Preventing Cyber Attacks Lies With Security Hygiene and Multi-factor Authentication, Experts Say
Panelists said everyone who is connected should be prepared.
Megan Boswell
WASHINGTON, March 1, 2022 – Security hygiene, multi-factor authentication, and employee training are key to preventing cyber attacks, experts said at a Federal Communications Bar webinar on Thursday.
“We’re all targeted” for cyber attacks, regardless of the size of the company, said Paul Kay, senior vice president and chief information officer of EchoStar Corporation, a provider of satellite and internet services.
Panelists flagged basic security hygiene as the best way to prevent cyber attacks. Kay spoke to the importance of not reusing credentials, activating multi-factor authentication, and being aware of the various kinds of fishing schemes, such as smishing, where suspicious links that are meant to bypass your security are sent via SMS on your phone.
According to John Ansbach, vice president at cyber security firm Stroz Friedberg, half of all cyber attacks were stopped by multi-factor authentication. “It’s not foolproof, but it works,” he said.
At an event early last month, the executive director of the National Cybersecurity Alliance, which has on its board members including Lenovo, Facebook and Microsoft, advocated for mandatory two-factor authentication, which requires another method to verify identity.
A lot of people who deal with sensitive information on a regular basis are now working from home and it’s never been more crucial to have good cyber security measures, added Elizabeth Rogers, partner at the Michael Best law firm. “We’re in a permanent hybrid workforce situation,” she said.
Cyber training
Training employees is also crucial to preventing and recovering from attacks, the experts said. According to Vincent Paladini, senior attorney at energy and water resource management firm Itron, 85 percent of cyber attacks involve a human element, and 61 percent involve credentials.
Good cyber security involves “training the workforce on all levels,” said Rogers. “We’re only as strong as our weakest link.”
Additionally, Kay recommended that larger businesses look at incident response firms. “If you’re a good-sized business, it makes good sense to take a look at these firms,” he said. “You need to be prepared to clean up the aftermath [of a cyber attack].”