Category: Tips & Tricks
Are you ready for a surprise audit from regulators? Do you have all your cyber program policies in place and can you evidence it? Would you like to go through a 1-hour mock audit to review your endpoint and network cybersecurity posture and compliance?
Printers and scanners are often forgotten devices that are important for your firm’s cybersecurity. Did you know there’s a feature on some printers or scanners that can be set to retain a copy of everything it processes?
You should disable the option to keep data or ensure data encryption otherwise anyone who has access to the machine has access to the private data it processed (unauthorized user, repair, sale, theft).
Take a picture of the configuration panel and put it in your cyber folder as evidence of risk prevention.
There are two options to properly decommission a computer used to access or store private data: destroy or repurpose. You can destroy the hard disk yourself and evidence the process with pictures or hire a third-party who will provide a certificate of destruction. You can securely repurpose an encrypted disk by using the operating system feature to perform a low-level format.
Remember to record decommissioning with evidence in your cyber folder and remove the computer from your asset inventory list.
To protect access to private data, strengthen your credentials by using a Password Manager to securely store them. Password data is robustly encrypted to your device and safeguarded in a protected vault further secured by MFA.
A Password Manager app offers ideal balance between security and time-saving access. It eliminates risk of weak and reused passwords and enables complex password generation.
Create a strong master password that you can memorize because it will be the only one you need! And remember to never allow your browser to save your passwords since they are easily accessible to hackers.
When a username is created properly it serves as additional security. Use of a complex username diminishes risk of malicious algorithms being able to predict credentials.
“Web Scraping” is a practice of data extraction used for market intelligence, but it can also be used nefariously. Bots operating at the direction of bad actors can harvest specific content from any website or social network that’s then manipulated. For example, bots can scrape leadership name data from a corporate website later used in credential-cracking script for potential usernames.
Don’t choose an easy to guess username like first name only, “admin” or “user” and refrain from using your email as your username. Also, be sure to change your network’s default “admin” username to a complex one!