
A Mid-Year Review of Your Cyber-Hygiene
When it comes to our personal and professional cyber-hygiene, most of us like to think that we are safe, clean, and don’t take too many risks… and we probably know deep down that there are some things that we could be doing better.
For ourselves, we want to be vigilant to protect our credentials and private information that could be used to harm our reputation or be leveraged by identity thieves. From an organization’s perspective, those same concerns come into play with the addition of larger data-loss concerns and responsibilities to meet state and federal guidelines.
Let’s take a look at 3 major areas that you can review to be more secure online.
#1: Staying Updated
Whether it is your personal smartphone, your company’s website, or a computer… an outdated system is one that is at risk. Attackers are looking for any way into your data that they can find, and most often that is in the form of an exploit or bug that has been patched in the latest version of an app or operating system. If you haven’t updated yet, then your outdated device or system represents an opportunity for the attacker.
So staying current is challenging, sometimes expensive for an organization, and critical to maintaining a secure environment. Here are some best practices for staying updated:
- Be Organized: Keep track, in the form of a spreadsheet or database, of all of the pieces of technology that you and your organization use. Determine which of those can be automatically updated safely vs. those which need to be done manually. Assign those manual updates to people who can be responsible for keeping them current in a timely fashion.
- Embrace Minimalism: If the point above is intimidating, then that’s probably a good thing. Most of us have too much technology in our lives. The prevalence of free apps and services has given rise to a ton of “bloatware”. Our phones, PC’s, and websites are running a lot of junk that we don’t need. Trim out everything that you don’t rely on because those unnecessary services could represent a security risk.
- Be Realistic: We all run into technology issues that we don’t understand. When you hit that point, seek help. There are terrific resources online if you want to learn. Otherwise, consult a professional for assistance.
#2: Accounts and Passwords
Have you ever bought a new house, asked for the key, and been told to “just use the same one as your last house”? Every door is meant to have a unique key, and that’s the way that you should think about passwords.
Just about every few weeks on the news there is an announcement of a major service’s data leak. When that happens, the attackers steal the database of usernames and passwords. Then those people, and anyone with access to the list, will try those same username and password combinations all over the web. So if you repeat passwords then it is only a matter of time until you get caught up in this kind of situation. Since most of us only have a few different email addresses or user-names that we can use, make sure that every single website that you use has a unique password.
That raises the absolutely valid point: “But I won’t be able to remember them all!” No, you won’t. And you shouldn’t have to. There are several apps and services that act as password vaults to store all of these passwords. LastPass, 1Password, and KeePass are just a few of the popular options. Using this system, you can have a unique password for every site you use, while carrying those with you on your smartphone and having them auto-fill in your web-browser. It is fast, efficient, and far more secure than any password simple enough to be remembered easily.
The final, and critical step, to securing your accounts is to make sure to turn on 2-Factor Authentication (2FA) on any account that offers it. It is a security layer that will require an extra password, usually in the form of a code sent to or generated by your phone in order to login whenever the website or app doesn’t recognize your device. That means that if someone is trying to hack into your account from Russia or China, even if they successfully get past your password they won’t be able to get into your account unless they are also holding your phone.
#3: Email Habits & Avoiding Phishing
Phishing attacks are emails which come from someone other than they appear, hoping to get you to click on a link or attachment that will lead to an infected site or file. These attacks are incredibly successful because people are generally not very critical of the email that they receive and are often quick to click without considering what they are clicking on first.
A common trait of phishing emails is a sense of immediacy or the sense that you as the recipient are being rushed to respond. The senders of phishing emails often try to capitalize on the recipient’s emotional state to get them to hurry, not look carefully at a misspelled URL or suspiciously named file extension before they click on it.
Here are some tips to improve your email habits to be safer and less likely to be the victim of a phishing attack:
- Look Before You Click: When you hover your mouse over a button or text link, the URL’s destination will appear in the bottom left of most browsers. If you can’t make sense of where that link is about to take you, then just don’t click on it. The most important factor is to check is the domain to make sure it is properly spelled (attackers often use domains which are close to, but not quite, the real deal.)
- Don’t Take the Bait: If a service emails you with concerns about your account, go through their website directly. You don’t need to become an expert in reading URLs if you just avoid taking them in the first place. You should always be able to go to the website, sign-in normally, and navigate through your account settings and their help menus without having to start the process in the email that was sent.
- Disable Macros in Microsoft Office: Many phishing attacks involving attachments work by leveraging an exploit of Microsoft Office’s macro function. If Office Macros are not part of your workflow, then you will be more secure if you disable that feature. Visit Microsoft’s Office Support documentation for the full instructions.
Every few months, it is a good idea to revisit these three core areas:
- App & System Updates
- Accounts & Passwords
- Email Habits
Consult with a professional to develop a process to make sure that you and your organization are always protected.