July 27, 2017 – With the seemingly endless stream of high profile ransomware outbreaks or data breaches in the news recently, one item that is frequently overlooked is how responsible personal cyber security practices can help protect users from becoming part of the latest news story. Items such as personal email, social media, online banking, store accounts, online storage, once compromised, can be irrevocably damaging to yourself and your family. Here are a few easy tips to help keep your personal resources and accounts safe from prying eyes (email, social media, online banking, online vendors, etc.).
Passwords are still a necessary evil, even in 2017, however they need to be used responsibly in order to provide a reasonable level of protection for the account they are tasked with securing. Here are several key tips to maintain your sensitive passwords and keep them safe:
- Never reuse a password for the same resource and avoid using a single password for multiple resources such as email, online banking, etc.
- Avoid saving/storing passwords in a web browser. While convenient, these can be easily exposed should your system or device be compromised.
- Update and rotate your passwords on a regular basis (2 to 4 times a year if possible)
- Use a relatively complicated password (reasonable length, using a mixture of letters, numbers, special characters)
- Try to avoid common words found in the dictionary, as these are much easier to guess or crack
- Whenever it is available, enable Two Factor Authentication. Most social media platforms, banks, and other accounts now offer this feature.
Two Factor Authentication or TFA, is a great way to add an additional layer of protection to your accounts, here’s how it works:
- In addition to your password, every time you sign in, you can receive an app notification, text message, email, or phone call with a code or confirmation that is needed before your logon request is completed.
- These requests are only sent to trusted device(s) that you have specified, so only you have access and can validate the request.
- Even if a hacker compromises your account password, they will not have the 2nd form of authentication to complete the login process and gain access to your account.
Device Hygiene – Proper maintenance of your devices (even your iPad needs some TLC periodically) will go a long way to reducing the risk of becoming another cybersecurity statistic! Sadly, many of the Microsoft devices compromised in the “Wannacry” ransomware attacks earlier this year could have been better protected had they been up-to-date with their Microsoft patches. In some cases, being 2-3 months behind in apply patches left systems vulnerable to this attack.
- Device maintenance – be sure to reboot/shutdown your device at least once a week. This ensures that any pending updates are applied to the system and helps keep overall system performance at an acceptable level.
- Always check and install updates for your devices (cell phone, tablet, PC/Mac, etc.) and applications (MS Office, Adobe Acrobat, Java, etc.). Many of these updates contain critical security fixes, so it is critical to keep up with these on a monthly basis.
- Use some form of security software on your PC/Mac – Microsoft has been improving Windows Defender, which comes with every new Windows PC and offers a reasonable level of protection for personal devices. There are several viable free versions available for Mac OS X as well.
Use Technology Responsibly and Be Aware – Many attacks revolve around tricking users to click on a malicious link and enter their credentials for a reputable/known site, or by opening an email or an attachment, which then downloads a virus or other malicious file onto your system or device. We can overlook a suspicious email or link if we are distracted or in a hurry, but taking a few extra seconds to gauge the validity of the resource is key.
- Don’t simply click on any link in email or social media. Try going to the site directly by typing in the URL yourself, or hover your mouse cursor over the link to see if it redirects to a malicious URL before clicking on it.
- Facebook, LinkedIn, and other social media platforms occasionally change their privacy options, which is easy to miss, but make it a point to regularly review any privacy or notification settings and disable any unwanted application access.
- Never write down passwords or share them with others
- Never use passwords that are “easy to remember” or are “easy to type” as this likely means they are easy to crack
- Never leave any level of “entry” to your devices or network unprotected. Change the default password or set a password on your ISP firewall/router, your wireless network, and logins for your computer
Should you have any questions, or would like assistance from our engineers in reviewing your personal cybersecurity needs, please don’t hesitate to contact us.
By: Chris Messer, SVP of Technology & Chief Engineer