With the nation on high alert for malicious cyber activities, I wanted to remind clients and employees to stay vigilant about cybersecurity. This includes safe practices with software, thinking before clicking on links in email, text messages, and social media, and other protective measures.
Is My Company Really Vulnerable to a CyberSecurity Attack?
Yes! Your company’s security could be hacked from an organizational level or at an employee’s personal level when you least expect it. Encourage employees to beware of links, as 90% of successful cyberattacks start with a phishing email. They should also use strong passwords that are unique to different sites, using phrases instead of individual words or relatives’ names.
Your company isn’t only impacted by security threats in the office; hackers oftentimes start by scamming people at home. You can also become a victim of cybersecurity attacks by association of friends and family members who get hacked. Everyone in your circle needs to practice good cybersecurity habits such as multifactor authentication (see below), keeping software updated, and safeguarding personal systems and data. For more tips, please refer to the CISA Shields-Up portal.
What Cybersecurity Tools are Available to My Company?
The Cybersecurity & Infrastructure Security Agency (CISA) has compiled a list of free cybersecurity tools and services to help your company combat cyberattacks with the following goals in mind:
- Reduce the likelihood of a damaging cyber incident;
- Detect malicious activity quickly;
- Respond effectively to confirmed incidents; and
- Maximize resilience.
Please refer to these tools and take proactive measures to maintain your cybersecurity. At a minimum, implement the following foundational measures (source: cics.gov):
- Fix the known security flaws in software. Check the CISA Known Exploited Vulnerabilities (KEV) Catalog for software used by your organization and, if listed, update the software to the latest version according to the vendor’s instructions.
- Implement multifactor authentication (MFA). Use multifactor authentication where possible. Why? Because even if one factor (like your password) becomes compromised, unauthorized users will be unable to meet the second authentication requirement, ultimately stopping them from gaining access to your accounts.
- Halt bad practices. Take immediate steps to: (1) replace end-of-life software products that no longer receive software updates; (2) replace any system or products that rely on known/default/unchangeable passwords; and (3) adopt MFA (see above) for remote or administrative access to important systems, resources, or databases.
- Sign up for CISA’s Cyber Hygiene Vulnerability Scanning. Register for this service by emailing email@example.com. Once initiated, this service is mostly automated and requires little direct interaction. CISA performs the vulnerability scans and delivers a weekly report, which begins within 72 hours of receiving the required paperwork.
- Get your Stuff Off Search (S.O.S.). Get your Stuff Off Search and reduce internet attack surfaces that are visible to anyone on web-based search platforms.
What is Stratus.hr Doing to Protect My Company and Employee Data?
We’ve recently been asked by several clients about our internal measures and how we’re protecting your company and employee data. Stratus.hr takes security seriously and protects our client and employee information with military-grade encryption. We volunteer to be audited by an independent firm to verify our systems and controls are secure to protect employee data. Through this annual audit, Stratus.hr has been declared year after year as SOC 1 Type 2-certified.
Stratus.hr also performs regular software updates and stays in-the-know of potential security flaws and concerns. Internal employees use MFA to access sensitive data and require client employees to log into the Stratus System to update their own personal data. Our system is set up to inform users via email of any changes made to their personal data, in the event an unknown user changes their information for them.
In addition, Stratus.hr has partnered with NINJIO, a cyber security awareness company that provides training for employees and executives. Our employees and contractors go through monthly security awareness trainings regarding the latest security threats. Participants are quizzed afterwards to gauge their knowledge and competence of the training and receive follow-up information the week after an episode, reinforcing what was taught. Occasionally, our team conducts testing of a training through various mock security events to see how employees do, which determines whether additional training is needed. Employees are unaware of when these events take place.
We encourage clients to be equally vigilant about educating their employees and taking proactive measures to protect their data. Realize that small businesses are considered easy prey for hackers and that scammers will only continue to become more sophisticated with methods to get your (and your customers’) information. For more resources, please contact your Stratus.hr Rep.
Not a current Stratus.hr client? Complete the form below and our team will contact you shortly!