New Year, New Security

Written By Tibby Fielding and Jon Masula

It’s a new year, and that means it is time to check in on the security of your organization. Security is all about knowing who and what to trust. At ADVYON, we help prevent data breaches and keep our clients secure. The growing threat from scammers using social engineering techniques has increased. Social engineering consists of the manipulation tactics criminals use to persuade victims to reveal confidential information. Typically, criminals attempt to trick you into giving them access to your passwords, bank information, or computer to install malicious software.

What does Social Engineering look like?

Social Engineering can take place in the form of emails from a friend, coworker, or trusted source. These messages may come from mimic accounts or hacked accounts. They can contain links infected with malware, files with malicious software, or phishing scams. Common phishing scams are carried out by tapping into your emotions such as urging for your help, asking for charitable donations, notifying you of winnings, or asking you to verify secure information. Signs that may point to a scam include altered email addresses, requests for personal or financial information, suspicious account activity or login attempts, or claims that there is a problem with your account or payment information.

Preventing Social Engineering

Businesses and individuals need to have plans to effectively monitor, analyze, report, and respond to potential threats. Listed below are the top 5 ways to protect your business from potential threats.

1. Start employee training with strong password policies and Multi-Factor Authentication (MFA). Strong passwords have at least 8 characters and utilize a variety of symbols. MFA requires users to present at least two types of authentication. 
2. Use encrypted file sharing. Encryption secures data with layers of protection, including two-step verification, and requires users to have shared links. 
3. Utilize defensive measures. Employ Antivirus and anti-malware software. Using both gives you a wider surface of protection. Antivirus protects against malware while Endpoint Detection and Response (EDR) detect viruses and malware, and monitors for suspicious traffic.  Use firewalls to block incoming traffic from known malicious sources. A firewall acts as a barrier between an external network and the network it protects. It inspects data using a set of rules configured by the network administrator.
4. Perform daily scheduled Backups of your servers using both local drives and cloud storage so data can be stored independently both onsite and offsite.
5. Use group security permissions and least privilege access. This is used to ensure data integrity, and only users who need access will have it.