but proactive. Taking steps to prevent problems before they occur is the most effective way to deal with cyber threats. Unfortunately, the real estate market is a heavily targeted market for cyber criminals due to the large amount of money that gets transferred or wired when conducting business.

Being proactive and adopting best practices around your technology infrastructure and data is the most effective way you can prevent an attack or limit the damage should one happen. Cyber security is a layered approach. Follow these steps to improve your chances of avoiding being part of a scam.

Creating Strong IT Habits

If some of these seem obvious, they are. Unfortunately, we still see some organizations neglecting to do even the most basic levels of cyber security. Here is the list:

  • Passwords: Should be required on every device that logs into your network, including phones. They should be complex (see example below). You should change passwords every 3 months at a minimum. You should use different passwords for different accounts.
    • Example of a bad password: Password21
    • Example of a good password: %Tve@l0Bx!
    If you have trouble keeping track of your passwords, use a Password Manager program to help you. Use multi-factor authentication (MFA) to log into critical programs.
  • End User Training: Most security breaches are caused by human error. Phishing schemes or clicking on a bad link in an email is usually the cause. This is particularly true in the real estate market where emails may be used to initiate wires. Make sure you are trained to identify and avoid these traps. If you have any doubt about authenticity, pick up the phone and make a call.
  • Email Security: Email security programs can prevent those malicious emails from hitting your in box. Today’s advanced tools use advanced analytics and AI learning to do a better job knowing what to block and what to allow.
  • Anti-virus and Malware Software: It should be installed, enabled, and set to update automatically. Free AV software is better than nothing, but the old saying of “you get what you pay for” is a wise old saying for a reason.
  • Security Updates: Those annoying, “please do not shut down your computer” notices contain valuable security patches. Set them to automatically download and install. Restart your computer as soon as the update is available. If your computer is too old to receive any updates, upgrade it at once. It is highly vulnerable to an attack.
  • Firewall: You should have a firewall. Most likely you do, but is it doing the job? Firewalls come in many different varieties. There are major differences in how effective they are at stopping intruders from entering your network. If your firewall is older or you purchased it because it was cheaper than the others, you are probably at risk.
  • Wireless & VPN: Stopping into a coffee shop to fire off some emails or working from a hotel room can be a major security risk if you are using their wireless network. Criminals can harvest log-in credentials. Better alternatives are using your phone’s hotspot or, if you must use the wireless network, make sure you use a VPN.
  • Routine Maintenance: Remove former users from Active Directory and old devices from the network. These pose a significant security risk. It is common for us to find former employees with active log-in credentials or devices on the network that no one uses. It is usually an oversight like this that can open the gateway to your network.
  • DNS Filtering: DNS filtering protects by blocking access to compromised websites, spam-based websites, and malicious websites. It also can free up network resources and bandwidth by giving you the ability to block visits to sites like Spotify, YouTube, & ESPN among others.
  • Proper Data Back-Up: Best practices say you should back up your data both locally and in the cloud. There should be multiple versions in case one gets infected or locked. Also, make sure you test your backup recovery at least once per quarter. Finding out your back-up is useless when it is the only thing keeping you in business is worse than not having a back-up at all.
  • Advanced Security Tools: Think of this suite of products and services as virus protection on steroids. Using AI, machine learning and analytics, this software will analyze threats, monitor device actions for deviations from the norm, and intercede to stop attacks in progress. The software is monitored by a staff of security experts who take action to contain any damage and begin remediation.
  • Dark Web Scanning: The Dark Web is where all that stolen data goes on the market. Passwords, emails, personal information, and more are being sold. By continuously monitoring the Dark Web for personal information, you can protect yourself before criminals can access your data or steal your identity.
  • Encryption: Having your files encrypted in a ransom attack is bad. Using encryption to prevent others from gaining access to the data on your files is good! You can employ various levels of encryption from data at rest to end-to-end encryption. Choosing the right level for you depends on many factors that are unique to your organization.
  • Cyber Insurance: When all else fails, cyber insurance will help offset the costs associated with a ransomware attack. Do not assume that your general liability insurance will cover these claims. It usually does not. There are several types of protection available. It is best to consult with your Cyber Insurance professional to make sure you are covered.
  • Hopefully, you are already utilizing many of these security measures. But remember, your best defense is only as good as your weakest link. Keeping criminals out 99% of the time is statistically great, but it only takes one opening to bring your business to a halt.

Time for a Check-Up?

If you would like an assessment to see where your cyber defense may be weak, we offer a security assessment that will provide detailed feedback on where you may be vulnerable. For more information, please call 888-700-0237, or visit https://langcompany.com/managed-it-services/network-assessment/

IT 365 logo

IT365 is a division of Lang Company dedicated to helping companies leverage their IT infrastructure to help them succeed in business. We use a proactive, comprehensive approach to give you a reliable, predictable, and secure technology platform so you can focus on your business.

IT365…Always on and working for you!

Tags: cyber insurance, cyber security prevention, cyber security

Posted in: Cyber Security

Categories

Archives