Cybersecurity Survey Results & Best Practices
Wildcard recently hosted a Business PM Networking event through the Wausau Region Chamber of Commerce. Since cybersecurity is at the core of everything we do, we asked guests to participate in a survey to evaluate basic cybersecurity knowledge and habits of local area businesses.
Cybersecurity involves threat education and identifying security best practices, which are key to disaster prevention. Our goal is to increase awareness on the importance of implementing cybersecurity best practices and educating others. These are the best tools an organization can have to help detect and mitigate network threats. Cybersecurity training can ultimately save a business from experiencing a cyber attack, loss of data, or compromised data.
This survey was conducted using our very own, in-house-developed platform, GovSurvey. With a platform like GovSurvey, collecting and interpreting survey data becomes a simple task that can help identify actionable solutions.
The results of our 7-question cybersecurity survey are listed below with a short summary of each cybersecurity best practice.
GovSurvey Cybersecurity Questions & Explanation of Best Practices
1. I reuse the same password for:
- All Of My Online Accounts
- Most Of My Online Accounts
- Some Of My Online Accounts
- I Never Use The Same Password More Than Once
Best Answer: D. I Never Use The Same Password More Than Once
It is never good practice to reuse the same password for different accounts, as this creates an opportunity for hackers. In the case of a breach where one of your login credentials is discovered and exploited, hackers will often attempt to use that same password to gain access to your other online accounts. This is a violation of privacy, especially when it involves platforms that contain confidential information such as your work accounts, banking, email, and healthcare. If you reuse a password and it becomes compromised, it can result in a disastrous domino effect, with the infiltration and takeover of multiple personal accounts.
Visit Wildcard's blog Best Practices for Securing Your Passwords for improving your password security.
2. My passwords contains: (check all that apply)
- Personal Information (I.E. Birth Date, Graduation Year, Pet's Name, Street Name, Etc.)
- Dictionary Words Or Phrases
- The Same Information As My Other Passwords, Just In A Different Sequence
- Randomized Sequence Of Numbers, Letters, And Symbols
Best Answer: D. Randomized Sequence Of Numbers, Letters, And Symbols
People tend to use common words or phrases in their passwords because it's easy to remember. This makes sense from a user standpoint, but while these tactics help us remember our passwords, it also makes them easy to crack. Ultimately, a password that is easy to remember is easy to guess. In addition, some attackers conduct research on their targets, discovering personal information like birth dates and names. This often improves a hacker’s ability to predict their target’s passwords because many people often include such information in their passwords. That is why it’s important not to use personal information in your passwords. A randomized sequence of numbers, letters, and symbols that do not have significant meaning are less likely to be cracked because they have no underlying pattern or association to your personal life. Random character sequences are incredibly difficult for a hacker to crack, even with the help of a computer, and are one of the strongest types of password.
For recommendations on generating random passwords, check out our blog on Best Practices for Securing Your Passwords.
3. I save my password in a web browser:
Best Answer: C. NEVER
Who wants to type in their password every time they log into an account? Although it’s convenient to save your username and password in your web browser rather than re-typing it, it’s not a secure, best practice to keep all of your passwords saved in a browser’s memory. By saving your credentials in a web browser, you are exposing this information, whether your computer is accessed or hacked by someone else, either remotely or physically. Additionally, if your device is lost or stolen, browsers like Firefox, Safari and Internet Explorer offer no protection if a hacker gets a hold of your physical device and gets past the lock screen. The best way to manage and securely store your passwords is with a password manager. Password managers store your passwords offline and requires additional authentication. Using a password manager is a secure, best practice.
For recommendations on password managers and more information about two-factor authentication, check out our blog on Best Practices for Securing Your Passwords.
4. I use the following type(s) of two-factor authentication when logging into my accounts: (check all that apply)
- A Smart Card, RSA Key, Phone, Or RFID Badge
- A Password, PIN Number, Or A Security Question
- Biometric Authentication Like A Fingerprint Scan Or Facial Recognition
- What Is Two-Factor Authentication?
Best Answers: A. A Smart Card, RSA Key, Phone, Or RFID Badge, B. A Password, PIN Number, Or A Security Question, and C. Biometric Authentication Like A Fingerprint Scan Or Facial Recognition
Two-factor, or multi-factor authentication, is the use of multiple modes of identification layered together in order to confirm the identity of the person trying to access the account. This way, if one factor became compromised, it wouldn’t threaten the security of the entire account.
Two-Factor authentication requires two methods of identification (aside from just typing in a password) to authenticate against a system. For example, when logging into an online account, you may receive a text message or email with a PIN or code. That PIN or code adds an extra step to the login process. Two-factor authentication helps maintain the security of your accounts in the case that one of your account passwords became compromised. Such a system can also alert you to suspicious login attempts if someone was illicitly attempting to access your account. Ultimately, using two-factor authentication methods can substantially reduce the risk of your account becoming hacked.
For more information about two-factor authentication, visit our blog on Best Practices for Securing Your Passwords.
5. When I receive an email with a link or document attached:
- I Click On The Link Or Download The Document Immediately
- I Verify The Sender's Email Domain To Ensure I Recognize It And The Email Domain Is Legitimate
- I Examine The Link Before Clicking To Identify Any Suspicious Words And Misspellings
- I Verify And Examine (Second And Third Answers)
Best Answer: D. I Verify And Examine (Second And Third Answers)
Spoofing and phishing are malicious forms of social engineering that result in downloading malware to your computer or network, or deceive you into providing sensitive information. You may not know right away that you’re looking at a phishing email. Attackers often use what’s called “email spoofing” to mislead you about the true sender of the email. This means that you might get an email that appears to be from your spouse or a friend, but it’s actually from an attacker. Spoofing is the method of delivery, while phishing is the method of retrieval. It is important to ensure that the sender’s name makes sense for the email address it is coming from, and that the domain address and/or link provided within the body of the email does not contain any misspellings or suspicious words. Don’t open suspicious files or questionable links until you verify the legitimacy of the email.
For a more detailed explanation, read our blog on How to Prevent and Identify Phishing Scams.
6. My organization has an Incident Response Plan:
- I Am Not Sure If My Organization Has An Incident Response Plan?
Best Answer: A. YES
No network is 100% secure. If your organization has not experienced a threat to its network, there is a good chance it may in the future. An Incident Response Plan is important for any organization to have in place as a course of action for reporting and mitigating all IT network threats and incidents. It is also crucial for all employees to understand the importance of the Incident Response Plan, as it prepares your organization for how a cyber incident should be handled.
7. My organization offers regular cybersecurity training to employees on reporting incidents, password security, phishing, etc.?
- I Am Not Sure If My Organization Offers Regular Cybersecurity Training?
Best Answer: A. YES
Education is the best guard against cybersecurity threats and attacks. Informing all of your employees on what to do if they receive a phishing email, lose their digital device, experience malware, and detect suspicious activity can save your organization time, money, and more importantly, increase the longevity of your business.
Check out our blog detailing the Stages of Incident Response an organization should follow to maintain good cybersecurity practices.
In our modern-day digital era, internet-enabled devices and technology have become a central part of our daily lives. The number of internet connected terminals worldwide reached 25 billion in the year 2015, and that number is expected to double by 2020. Modern technology has not only changed the way we learn, share information, and seek entertainment, but also the way we do business, bank, and market goods and services. Internet-enabled technology can drastically improve our lives, but it can also afford opportunities for cybercrime. Cyber-criminals and scammers will continue to exploit whatever information they can obtain to the fullest extent. This can lead to identity theft and fraud. In 2017, roughly 16.7 million Americans fell victim to identity theft with losses amounting to approximately $17 billion. Now, more than ever, it is incredibly important for us to protect our personal information by staying informed about cyber-threats, and commit to using security best practices.
Although cybersecurity isn’t always convenient, it is indeed necessary. Implementing the above best practices can help employees take proper steps to secure personal information, at work and at home.
Ready to start implementing these cybersecurity best practices? Wildcard offers cybersecurity assessments, audits, and employee training for your organization.
Contact us for a free consultation at (715) 869-3440, or email us at [email protected].