Be Cyber Smart
Something that we stress at Wildcard, is that cybersecurity is everyone’s job. When we say cybersecurity is everyone’s job, that doesn’t mean we expect you to start running your own penetration tests on your system. Cybersecurity is everyone’s job when it comes down to the basics. These are the tiny changes in security habits we can make in our online routine that promotes a safer and more secure online experience. Deciding that your cybersecurity is something you want to take charge of is a choice that can positively affect your online habits - and the changes you need to make are easier than you think.
If you haven’t already heard us talk about it, October is Cybersecurity Awareness Month. This is a month-long campaign to promote awareness of cybersecurity for people in all walks of life! This week is the theme: Be Cyber Smart. This will highlight best security practices and general cyber hygiene to promote data integrity at work and in your personal life.
Breaking Down the Basics
So if making small changes can have such a big impact, what are the basics we need to know?
1. Think Before you Click
Hackers aren’t going after technology first, they are going after the person behind that tech, you. Knowing that you are the main target for hackers, means you should try to mitigate human error.
When you receive emails, text messages, links, and other communications online, think about the security of these communications. Don’t click on links that will take you to unsecured (HTTP) websites, shortened URLs, or have suspicious domain names. If you get an email that causes an emotional response, verify all the details of the email to ensure what they’re asking you to do is legitimate. Remember, email is an unsecured medium of communication that should never be used to transmit sensitive data, including your personal information. These tactics are called phishing attacks and we will dive deeper into this in next week’s blog post.
The main skill to work on here is thinking before you click. Are you willing to give up sensitive information just because you don’t want to verify the legitimacy of a sender, domain, or website? Human error accounts for 95% of cybersecurity breaches according to the National Cyber Security Alliance; it’s up to you to stop and report phishing attacks.
2. Defend with Passwords
Passwords are probably the most discussed cybersecurity practice out there. From the time you created your first account online - you were practicing cybersecurity. Now if that cybersecurity was in best practice depends on how you create, manage, and store your passwords. Passwords should be random, long, and unique to that specific account. It’s vital to understand that length is more important than complexity in a password - that being said, length means nothing if it’s not paired with randomness.
When it comes to creating a secure password or passphrase, you should never use a password more than once. This guideline makes sure that if someone hacks into your social media account that they can’t also hack into your bank account because you used a different, random, and secure password for that account. This ensures that even if there is a breach in that one account, it doesn’t compromise all of your sensitive information in other accounts.
It might seem daunting to sit down and reset your passwords for all of your accounts to ensure that you are following this cybersecurity best practice. Luckily, password managers are a great solution for this. Password managers can securely store all of your passwords and generate random, secure passwords for you; all you need to remember is the password for that manager. Password managers can be available across web browsers and devices, making it easy to always have your passwords securely with you. The first step is to get started, the more accounts you have with individual strong passwords the less likely it will be for hackers to get all of your data. To make this process go faster, start changing passwords for accounts that contain the most sensitive data, such as financial and medical accounts first.
3. Think Before you Connect
Just like how you need to think before you click, thinking before you connect to Wi-Fi networks can save you from a cyber attack. Public wireless networks are usually unsecured, meaning that anyone is able to view all of your online traffic while you are connected to it.
Our recommendation is to always use a VPN when on a public network. A VPN works to encrypt and secure your connections over the internet. This masks your IP address which allows you to use public networks, privately. If you travel frequently for personal reasons or work, investing in a VPN could save you from a cyber attack in the long run.
If you have to use public networks or hotspots and don’t have a VPN, there are extra steps you should take to ensure your security. Never log in to accounts or access sensitive data while using public Wi-Fi. Imagine that every time you are on a public network, someone really is watching you. What would you allow them to see? There are harmless uses of public networks, but it’s best if you can avoid this or use a VPN in conjunction.
4. Data Integrity with Backups
Backups are a preventative measure to take in the case that you are a victim of a cyber attack. If an attacker takes control of your system, more likely than not your entire computer will have to be erased and reset. By ensuring that you do regular backups of your data, no information will be tampered with or destroyed.
Performing backups to an external hard drive is the safest precaution. By having a backup copy that is on a hard drive separate from your computer systems means the attacker will not have access to it.
According to the National Cyber Security Alliance, they recommend using the 3-2-1 rule when it comes to backing up your data. This rule follows the idea that you should keep 3 copies of your data, store two backup copies on different storage media, with one of them being located offsite. This rule is especially important for businesses, as they are creating a response plan for physical attacks and natural disasters.
5. Know your Privacy Settings
Our last recommendation to up your basic cybersecurity practices is to know your privacy settings. This means that when you create accounts, you should go into the privacy settings and adjust them to your level of comfort with sharing. You should look into your privacy settings annually to ensure that they are up to date.
Privacy settings can have a great impact on your data and physical security. Think about if you have your Facebook account set to public sharing. If you go on vacation and post about every stage of your trip, from leaving, during, and when you’re headed back home - that’s available for everyone to see. This means that if everyone knows you’re on vacation, your home is probably vacant. This gives attackers ample opportunity to physically attack your home and even your online systems.
Disabling your geolocation is also a part of privacy settings. By turning off these location services, stops attackers from knowing your current location. Some of these geolocation services can update your location in real-time each time you use your device, even if that’s just the screen lighting up. Make sure you know your privacy settings to take control of your cybersecurity.
Cybersecurity is Everyone’s Job
Owning your role in cybersecurity by starting with the basics is a perfect place to start. The more knowledge you have about how to defend yourself online, the better you will become at it. Be sure to ask your employer about your business or organization’s cybersecurity plans and habits. It’s up to you to keep your data safe. Growing our cybersecurity best practices at work or in your personal life will only create a more secure environment for all. Do Your Part. #BeCyberSmart.