See if your account has been compromised
By now, almost everyone has been affected by a public or private security breach. Many people feel this will not happen to them, but the reality is, it will eventually happen to anyone using social media and the internet.
You can use the service HaveIBeenPwned https://haveibeenpwned.com/ and search your personal emails or your business domain for anyone affected in your organization. (https://haveibeenpwned.com/DomainSearch)
Make sure to subscribe to receive updates so you are notified if any new breaches have your email account.
Use a Password Manager
Using the same password is a common practice for most people, but that comes with a big potential risk. Once a hacker learns your password for one account, it allows them to try that password on other infrastructures or systems you are on.
For this reason, passwords should be easy for you to remember and but hard to crack. Use the following guidelines for your passwords offered by the NIST (National Institute of Standards and Technology – https://spycloud.com/new-nist-guidelines/
- An eight-character minimum and 64 character maximum length
- The ability to use all special characters but no special requirement to use them
- Restrict sequential and repetitive characters (e.g. 12345 or aaaaaa)
- Restrict context specific passwords (e.g. the name of the site, )
- Restrict commonly used passwords (e.g. p@ssw0rd, )
There are also various free and paid versions of password managers you can use. By using your password manager for any site login, you can easily maintain complex passwords without compromising them. Some recommendations below:
- 1Password – https://1password.com/
- Lastpass – https://www.lastpass.com/business-password-manager (Free for personal use, Paid plan for businesses)
- Bitwarden – https://bitwarden.com/ (Free for personal use, Paid plan for businesses)
- Dashlane – https://www.dashlane.com/ (Free for personal use, Paid plan for businesses)
- Zoho Vault – https://www.zoho.com/vaul (Free for personal use, Paid plan for businesses)
Protect your assets
One of the most overlooked aspects of safeguarding your information are the computers/laptops/mobile devices we use daily. The protection of these assets will minimize your exposure.
- Install Anti-virus Protection: This is the first line of defense for your The antivirus should protect your device from external attack and any running infections. We recommend every computer should be running an antivirus, even if it is a Linux or MacOS based device.
The anti-virus applications we offer and recommend are:
· For Home Users:
- Sophos Home Users– (Free Edition and Premium): https://home.sophos.com/download-antivirus-pc
- Bitdefender – (https://www.bitdefender.com/solutions/free.html
- AVG Free – (https://www.avg.com/en-us/free-antivirus-download_
- Windows Defender – (Comes with Windows 10 and only for Windows)
- Comodo – https://antivirus.comodo.com/antivirus-for-windows-10/
· For Business:
- Sophos Endpoint Protection, Sophos Intercept X (Protects against Virus, malware and adware infection and Ransomware)
- Bitdefender (Protects against Virus, malware and adware
- Malwarebytes (https://malwarebytes.com/business/)
B) Keep your Software and Systems Up to date
Systems and software are meant to be kept up to date to avoid vulnerability attacks and to limit security damages. For Home users, you should always update your software and operating systems to the latest versions. For businesses, we recommend having a patch management system that handles the up-to-dates, so it doesn’t affect the business process but still protects your assets.
C) Back up your data
As always, your data (documents, files, important information, business critical information) should always be backed up in the event of an infection, lost computer, disaster event, or ransomware attack. You can backup your computers to a USB drive, cloud storage or a network storage.
For Windows computers, using a USB drive or network storage, we recommend using one of the following:
- Veeam Endpoint Backup – (https://www.veeam.com/windows-endpoint-server- backup-free.html)
- Windows Backup or File History (Integrated with Windows 7 to Windows 10 only) For Mac users, we recommend using Time Machine to backup to their USB Drive or network storage https://support.apple.com/en-us/HT201250
For Windows Computers, and using a USB Drive or Network Storage, we recommend using one of the following:
For Home users (using Mac or Windows) we recommend Cloud based backups using Backblaze or Carbonite
- Backblaze – (https://www.backblaze.com/cloud-backup.html )
- Carbonite– (https://www.carbonite.com/backup-software/buy-carbonite-safe)
For Businesses we recommend having an IT consulting firm or MSP evaluate the systems and check what are the requirements for your disaster recovery and business continuity plans with your business RPO (Recovery Point Objective) and RTO (Recovery Time Objective). Talk to us so we can review those plans with you.
We recommend the following systems:
- Datto Backup
- Veeam Backup and Replication
- Backblaze B2
Educate your peers and yourself on Security Awareness
All of us are frequently exposed to sophisticated social engineering attacks that look to get our information, scam us and steal from us. For that reason, we are the last line of defense. We must train our users, analyze where the weak points are and enforce the changes. If you would like to talk to TNTMAX about user security training, we have various options we can provide including Knowbe4, Sophos Security Awareness and others.