Cybersecurity tips to safeguard yourself (and your workplace)

Don't make these cybersecurity mistakes

You've heard plenty of cybersecurity horror stories: data breaches, identity theft, scammers stealing thousands of dollars. It seems so distant, as if it only affects Fortune 500 companies and large organizations. However, online predators don't discriminate. Cybersecurity is a serious issue for everyone. Is your Catholic parish, diocese, or school prepared and protected?

First, it's important to recognize that cybersecurity is more than having anti-virus software installed on your computer. Today, a host of malicious actors can wreak havoc on your digital life. And while having robust anti-virus software is important, there are many ways an attacker can gain access to your data and machines.

Here are some simple cybersecurity tips you can use to safeguard yourself and your Catholic organization.

Know the source of information you receive

Phishing is a cyber attack in which you receive a message that, on first glance, appears to be from a reputable person or company. The attacker tries to induce you to reveal some sort of personal information (such as a password or social security number). Whether through email, pop-up, or text messaging, a phishing attacker typically poses as someone you (the recipient) may know, do business with, or feel compelled to help.

Phishing messages often contain a malicious link that, if clicked, can release malware, upload a virus, or give an attacker access to roam a secure network (as well as any device connected to it). In an instant, the attacker can gain access to sensitive information that could potentially result in serious damage.

It doesn’t just end there. Some messages (and even phone calls) are targeted to a business community of people where the information appears to come from an HR department, president, pastor, or even an insurance provider. And instead of a link, the requests will sometimes ask for specific favors such as sending money or replying with login credentials. The trickery seems endless.

Two ways to avoid phishing

Although phishing is fairly prevalent, here are two ways you can help reduce the likelihood of a phishing attack:

1. Educate your team about the importance of reading messages carefully and knowing the sender. They should continually be reminded to always avoid the urge to click on unexpected links and files, as well as easily give away financial or private information in response to a message or phone call.

2. Don't let scammers find your email address. There are a few strategies you can use to make it much more difficult for scammers to find (and abuse) your email address. (This includes addresses linked in pdf documents and within your website's pages.) When using an eCatholic-powered website, there are two ways to share email addresses more safely:

   First, use the People module to list staff contact details. Even though email addresses appear on screen, the module has a built-in barrier that veils addresses so they cannot be snatched by spam-bots that scan and pull them from websites.

   In addition, you can circumvent email entirely and create online contact forms via the Forms module. Build the form so that visitors can use a drop-down menu to select the name of a person, department or ministry to whom they'd like to send a message.

Protect networks in and outside the office

Catholic organizations also utilize laptop and mobile devices remotely and in the office. Whether an employee is working from another location on campus, at a coffee shop, or an industry conference, digital environments should always be secure.

1. Install a firewall for work in the office. A firewall is a security device created to monitor traffic entering and exiting a network of computers and other hardware. A set of rules is established within the device to determine what traffic should be blocked or allowed through. This preventative measure creates an additional barrier; however, with various types of firewalls available it’s best to do research and inquire with your IT staff or a cybersecurity professional.
2. Set up a VPN for work outside the office. It is extremely easy for individuals to sniff traffic on public wifi connections and collect sensitive data including login credentials. A virtual private network (VPN) establishes an encrypted connection between your device and another secured server as a step prior to accessing all other Internet traffic. VPNs can be installed on just about any computer and mobile device that uses Internet connections.

Create strong passwords (and use two-factor authentication)

The use of complex passwords (random sequences of symbols and characters) or passphrases (a set of words using symbols and characters) are both excellent habits. It’s especially good to avoid using the same password for multiple accounts, and that’s where password management tools (e.g., LastPass) can come in handy. Password management tools help to create and maintain secure passwords for all your various accounts. The services also work on mobile devices.

Two-factor authentication goes a step further by requiring a second authentication mechanism before access is granted. Sometimes a system will require a password and then send a security code through email or text messaging. Other processes utilize security keys. In all instances, a person must have access to another account or device in order to complete login requirements. This stops a hacker who succeeded at only stealing a username and password.

Have a remediation plan

Know what measures are necessary for your organization if a machine, account, or network is hacked or compromised. Consider what could happen and how to regain a secure environment. Start by discussing these and other topics with your staff as well as an IT or cybersecurity consultant:

• How to immediately contact employees to update passwords or report suspicious email
• When and how to quickly remove a machine from a network and reimage it
• When to have a professional determine whether an attacker is active on your network, or still has a window through which to enter
• When to compose a statement to specific public audiences about an attack

Read more: See three easy tips for securing your website.