Cisco Umbrella’s Top 10 Cybersecurity Tips
By Lorraine Bellon
Posted on December 4, 2019
Updated on July 1, 2020
These days, everyone is getting busier, and to-do lists keep getting longer. It feels like there’s never enough time in the day, and it’s easy to get distracted when time is in short supply. We’ve heard it all before — security should always be at the top of your to-do list — but we know that’s not always the case.
The weakest link in any security system is always the same — people. No matter how comprehensive, effective, or expensive your security tools are, it can all come crashing down if a single careless user makes one simple mistake. Every time someone decides to click on an unfamiliar link or open a suspicious email attachment, your organization could be facing massive data loss and significant disruption to your business.
Most IT professionals know how to stay safe online, but most users aren’t experts. To help you stay protected, we’ve compiled a list of things everyone should be thinking about whenever they’re using the Internet.
To help strengthen your organization’s cyber security practices, you can share this blog post with your users, or use these tips as a starting point for a security refresher training. You’ve probably heard many or all of these tips before, but repetition doesn’t hurt.
Top 10 cybersecurity tips
Here is our list of top 10 cybersecurity tips for anyone on the Internet (hint: that means you!).
Realize that you are an attractive target to attackers, and it can happen to anyone, anytime, anywhere, on any device. Don’t ever say “It won’t happen to me.”
Practice good password management. Use a strong mix of characters, and don’t use the same password for multiple sites. Don’t share your password with others and don’t write it down — no post-it note attached to your monitor! If you have trouble remembering your passwords, consider using a secure password vault. Then you only have to remember one (very strong) password.
Never leave your devices unattended. If you need to leave your computer, phone, or tablet for any length of time — no matter how short — lock the screen so no one can use it while you’re gone. If you keep sensitive information on a flash drive or external hard drive, make sure to lock those up as well.
Always be careful when clicking on attachments or links in email. If an email is unexpected or suspicious for any reason, don’t click on it. Even if it seems like it’s from your company CEO! Scammers can look up that information online and use it to target individuals in your company. Double check the URL of the website to see if it looks legitimate. Bad actors will often take advantage of spelling mistakes to direct you to a harmful domain.
Sensitive browsing, such as banking or shopping, should only be done on a device that belongs to you, on a network that you trust. Whether you’re using a friend’s phone, a public computer, or free Wi-Fi at a coffee shop — your data could be copied or stolen.
Back up your data regularly. Make sure your antivirus software is always turned on and up to date.
Be conscientious of what you plug in to your computer. Malware can be spread through infected flash drives, external hard drives, and even smartphones. You might want to help someone find their lost item, but end up falling into a trap.
Watch what you’re sharing on social networks. Criminals can find you and easily gain access to a shocking amount of information — where you go to school, where you work, when you’re on vacation — that could help them gain access to more valuable data.
Be wary of social engineering, where someone attempts to gain information from you through manipulation. If someone calls or emails you asking for sensitive information like login information or passwords, it’s okay to say no. You can always call the company directly to verify credentials before giving out any information.
Be sure to monitor your accounts for any suspicious activity. If you see something unfamiliar, it could be a sign that you’ve been compromised. Don’t be afraid to speak up and tell your IT team if you notice anything unusual. Remember, you’re the victim of the attack, and you’re not in trouble!
Share this list with your users and help them understand what IT teams already do — that cybersecurity is a team sport.
Of course, it’s important to have strong security tools to protect your users too. But how do you know if your current set of tools is enough? Check out our infographic to learn about 3 red flags you’re not getting what you were promised from your security stack.
There’s no substitute for educating your users, but defense matters too. Nothing is more important than your first line of defense. Because it’s built into the foundation of the internet, Cisco Umbrella can protect your network from malware, ransomware, malicious cryptomining, and other advanced threats by blocking connections at the DNS layer.
Your users may never thank you, but your security operations team will!
Cisco SecureX threat response
Integrated security is critical
Security that works together
Overwhelmed by too many investigation tools? Combat the problem with Cisco SecureX threat response (formerly named Cisco Threat Response).
Accelerate threat hunting and incident management by aggregating and correlating intelligence and data across your infrastructure in one view. Threat response is a key feature of SecureX, the built-in platform experience included with Cisco Security products.
Why SecureX threat response?
Time is one of the scarcest resources for most organizations. Manual processes and disjointed threat response solutions result in slow and inefficient incident response times that allow threats to proliferate and grow more sophisticated. The threat response feature of Cisco SecureX leverages an integrated security architecture that automates integrations across Cisco Security products to simplify threat investigations and responses.
With SecureX threat response, you can simply paste these observables into the "Investigate" user interface, or use the easy browser plug-in on any webpage, and it does the work for you. It brings all that knowledge from intel sources and security products and displays the results in seconds. It empowers your SOC teams, with a single console for direct remediation, access to threat intelligence, and tools such as casebook and incident manager. It overcomes many challenges by making threat investigations faster, simpler, and highly effective.