Strengthen your cybersecurity defenses in 2024 with these tips from the Schneider Downs cybersecurity team.
Happy New Year! As we start 2024, many of us are making new year’s resolutions to achieve a goal, improve behavior or continue good practices.
In the spirit of the tradition, we asked our cybersecurity team to share the top resolutions end users and organizations can make to improve their security posture in the new year.
1. Use a Password Manager
Password managers offer a convenient and secure method to access your accounts by allowing you to create, store and use strong passwords in a centralized manner. They also allow you to keep track of a variety of passwords for individual accounts, as you should never use the same password for more than one account in case of a breach.
2. Implement Multi-factor Authentication (MFA) Whenever Possible
Strong passwords are a great start, but implementing MFA is even better. MFA is a key defense against phishing attacks, creating an additional step to the account login process to protect your accounts. Just be sure that you made the initial request if you receive an MFA prompt – as threat actors are using MFA fatigue to take advantage of our learned behavior to automatically approve these requests.
3. Uninstall Unused Apps
One of the simplest ways to keep your information secure is to uninstall unused apps from your smart devices. Even if apps are legitimate, many of them have default privacy settings that access your data and could potentially put you at risk if the app’s company is part of a breach. Be sure to take advantage of your smart device’s settings that may allow you to set up automatic app cleanup.
4. Commit to a Penetration Test Schedule
Our team has done countless penetration tests, which help organizations assess their security postures. Unfortunately, many organizations don’t commit to a regular schedule of testing, which prevents them from fully maturing their security program, since threats and defenses are constantly evolving.
5. Install Patches and Updates
Your security is only as up to date as your software, so it’s important to commit to regular patches and updates as needed. The majority of these are done automatically, either triggered by a restart or prompted through push notifications. Just be cautious about web browser update prompts, as fake browser malware attacks have been on the rise in recent months.
6. Create a Home Network Dedicated to Work
The rise of remote work continues to put a strain on organizational security simply because personal home networks are often integrated with work networks. If you or anybody in your home uses your home internet for work, creating separate networks for professional and personal use is an important defense mechanism. If you are unsure how to do this, simply reach out to your IT department.
7. Don’t Trust Unsolicited Phone Calls
Fraudulent phone calls, known as vishing, are still a popular phishing method of threat actors. If you receive an unsolicited phone call asking for private or financial information, simply hang up. If you think the call is legitimate you should hang up and call back a verified number. While these attacks still happen, the good news is many smartphones have technology dedicated to outing potential scams before your phone rings at all.
8. Stop Blindly Scanning QR Codes
One of the odd trends of the pandemic was the resurgence of QR codes as conveniently contactless methods of viewing information such as restaurant menus. Unfortunately, phishing attacks via QR codes (known as quishing) are on the rise, to the tune of 587% between August and September of 2023. QR codes are useful but be cautious and verify the domain associated with a QR code before you scan it. Remember, anybody can make a QR code, especially those with malicious intent.
9. Avoid Public Wi-Fi Whenever Possible
This cybersecurity best practice is pretty self-explanatory, but still one of the leading security concerns for individuals and organizations. Even if the Wi-Fi network is legitimate, it doesn’t mean it’s safe – and you don’t know who is on the network with you. If you must use public Wi-Fi, avoid accessing any sites with personal information or credentials, and use a VPN for additional security.
10. Regularly Check if Your Information is Part of a Breach
Chances are your information has been part of a breach in recent years. If so, you may have received an email or letter with a vague explanation of the breach and an offer for free credit monitoring, but we recommend being proactive by using verified resources, such as “have i been pwned?“, to find out if your information is exposed. If your data is out there, be sure to check your credit report, change passwords and check the breached party’s website for additional resources.
Those are our cybersecurity resolutions for the new year, what are yours?
If you have any questions about our list or how to achieve your cybersecurity goals for 2024 contact our team at [email protected].
About Schneider Downs Cybersecurity
The Schneider Downs cybersecurity practice consists of experts offering a comprehensive set of information technology security services, including penetration testing, intrusion prevention/detection review, ransomware security, vulnerability assessments and a robust digital forensics and incident response team. In addition, our Digital Forensics and Incident Response teams are available 24x7x365 at 1-800-993-8937 if you suspect or are experiencing a network incident of any kind.
To learn more, visit our dedicated Cybersecurity page.
Want to be in the know? Subscribe to our bi-weekly newsletter, Focus on Cybersecurity.
