Cyber Security Best Practices

Every day, vital personal information is stolen and bank accounts are compromised due to a lack of basic cyber security practices. Although the task seems daunting, there are simple measures parishes and schools can take to build a culture of cyber security

Install Software Updates: Early and Often

An essential element of computer security is the practice of installing software updates, sometimes referred to as patches. Software updates are designed to continuously improve an application’s stability and fix (or patch) bugs and security holes within the program. By not updating your software, you are making your computer vulnerable to malware.

Malware is a term used to describe malicious software that gets installed on your machine and performs unwanted tasks, often for a third party’s benefit. Types of malware include viruses, browser hijacking software, and spyware. To make sure your programs and applications are updated on a regular basis, turn on the automatic update feature for your operating system.

Computer audits conducted by a leading cyber security firm revealed that parishes and schools often fail to adhere to this simple procedure. When it comes to software updates, act quickly - install them as soon as they become available. Hackers can do extensive damage in a very short timeframe.

Use Complex Passwords

Passwords are a common form of authentication and are often the only barrier between you and your personal information. There are several programs attackers can use to help guess or “crack” passwords. But if you choose good passwords and keep them confidential, you can make it more difficult for an unauthorized person to access your information. Choose passwords wisely, never re-use passwords on other sites or accounts, and keep them private and safe.

Disable Old and Outdated Computers and Servers

Take a quick inventory of your computers. Are you still utilizing operating systems that are “end of life,” such as Windows XP, Server 2003 and Server 2000? These unsupported operating systems represent significant risks because Microsoft is no longer developing and providing security patches and updates for them. It is important that you disable or update outdated computers and servers.

Combat Email Scams

Email scams come in many varieties. A phishing scam is when an individual or group falsely poses as a legitimate organization in order to trick a victim into submitting personal information online. This is usually done by instructing the user to click on a link that leads to a fake website designed to look legitimate. In other cases, criminals pose as charities soliciting donations to aid humanitarian efforts.

Then there is spear phishing, in which messages appear to be from actual co-workers, friends or family members but are in fact from hackers who were able to access an individual’s email account and subsequently use that individual’s address to send phishing emails to all of the individual’s contacts.

All email scams can be combatted by following these precautions:

  • Never click on embedded links in unsolicited emails.
  • Never share personal information, passwords, bank account numbers or other banking information over email.
  • Treat all attachments with caution.
  • A transfer of funds should never be performed solely on the basis of an email exchange.
  • If the tone of the email is urgent, this should be a signal for additional caution.
  • Do not publish staff emails on your parish or school website. Use a “Contact Us” form instead.

Allocate Resources

Often finances get in the way of cyber security. Parishes and schools have many competing financial priorities, and computer and software upgrades are not always in the budget. But failure to allocate resources for the maintenance and upgrade of computer systems can result in a data breach, and the cost to remediate a breach will likely far exceed the cost of properly maintaining and upgrading systems.

Please be sure to allocate resources in your yearly budget. In addition to the cost of upgrading systems, include a line item for training staff on a regular basis in the basics of cyber security.