Strong Cybersecurity for ISO Certification
Strong passwords and secure computer usage help protect data from loss and improper use, a requirement of ISO 9001 and other standards.
Two kinds of organizations exist: those who have already been hacked, and those who are going to be. On October 5, 2022 the state of Colorado announced that the state web portal homepage had been taken down due to cyberattack. The announcement, ironically, came only four days after the Colorado governor announced October as Cybersecurity Awareness Month in Colorado (as it is nationwide).
The governor’s press release stated “Since the pandemic began, the FBI has reported a 300% increase in cybercrimes, 95% of which were caused by human error. Of those cybersecurity breaches, 45% were caused by hacking and gaining unauthorized access to data, 17% involved malware, and 22% were due to phishing scams.” (source: oit.colorado.gov/press-release/gov-polis-kicks-off-19th-annual-cybersecurity-awareness-month, accessed 10/7/22; emphasis ours).
Did you notice? Almost every event could have been prevented with better awareness and practice, or as ISO 9001 calls it generally, Employee Engagement. We’ve all probably clicked our way quickly through a load of emails (who doesn’t have more than they can truly handle?), glancing at the senders instead of making sure they are from the reputed source? Have you ever clicked on an attachment then wondered, as it was loading, if it was safe? And how about those links that are a word or a trademark? Are they safe?
Keep Passwords Complex, Secure and Updated
One of the simplest ways to create a password is to use your birthdate for all your passwords (one of my relatives used to do that!). It’s also one of the easiest to hack, as your birthday is all over the place on the internet. If, like us, you have several hundred accounts, using a password manager is a way to reduce that risk. You only have to remember one master password – and make it a strong, secure one. Your password manager does the rest, even helping you update passwords, telling you of weak or re-used passwords, and looking out for word of breaches and other threats.
Many password managers are available, free or at a low cost (especially compared to the cost of a breach).
Process Emails Slowly, Alert for Problems
With far too much email in the in-box, it’s easy to get in a hurry: we can skim-read, not notice spelling errors or non-standard email addresses, or to click on an attachment that has no business being opened. And if we’re tired at the end of the day or week, it’s also easy to overlook the risky links or iffy attachments.
Two helps: filters, which most email programs have, sort messages into types or topics, which can be more easily worked with; and Spam filters, at the server and at your device, to shove problems out of your main inboxes. Neither is perfect but they help.
The other real cure is to take a block of time just for this chore, when you’re fresh, and do it right.
Use 2FA to Secure Logins
Most financial organizations now offer 2-Factor Authentication, or 2FA for short. Yes, it’s an additional two steps, and it can be a pain, but if you’re the only one who gets the authorization code, you can know that your financial or business data is going to stay secure.
If in doubt, contact your financial or other institution for their capability.
Airgap Data for Ransom-Proofing
Ransomware takes over your computer, even your server, making your data irretrievable. Then the bad guys send you an email demanding thousands or millions to release your data. Unless you’re one of the really big players, the FBI won’t have time for you, so it’s up to you to either pay the money, use an old backup if you have one, or just lose your data.
One method for holding off ransomware is to have an airgap – an offline storage device that is not permanently connected to your system or the internet. Periodically, you plug it in, update your data, then disconnect it again. Your IT professional can help set you up.
Malware and Virus Protection
What if you clicked on something anyway? Many of the problems we get into can be short-stopped by a good set of apps to kill viruses, malware and ransomware bugs. The best ones are via subscription, but they can still save more money than it would cost to have your laptop de-bugged by an outside IT firm.
Employee Competence is Key
Competence – a key factor in ISO standards – is a crucial factor in holding off attacks. Regular employee training, re-training and awareness reminders, helps keep the threats outside the door. A dedicated IT employee whose training is updated regularly, or an outside firm that will respond to emergencies as well as to visit and refresh training, can also be worth the investment.
For more cybersecurity resources, go to https://staysafeonline.org/resources/.