Cybersecurity is the shared responsibility of every agency employee and business unit. YOU play a key role in properly safeguarding and using private, sensitive information and state resources. Although your Managed IT Services or any type of IT support and services consultant you use will set up the network security defense configurations, it is up to each and every client and their end users to do their part in using the system safely.
Every reputable member of the IT Support Los Angeles community regards Cybersecurity as the main objective of their service, along with rapid response and repair. However, part of the responsibility does lie with the client and its employees, and so a top-notch Managed Services Provider will offer an end-user security training session. Some charge for it, IT Support LA offers this at no charge. After all it is in all our best interests that we help prevent untrained user letting an attacker into the system.
The following CyberSecurity Dos and Don’ts help remind us of actions we must take to remain vigilant.
DO use hard-to-guess passwords or passphrases. A password should have a minimum of 10 characters using uppercase letters, lowercase letters, numbers, and special characters. To make it easy for you to remember but hard for an attacker to guess, create an acronym. For example, pick a phrase that is meaningful to you, such as “My son's birthday is 12 December 2004.” Using that phrase as your guide, you might use Msbi12/Dec,4 for your password.
DO use different passwords for different accounts. If one password gets hacked, your other accounts are not compromised.
DO keep your passwords or passphrases confidential. DON’T share them with others or write them down. You are responsible for all activities associated with your credentials.
DON’T leave sensitive information lying around the office. DON’T leave printouts or portable media containing private information on your desk. Lock them in a drawer to reduce the risk of unauthorized disclosure.
DON’T post any private or sensitive information, such as credit card numbers, passwords or other private information, on public sites, including social media sites, and DON’T send it through email unless authorized to do so. DO use privacy settings on social media sites to restrict access to your personal information.
DO pay attention to phishing traps in email and watch for telltale signs of a scam. DON’T open mail or attachments from an untrusted source. If you receive a suspicious email, the best thing to do is to delete the message and report it to your manager and to your IT Support vendor.
DON’T click on links from an unknown or untrusted source. Cyber attackers often use them to trick you into visiting malicious sites and downloading malware that can be used to steal data and damage networks.
DON’T be tricked into giving away confidential information. It’s easy for an unauthorized person to call and pretend to be an employee or business partner. DON’T respond to phone calls or emails requesting confidential data.
DO destroy information properly when it is no longer needed. Place paper in designated confidential destruction bins throughout the office or use a crosscut shredder. For all electronic storage media, consult with your Managed IT Services provider.
DO be aware of your surroundings when printing, copying, faxing or discussing sensitive information. Pick up information from printers, copiers, or faxes in a timely manner.
DON’T install unauthorized programs on your work computer. Malicious applications often pose as legitimate software.
DON’T plug in portable devices without permission from your agency management. These devices may be compromised with code just waiting to launch as soon as you plug them into a computer.
DO lock your computer and mobile phone when not in use. This protects data from unauthorized access and use.
DON’T leave devices unattended. Keep all mobile devices, such as laptops and cell phones physically secured. If a device is lost or stolen, report it immediately to your manager and ISO/designated security representative.
DO remember that wireless is inherently insecure. Avoid using public Wi-Fi hotspots. When you must, use agency provided virtual private network software to protect the data and the device.
DON’T leave wireless or Bluetooth turned on when not in use. Only do so when planning to use and only in a safe environment.
DO report all suspicious activity and cyber incidents to your manager and ISO/designated security representative. Challenge strangers whom you may encounter in the office. Keep all areas containing sensitive information physically secured and allow access by authorized individuals only. Part of your job is making sure NYS data is properly safeguarded, and is not damaged, lost or stolen.
IT Support LA is dedicated to protecting privacy; safeguarding the State’s information assets and infrastructure; identifying and mitigating vulnerabilities; detecting, responding, and recovering from cyber incidents; and promoting cyber awareness and education. We stand ready to assist and support you in your cyber security risk management efforts. Remember - cyber security is everyone’s responsibility! We hope all users take these CyberSecurity dos and don’ts to heart.
Even with the best intentions, people get busy and forget to take caution. In the event of a data breach where your Personally Identifiable Information (PII) has been stolen, THESE are the steps you must take immediately.
If you are a consumer, please heed these CyberSecurity Dos and Don’ts, and if you are a business, make certain that your IT support and Services team has covered every network defense, and have a strong backup and disaster recovery plan in place. If you have no set, reliable IT service, just Google IT Support Los Angeles – there will be plenty of reputable options available.
Remember - cyber security is everyone’s responsibility!
CyberSecurity Q & A
Q: What are three Dos of cyber safety?
A: Whether browsing as a worker or a consumer, the top three Dos are:
1) Page ONE of your security Bible: Keep all computers’ and devices’ security software up to date. For a business network, the IT support and services team will do this, but as a consumer, set all devices to ‘automatic updates’. An outdated security patch is the same as an open door to a cybercriminal.
2) Be careful with your passwords, as stated above. They are the first access point to your Personally Identifiable Information (PII). Once cyber crooks get that, they can clean you out. Take your passwords seriously! According to Microsoft Regional Manager Troy Hunt, 86% of passwords are terrible and easily cracked.
3) Be very, very careful with what personal information you share online. One piece of info may seem harmless, but hackers are paying attention gathering a bit here and a bit there until they have enough to perhaps figure out your passwords or send you a spoofed Phishing email that looks like someone or company you should trust, and they know things about you, so you feel more comfortable clicking a malicious link or open an attachment that contains malware.
An addendum to that is that you must also be careful to download content ONLY from websites that you trust and check all content that you download. Once saved, right-click the file and choose whatever ‘scan’ option appears there – it will say ‘scan with’ – and the name of the security program on your device. Pay attention to the scan results. If the file contains malware, remove it and scan your computer with your Anti-Virus (AV) – or if in the workplace, alert your IT services to do so.
Q: What are 10 good Cybersecurity practices?
A: The Information Security Office at Berkeley University addresses Top 10 Secure Computing Tips quite succinctly. We strongly suggest reading them.
Q: What are the 5 Cs of Cybersecurity?
A: The 5 Cs are all as crucial and interdependent to your networks as are parts of your automobile: the transmission needs an engine to power it and a differential to turn that power into movement on the road. The tires need an axle and tread to bring the drivetrain process to fruition. You must pay heed to ALL five Cs – there is no ‘picking and choosing’.
Change: Scaling up or scaling down, the technology we use to run our businesses is in a constant state of change and business must adapt and change with it – especially with security protocols. You cannot expect to have a network set up for you and then just leave it alone for 10 years – cyber crooks will eat your lunch.
Compliance: Regulations, regulations, regulations… Cybersecurity MUST stay on top of these because any data breach can incur massive fines and penalties from the government. Municipal, state and federal agencies all have their own sets of rules.
Cost: Just as you must deliver cost-effective value to your customers in order to remain competitive, you must seek cost-effective Cybersecurity solutions from qualified IT Support firms, the best of which are accomplished Managed Services Providers (MSPs). If multiple plans are offered, the cheaper ones will reveal extra costs that are hidden, so a full financial impact assessment is highly recommended.
Continuity: During a cyber emergency, make sure that your IT support and services company has laid the groundwork for continuing business with as little lapse as possible while the issue at hand is being corrected.
Coverage: No matter how dispersed your workforce is – from local remote workers to locations in other countries, make sure that your security covers everyone everywhere. If you don’t where the weak link in your system is, cyber criminals will find it for you.
Q: What are the rules of Cybersecurity?
A: Boiling it down to 4 broad basic rules:
1) Every system is vulnerable in some way.
2) If your system has a weakness, it will be attacked.
3) You trust your business contacts but verify anything that feels unusual (usually in an email).
4) The more technology improves, the more vulnerabilities emerge.
Q: What are the Cybersecurity Dos and Don’ts of using the internet?
A: Whether you use the internet casually or for business, every defense your IT services company puts in place are useless if you do not negotiate cyberspace responsibly.
Dos:
1) Follow the guidelines on this page for developing unique passwords
2) When you are preparing to transmit funds online, make sure the site begins with ‘https’ and a padlock icon is present
3) When doing online banking, type in the URL yourself – never click a link in an email or text message
4) Research ;free’ software before you download it
5) For people you are familiar with, always use your main email address
6) For social media, keep a separate email that you don’t use for important communications
7) Use trusted WiFi only – avoid ‘free’ WiFi because it is easily hacked
8) Avoid clicking links or opening attachments in emails you were not expecting or didn’t ask for – even if they seem to be from a source you are familiar with
9) Always delete any online accounts you no longer use.
10) Backup, backup, BACKUP! Frequently – to a local backup separate from your network, an external hard drive or to a cloud backup.
Don’ts:
1) Post personal information on social media
2) Check ‘keep me logged in’ on websites
3) Click on pop-up ads. Ever! If you like the pitch, search the site out for a look
4) Frequent any websites where the address bar says ‘not secure’
5) Share personal or banking details on the phone, by email or SMS
6) Download and install software from an attachment in an email
7) Save cred/debit card information on websites or in your browser
8) Stay logged in to online accounts. Log in, do what you need to do, and Log off.
9) Use personal information (name, address, date-of-birth etc.) in your passwords
Q: What should you NOT do online?
A: The same as the previous question – DON’T:
1) Post personal information on social media
2) Check ‘keep me logged in’ on websites
3) Click on pop-up ads. Ever! If you like the pitch, search the site out for a look
4) Frequent any websites where the address bar says ‘not secure’
5) Share personal or banking details on the phone, by email or SMS
6) Download and install software from an attachment in an email
7) Save cred/debit card information on websites or in your browser
8) Stay logged in to online accounts. Log in, do what you need to do, and Log off.
9) Use personal information (name, address, date-of-birth etc.) in your passwords
Q: How can we improve Cybersecurity?
A: These simple rules:
1) Use VPNs for all connections
2) Enforce password rules
3) Institute multi-factor authentication (password, personal question, fingerprint etc.)
4) Delete unused accounts and services
5) Make sure all security updates are performed automatically
Q: What are the 5 Cs when dealing with an emergency?
A: These are the same as a previous question: ‘What are the 5 Cs of Cybersecurity?:
Change: Scaling up or scaling down, the technology we use to run our businesses is in a constant state of change and business must adapt and change with it – especially with security protocols. You cannot expect to have a network set up for you and then just leave it alone for 10 years – cyber crooks will eat your lunch.
Compliance: Regulations, regulations, regulations… Cybersecurity MUST stay on top of these because any data breach can incur massive fines and penalties from the government. Municipal, state and federal agencies all have their own sets of rules.
Cost: Just as you must deliver cost-effective value to your customers in order to remain competitive, you must seek cost-effective Cybersecurity solutions from qualified IT Support firms, the best of which are accomplished Managed Services Providers (MSPs). If multiple plans are offered, the cheaper ones will reveal extra costs that are hidden, so a full financial impact assessment is highly recommended.
Continuity: During a cyber emergency, make sure that your IT support and services company has laid the groundwork for continuing business with as little lapse as possible while the issue at hand is being corrected.
Coverage: No matter how dispersed your workforce is – from local remote workers to locations in other countries, make sure that your security covers everyone everywhere. If you don’t where the weak link in your system is, cyber criminals will find it for you.
Q: What are the types of security attacks?
A: We have covered this on this website HERE. In the Q & A, open ‘Q: What are Cyber Security threats?’
In the event of corporate data theft, please contact us at 818-805-0909. We’ll be happy to help.