The main thing about cybersecurity that we’ve always preached is that it doesn’t have to be difficult. We know there are a lot of people out there that are technically challenged and easily discouraged in this world of connectivity. There’s nothing wrong with that. We’re not here to judge. But we are here to educate.
Enhancing your security and protecting your sensitive data isn’t a technical skill. It’s driven by common sense and built on fundamentals that everyone can implement at home and at work. Here are 10 simple, nontechnical things we should all be doing to combat cybercrime.
Get a password manager
This is not much of a deviation from our usual “make sure your passwords don’t suck” sermon. But remember how the internet was taken down by an army of security cameras and DVRs? Right. That happened because a bunch of people failed to update the default usernames and passwords of certain devices. So, we’ll say it again, make sure your passwords don’t suck!
The best way to make sure your passwords don’t suck is by getting a password manager. Think about it. How many accounts do you have that require a username and password? Ten? Twenty? Possibly more? It’s impossible to remember log-in credentials for every single one, unless you’re using the same password for every account, which is a major security fail.
With a password manager, you only have to remember one master password. The software can be installed on all your devices and most managers have browser plugins for automatic log-ins. Some even store credit card and other personal information so you never again have to reach for your wallet and type in numbers and addresses. Trust us when we tell you that once you get a password manager, you’ll wonder how you ever lived without one! Here’s a good article from techradar.com that reviews and ranks eight PMs for your consideration.
Use the Right Encryption
You might need a little technical background to know how to adjust the advanced security settings of a router, but setting up your network with a good password and the right encryption is easy, and critical for your security.
Most routers will come with a setup wizard that will walk you through the process and basically do all the heavy lifting. But just to clarify, the security settings you want are WAP2 with AES encryption. You do not want WEP or TKIP, both of which are outdated and considered unsecure.
AES stands for Advanced Encryption Standard, and it’s not just for WiFi. AES is the global standard for encryption—even adopted by the US government—and considered the best currently available. If it’s good enough for the government, it’s good enough for your network!
Install An Antivirus On Every Device
Running antivirus and anti-malware software has been standard operating procedure ever since computers became household items. But mobile devices need the same protection. There are thousands of malicious apps that target your sensitive information. Your smartphones and tablets are at just as much risk for infections as standard computers. And since antivirus and anti-malware software is inexpensive, even free in some cases, why wouldn’t you install it on every device you own?
Keep A Clean Workspace
This may not seem like much, but a messy desk is a major security fail, especially if you handle sensitive documents or media. How, you ask, does a messy desk or office pose a security threat? Here are eight security offenses you may not realize you’re doing every day:
- Neglecting to erase notes or shred sensitive documents.
- Failing to lock computer when leaving.
- Failing to lock cabinets and drawers.
- Leaving USB drives or mobile phones out in the open.
- Leaving programs running that give access to sensitive information.
- Leaving wallets or cards out in the open.
- Leaving keys out in the open.
- Writing down log-in credentials, especially passwords.
There is no excuse for committing any of these cybersecurity crimes. Keep your workspace organized and secure! (Furthermore, there is evidence that an orderly office improves productivity and performance.)
Enable Automatic Updates
Out-of-date software or firmware means your devices are up-to-date with the most recent vulnerabilities. When a manufacturer sends an update, it’s most often a security patch. Enabling automatic updates ensures that your devices will always be on the most recent standard. And this includes all devices like gaming systems, mobile phones, routers, and especially anything that connects to the Internet of Things.
Once you’ve enabled automatic updates, it’s important to double-check security settings. Sometimes updates will change settings without you knowing. So this isn’t a “set it and forget it” scenario. Security will always require a proactive mindset.
Backup Software Is Your Friend
Do you recall the CIA Triad? Just quick reminder:
Confidentiality = ensuring the privacy of sensitive data.
Integrity = ensuring the data is up to date and accurate.
Availability = ensuring the data is accessible at all times for anyone who has clearance.
Maintaining regular backups plays a role in all three domains. Even if you don’t handle sensitive information, you certainly don’t want to lose a hard drive’s worth of family photos and videos. Backup software is inexpensive and easy to use. Most give you the option to backup automatically and run in the background.
Since we’re on the subject, we’ll recommend, as we always do, to use the 3-2-1 backup strategy: three copies, on two different media types (external hard drives and the cloud, for example), with at least one offsite. And don’t forget to backup mobile devices!
Share with Care
We encourage posting pictures of your cats and dinner on your Facebook page and all the other social media accounts you operate. But sharing anything that could compromise your cyber or physical security is a major fail.
For example, taking a picture of your new driver’s license is not recommended. Got a new car? Awesome! Be sure to edit out your license plate number before bragging about it. And mind the background when you photograph that delicious looking cake you just baked to make sure nothing sensitive inadvertently ends up in the frame like a bank statement or credit card. And if you’re having a bad day at work, it’s probably not a good idea to take to Twitter and complain about your boss or coworkers. Every time you post something, consider your future.
As always, we recommend you set your accounts to private and be selective about who you friend. And never click on unsolicited links in social media.
ATMs and Card Skimmers
Take a couple of minutes to watch this video:
“It pays to be paranoid.” We couldn’t have said it better ourselves. And it’s not just in Europe; it’s everywhere. When you need to get cash, it’s best to find a legit bank and use the ATM located inside the building. If that’s not an option, carefully inspect the ATM before shoving your card into the slot, and mind shoulder surfers who might be spying in hopes of identifying your PIN.
Monitor Your Credit Reports
According to the 2016 Identify Fraud Study, identity thieves have stolen $112 billion over the last six years. In the U.S. alone, over 13.1 million people had their identities compromised last year, leading to a $15 billion gain for thieves. ID theft is still one of the top scams that we need to be aware of. By monitoring your credit reports, you can stay informed of anything fraudulent like an unauthorized account being opened or a credit check happening in your name.
Also, think about your children! Kids are a major target for ID thieves because most kids have a clean slate with credit bureaus. Consider placing a freeze on your kids’ credit to prevent criminals from gaining access. Note, however, that not every state allows a credit freeze. For more information, check out this blog from Krebs On Security.
Think Before You Click
Bet you didn’t see this one coming! Again, most cybercrime occurs because someone clicked something they shouldn’t have. How do you think Mirai spread to enough devices to shut down the internet?
And it’s not just phishing scams in your inbox you need to worry about. Cybercriminals send bad links via social media, SMS and in every capacity imaginable. Slow down. Verify the source. Remember that banks and credit card companies don’t send attachments unless you specifically requested something. Do a mouse-over and check URLs before clicking. And if you’re not sure, don’t click!
Bonus: Security Cat’s Guide to Fighting Cybercrime!
We’ll close by urging you to become a defender of data. Follow Security Cat’s advice!
Latest posts by Justin Bonnema (see all)
- Incident Response: Time Is Not On Your Side - April 1, 2019
- 5 Traits of Security Aware Parents - March 14, 2019
- Bad Habits of Senior Managers That Put Security of Organizations at Risk - March 1, 2019