Strengthen your cybersecurity defenses in 2024 with these tips from the Schneider Downs cybersecurity team.
新年快乐! 从2024年开始, 我们中的许多人都在制定新年计划来实现一个目标, 改进行为或继续良好的实践.
本着传统的精神, we asked our cybersecurity team to share the top resolutions end users and organizations can make to improve their security posture in the new year.
Password managers offer a convenient and secure method to access your accounts by allowing you to create, 集中存储和使用强密码. They also allow you to keep track of a variety of passwords for individual accounts, as you should never use the same password for more than one account in case of a breach.
强密码是一个很好的开始,但实现MFA更好. MFA是抵御网络钓鱼攻击的关键防御手段, creating an additional step to the account login process to protect your accounts. Just be sure that you made the initial request if you receive an MFA prompt – as threat actors are using MFA疲劳 to take advantage of our learned behavior to automatically approve these requests.
One of the simplest ways to keep your information secure is to uninstall unused apps from your smart devices. 即使应用程序是合法的, many of them have default privacy settings that access your data and could potentially put you at risk if the app’s company is part of a breach. Be sure to take advantage of your smart device’s settings that may allow you to set up automatic app cleanup.
我们的团队做了无数 渗透测试,帮助组织评估其安全状况. 不幸的是, 许多组织没有定期的测试计划, 这阻碍了他们的安全程序的成熟, 因为威胁和防御都在不断发展.
你的安全性只有和你的软件一样是最新的, 因此,根据需要定期发布补丁和更新非常重要. 其中大部分都是自动完成的, 要么由重启触发,要么通过推送通知提示. 只是要小心web浏览器的更新提示,如 虚假浏览器恶意软件攻击 最近几个月都在上升吗.
The rise of remote work continues to put a strain on organizational security simply because personal home networks are often integrated with work networks. 如果你或你家里的任何人在工作中使用家庭网络, creating separate networks for professional and personal use is an important defense mechanism. If you are unsure how to do this, simply reach out to your IT department.
Fraudulent phone calls, known as vishing, are still a popular phishing method of threat actors. If you receive an unsolicited phone call asking for private or financial information, simply hang up. If you think the call is legitimate you should hang up and call back a verified number. 虽然这些攻击仍然会发生, the good news is many smartphones have technology dedicated to outing potential scams before your phone rings at all.
One of the odd trends of the pandemic was the resurgence of QR codes as conveniently contactless methods of viewing information 如 restaurant menus. 不幸的是,网络钓鱼攻击通过QR码(称为 quishing) are on the rise, to the tune of 587% between August and September of 2023. QR codes are useful but be cautious and verify the domain associated with a QR code before you scan it. Remember, anybody can make a QR code, especially those with malicious intent.
这个网络安全最佳实践是不言自明的, but still one of the leading security concerns for individuals and organizations. 即使Wi-Fi网络是合法的, it doesn’t mean it’s safe – and you don’t know who is on the network with you. 如果你必须使用公共Wi-Fi, 避免访问任何带有个人信息或凭据的网站, 并使用VPN来增加安全性.
近年来,你的信息很有可能被泄露. 如果是这样的话, you may have received an email or letter with a vague explanation of the breach and an offer for free credit monitoring, 但是我们建议通过使用经过验证的资源来采取主动, 如 http://haveibeenpwned.com,以了解您的信息是否被泄露. 如果你的数据在外面, 一定要检查你的信用报告, change passwords and check the breached party’s website for additional resources.
这些是我们新年的网络安全决心,你的呢?
If you have any questions about our list or how to achieve your cybersecurity goals for 2024 contact our team at (电子邮件保护).
The Schneider Downs cybersecurity practice consists of experts offering a comprehensive set of information technology security services, 包括渗透测试, 入侵防御/检测审查, ransomware安全, vulnerability assessments and a robust digital forensics and incident response team. 此外,我们的 数字取证和事件响应 teams are available 24x7x365 at 1-800-993-8937 if you suspect or are experiencing a network incident of any kind.
要了解更多信息,请访问我们专门的 网络安全 页面.
想要了解情况? 订阅我们的双周通讯, 关注网络安全.
