Cyber Security Checklist – The Essentials
Sera-Brynn, a leading cyber security firm, has identified the following as the top security challenges among our parish and school locations.
1. Install security updates as early and as often as possible
An essential element of computer security is the practice of installing software updates, sometimes referred to as patches. Software updates are designed to continuously improve an application’s stability and fix (or patch) bugs and security holes within the program. By not updating your software, you are making your computer vulnerable to malware.
Malware is a term used to describe malicious software that gets installed on your machine and performs unwanted tasks, often for a third party’s benefit. Types of malware include viruses, browser hijacking software, and spyware. To make sure your programs and applications are updated on a regular basis, turn on the automatic update feature for your operating system.
Computer audits conducted by Sera-Brynn revealed that parishes and schools often fail to adhere to this simple procedure. When it comes to software updates, act quickly -install them as soon as they become available. Hackers can do extensive damage in a very short timeframe.
2. Use strong and complex passwords, and change them often
Passwords are a common form of authentication and are often the only barrier between you and your personal information. There are several programs attackers can use to help guess or “crack” passwords. But if you choose good passwords and keep them confidential, you can make it more difficult for an unauthorized person to access your information. Choose passwords wisely, never re-use passwords on other sites or accounts, and keep them private and safe.
Our audits showed that many parish computers do not have simple security measures in place, such as login account passwords. In addition, each parish utilizes a secure remote desktop session to the Right Networks bookkeeping/QuickBooks software. If a parish computer was to be compromised, an attacker could theoretically have access to the username/password that the parish uses to access the Right Network remote desktop session. For more on passwords, go to the US-CERT website.
3. Update or disable old and outdated computers/servers
Our audit discovered that multiple locations are still utilizing Operating Systems that are “end of life,” such as Windows XP, Server 2003 and Server 2000. These unsupported operating systems represent significant risk as Microsoft is no longer developing and providing security patches and updates for them. It is important that you disable or update outdated computers and servers.
4. Allocate the necessary resources
Each location assessed initially justified their cyber risks due to lack of appropriate budgetary funding. However, during site visit debriefs, the cyber security engineer provided education related to the critic nature of the risks uncovered and the potential impact if not addressed. As a result, many locations re-appropriated their budgets to resolve immediate critical weaknesses. Please be sure to allocate resources in your yearly budget. In addition to the cost of upgrading systems, include a line item for training staff on a regular basis in the basics of cyber security.
Combat Email Spam
Email scams come in many varieties. A phishing scam is when an individual or group falsely poses as a legitimate organization in order to trick a victim into submitting personal information online. This is usually done by instructing the user to click on a link that leads to a fake website designed to look legitimate. In other cases, criminals pose as charities soliciting donations to aid humanitarian efforts.
Then there is spear phishing, in which messages appear to be from actual co-workers, friends or family members but are in fact from hackers who were able to access an individual’s email account and subsequently use that individual’s address to send phishing emails to all of the individual’s contacts.
All email scams can be combatted by following these precautions:
- Never click on embedded links in unsolicited emails.
- Never share personal information, passwords, bank account numbers or other banking information over email.
- Treat all attachments with caution.
- A transfer of funds should never be performed solely on the basis of an email exchange.
- If the tone of the email is urgent, this should be a signal for additional caution.
- Do not publish staff emails on your parish or school website. Use a “Contact Us” form instead.