What Do Airplane Bathrooms and Getting Hacked Have in Common?

Originally posted at inc.com

Three things you can do today to reduce your exposure to security threats.

Nothing is as difficult as traveling on planes with small children. 

I was recently on a long plane ride with my four children, and my youngest had to use the bathroom, which with two people inside feels like a sky-high coffin with a flush button.

While in the bathroom I noticed a security sticker that functioned as a seal. It was an alarming color and probably important. (Bear with me, I promise it's worth it).

I stared at this sticker closely as I tried not to pull a muscle while handing toilet paper to my daughter. The seal clearly wasn't secure. It had likely been removed before and was lifting from the sides.

As co-founder of a cybersecurity firm based in California, this isn't unlike what I see daily when customers lose time, money, and reputation after being hacked. We all want to believe we are secure and prepared but aren't looking closely at the detail to ensure our organization is protected.

The worst part is much of the damage is easily avoidable, even without being a security expert.  As business owners and managers, you can take some simple steps to reduce your exposure to the ever-growing number of hacking attempts.

Here are a few things you can do today to reduce your exposure:

1.     Turn Off the Faucet to Your Cash

Unfortunately, some of the worst security incidents could have been avoided with some simple administrative steps. The most frequent symptom of a hacking incident results in money being wired out of an organization's business account to temporary accounts held by hackers.  

By the time it's determined that the wire was fraudulent, there is often no way to stop this wire or reverse it because the funds have been removed by the criminal party. 

If your organization does not have a need to regularly wire money, then reach out to your banker and ensure wiring from your organization's accounts is turned off. Even if you wire funds a few times a year, it's well worth the visit to the bank to avoid costly exposure in the event of cash being siphoned from your account. 

In addition, many banks have tools to notify you of wires being attempted or completed and to limit the amount of money that's allowed to be wired in a single transaction (i.e., limiting wires to $5,000).

2.     Passwords are Dead

As a cybersecurity company, we often say "The password is dead." What we mean by this, is that passwords alone just don't cut it anymore. 

At our company, we don't allow any tools or access to software internally to be accessed without an enterprise-level two-factor authentication tool (2FA). These tools create an additional method to ensure your identity, which is often using a third-party application or text message. 

Even if you aren't ready to set up 2FA for all your applications, you can start today by using text code verification for many of the applications you use regularly.  

For instance, if you're using banking without 2FA setup you're likely exposing your company to threats. Passwords alone are not enough to protect your critical data and many applications will offer text verification at a minimum or integration with 2FA applications (such as Duo, etc.). 

 3.     Kill the Addiction to Clicking

We're all busy, and we often click first and think second. 

As sophisticated as hacking attempts can be, organizations can be even more exposed from the lack of education, training, and poor decision-making of their users. 

As mentioned above, incidents such as wiring funds from your organization's account to the accounts of hackers is often due to social engineering attempts and users not being prudent in their decision-making. 

Keeping security top of mind is critical to ensuring users are thinking through decisions as they use technology. Security awareness tools help to educate, train and test users to ensure they carefully read through communication they receive prior to taking action.