By Jessica Salerno-Shumaker, OSCPA senior content manager
It might be a new year, but the best practices for cybersecurity still haven’t changed, one industry expert says.
“People come to me and say, ‘You've been doing this for 20 years. What's changed?’” said Damon Hacker, President & CEO and a founder of Vestige Digital Investigations, a digital forensics company with headquarters in Cleveland. “And the biggest thing that I still think is applicable is awareness.”
Hacker joined The State of Business podcast this week to discuss best cybersecurity practices for 2022. He said people have become more aware of cybersecurity issues over the years, but they need to act on that awareness to make their efforts worthwhile.
“There is no one silver bullet,” he said. “Cybersecurity is a lot of small things done well, that when put together create much bigger protection and a layered approach.”
Some of those practices include password protection, multi-factor authentication and staffing training to prevent phishing attempts.
“More than 63% of compromises happened because of lost, stolen, weak and default credentials,” Hacker said.
Fortunately for companies, there are multiple ways to increase password strength. Hacker said longer passwords are best and people should avoid using the same password in multiple places. He recommended looking into a password manager that can keep all passwords in one place, so they aren’t forgotten.
He also suggested considering a “throwaway password,” that is used when signing up for a website that will only be used once. That way if someone guesses it and tries to access other accounts, it’s not used anywhere else of value.
“Two factor authentication is also a highly effective means of securing your account,” Hacker said. “It's not infallible, but it's highly effective.”
One of the common mistakes businesses fall into is viewing cybersecurity like a project with an end date, Hacker said. To properly guard against attacks, cybersecurity needs to be an ongoing organization-wide priority that includes staff training and education. Given that new threats are constantly emerging, an organization’s cybersecurity program should improve and evolve over time.
“Being vigilant is the biggest thing,” Hacker said. “We didn’t just do cyber in 2021 and can ignore it for the rest of the time.”
For additional learning on cybersecurity, register now for the Accounting Show Replay: Leading Strategy Topics.