News & Insights

The Most Important Cybersecurity Tips Provided by 10 WhiteHawk Insiders: Part II

WhiteHawk Inc.

The Most Important Cybersecurity Tips Provided by 10 WhiteHawk Insiders:  Part II

Part II

LeighAnne Baxter | Position: Marketing and Communications Manager

Mike Ferris | Position: Senior Analyst, Advisory Services

Tip: Password Hygiene & Enabling Multi-factor Authentication (MFA)

It used to be recommended that you change your password every 60-90 days to keep an account secure. This is known as Password Rotation. Use different complex passwords for each online account, and if you need to write them down to remember, use a password manager. That way, all you have to remember is one master password. A password manager can also randomly generate passwords for you to use, so you don't have to make up several different ones on your own.

Also, enabling MFA would add another layer of security. When a hacker tries to use stolen credentials, they can be stopped because they don't have the other token for authentication$mdash;whether it be a pin number sent via text or push notification on your smartphone.

Jason Beach | Position: Data Scientist

Tip: Maintain Paper Backups

Consider how services, such as banks, offer paper-free accounting. This is great for saving trees and keeping you more organized. But, paper should not be completely forgotten! That is, many possibilities for destroying data exist. Cyber attacks and malware are one, but there are also natural disasters to be considered, such as, radiation from solar flares, as well as hurricanes, floods, and tornados.

All the more reason you need to embrace Back-Ups$mdash;the process for offsite storage of daily backups of essential operating systems and files. Yet, backups are so easy to perform, that many companies forget to institute a policy for them. Backing up critical data, and systems is essential to protect yourself in case systems are ever hijacked or fail.

Aymone Kouame | Position: Jr. Data Scientist/Business Analyst

Xaiver Pena | Position: Development Security Analyst

Nathaniel Allen | Position: Analyst, Advisory Services

Tip: Staff Education & Cultivate a Culture of Cybersecurity

Just like an annual physical check-up by your primary care doctor, a company should undergo a risk, security, and training assessment of their inner cybersecurity workings.

It's no secret that people are known to be the weakest link in an information system. To maintain a healthy cyber environment, besides training, ensure all systems are updated, including anti-virus, anti-spyware, firewall software, and other security programs at all time.

Furthermore, it cannot be understated how important it is in educating all personnel, from the outset of being hired, on current hacking techniques, security issues, and social engineering techniques. You do not have to be in IT to understand cybersecurity. This can be done free or at a low cost through brief e-mails, content feeds, periodic meetings, etc. A simple cybersecurity exercise example can be set up by IT personnel, in which phishing exercises are sent out to employees. From there, the IT team can see, and assess the percentage of a company's employees that would click on a malicious email. This in turn, provides essential training where needed.

Lily Da Huang | Position: Digital Marketing Associate

Tip: Enable Firewalls and FireVault

Most Mac users do not realize that default typically disables the MacOS firewall, and file encryption functions. In just a few clicks, users can easily enable the built-in firewall, and FireVault that will help encrypt all documents, and prevent unauthorized access to Mac's applications, programs, and services.

John Taormina | Position: Advisory Analyst Internship

Tip: Identify Phishing Scams by Using Google to Verify

Phishing - Assume everyone's out to get you. Have the mindset that every email is a phishing attempt until proven otherwise. This way, you will cautiously examine each email to verify its authenticity. I use this strategy when driving (assume everyone else on the road is a horrible driver and you will always be more cautious).

Another strategy to help you is to use Google for verification. This can be used for phishing or anything in general. If you are on an unfamiliar website that is asking you to enter your credit card number, find others who have used the website online, and see if they have positive or negative reviews on it. Some websites may seem sketchy, but are secure to buy things from, while others may not seem so dangerous but are. If you ever enter information into an unknown website, Google the website first.

Daniel Merene | Position: Front-end Developer Associate

Tip: Physical Cyber Safety

Be conscientious of what you plug into your computer. Malware can be spread through infected flash drives, external hard drives, and smartphones.

Katherine Bodendorfer | Position: Business Intelligence Analyst-Associate

Tip: Cyber Insurance

If your house is at risk of water damage because it is in a flood zone area, you insure the property. Mother nature is unpredictable after all. Cyber breaches are no different.

To put it bluntly, by 2021, cyber crime costs will reach an astounding $6 trillion. In the event of a breach, there are legal fees, cost of an investigation into the incident, cost of restoring data, cost in the notification, the cost in downtime, and cost in helping clients recover what was lost in the compromise. All of this adds up!

These are precisely the things cyber insurance helps you with. Something interesting to consider is that companies who have cyber insurance in place, most likely will have the best cybersecurity policies, and standards as well. Why? Because before getting approved for cyber insurance coverage, a company is subjected to a thorough evaluation by the proposed insurance company. Therefore, it makes sense that a cyber exam might in turn, trigger better practices and behavior, expose weaknesses of a policy, and enhance the wellness of a business.