top of page

6 Key Factors in Good Cyber Security

By Greg Johnson, CEO Webcheck Security

Not long ago, the US Cybersecurity and Infrastructure Security Agency (CISA) and the Federal

Bureau of Investigation (FBI) posted the notice that US think tank organizations were being

targeted by advanced persistent threat (APT) actors. They then recommended 6 key factors

that can be easily applied to users in an organization, yet can have immediate and far-reaching


Keep in mind however that it’s not just think tanks that are being targeted, it is any and all

businesses with unique intellectual property. That of course includes software developers and

manufacturers of all kinds but especially those with ties to the defense community or contact

with the Federal Government.

Are these factors implemented in your organization?

6 Key Factors Recommended by CISA

  1.  Log off remote connections when not in use.

  2.  Be vigilant against tailored spearphishing attacks targeting corporate and personal accounts (including both email and social media accounts).

  3.  Use different passwords for corporate and personal accounts.

  4.  Install antivirus software on personal devices to automatically scan and quarantine suspicious files.

  5.  Employ strong multi-factor authentication for personal accounts, if available.

  6.  Exercise caution when: 

    1. Opening email attachments, even if the attachment is expected and the sender appears to be known. See Using Caution with Email Attachments.

    2. Using removable media (e.g., USB thumb drives, external drives, CDs).

Antivirus software should be defined as “strong endpoint protection” using not just old-school signature technology, but advanced heuristics such as that provided by Sophos, Sentinel One, Crowdstrike and more.

I personally use Sophos on my Mac as do many of my work-at-home employees, and in the main office we employ the Netgear Armor on our Orbi System.

Additionally, multi-factor authentication and multi-password usage is enabled on all critical

apps etc. along with whole drive encryption.

How are you doing in your organization?

To learn more about cybersecurity visit

47 views0 comments


bottom of page