These days, we’re all cyber — and we must all help keep our organizations’ information safe. Staying safe requires more than changing your password every three months. Technology can help, of course, but your security will always rely heavily on people doing the right things.
With a few simple tips and techniques, even non-IT specialists can help combat potential threats and increase overall protection.
Create Strong Passwords
You know the advice for creating strong passwords — make them long and complex and use special characters. Unfortunately, many of us still create easy-to-hack passwords. Hackers know our tricks: They know that a dollar sign is a replacement for the letter “S”; they know that we use the same passwords on multiple sites; and they certainly know how to find our mother’s maiden name.
How should you approach passwords?
First, understand how to store them safely. We all have too many passwords to memorize, and a sticky note on your laptop or under your keyboard is asking for trouble. Instead, use a reliable, secure password manager that requires two-factor authentication to access.
Next, think about what websites store your passwords. It can be tempting to use the “save login” feature, but don’t; in fact, disable that option in your browser. Those few extra seconds can be the difference between a stolen identity and a protected one.
Finally, don’t reuse passwords across accounts. If you must share passwords, use a tiered approach, with the strongest passwords on the most important accounts. If your library account is discovered, you don’t want the hacker to have the password for your bank accounts. Your bank, social media and e-mail accounts should all have unique, long passwords that are changed often.
Stay up to Date
Just as your car needs routine maintenance, so does your digital life. Many users have their devices set up to receive automatic updates, which is great for keeping the foundational operating system, or OS, strong. However, that doesn’t update all of the software and applications that run on top of the OS.
One often overlooked component is your internet web browser, such as Firefox or Chrome, which can be exposed to potentially malicious websites. Your browser visits a wide array of sites, sometimes unintentionally. Some sites are loaded within advertisements for legitimate websites. Malicious websites can take advantage of outdated browsers, and that could result in your information leaking or hackers gaining access to your device.
You can help protect your browser by turning on its automatic update feature. It is also prudent to periodically make sure that those settings are still configured as you intended, as settings can be adversely “assisted” by other applications.
Steer Clear of Phishing Attempts
If you receive an e-mail asking for sensitive information, be suspicious. Some phishing attempts are easy to spot, with odd syntax, a suspicious sender domain (@irs.com versus @irs.gov) or false urgency (“do this, or else!”). Others require some sleuthing.
Hover over the hyperlinks in the e-mail – where would those links take you? Were you expecting to receive an attachment from this sender? Does a quick search of the company’s name raise any red flags? If something doesn’t pass the smell test, report it. It is far easier to take time to analyze an e-mail and get help investigating it than it is to put the worms back in the can if you click a malicious link.
Phishing scams can also happen over the phone. If you were not expecting the call, don’t share identifying information. Instead, verify the caller by:
- Asking for details they should know
Your car insurer should know what type of car you drive.
- Searching the internet for their phone number
Is it listed with the organization they claim to be calling from?
- Calling the company back using its published contact number
If someone who claims to be calling from your credit card company asks for personal information, hang up and call the number on the back of that credit card.
Beef up Your Wireless Networks
At home or in a small business, use strong encryption on your wireless router. The original security standard, WEP, can no longer hold its own; use WPA2 instead. Also, consider segmenting your network for personal and guest use. The wireless password you provide to your guests will be distinct from the one you use yourself, which helps keep sensitive logins secure.
While traveling, be even more careful. In fact, you should consider all public Wi-Fi networks to be compromised and unsafe for sensitive information. (No shopping or banking, for instance.) If you need to access sensitive accounts while traveling, set up a VPN (virtual private network) to encrypt your traffic. A VPN is fairly easy to set up; if your company doesn’t automatically create one, look for a reliable app.
Back up Your Information
Be prepared for the fallout if your information is compromised. Frequently back up your most sensitive information so you can recover it, and make sure the backup is saved on a different server in a different location. It’s best to schedule your backups on an automated schedule. Make the process as simple and straightforward as possible, so you won’t have any excuses.
Once your system is in place, test it — don’t let the first test run be during a live incident. You may discover that some of your response plan fails without access to the original system; for example, you may have lost key login information, or you may need to update contact information for involved personnel. Test, improve and test some more.
Be Conscious of Threats and Continue Learning
No one in the modern business world is immune from cyber threats — we’re all connected and we’re all vulnerable. The good news is that you’re probably savvier about cybersecurity than you realize. Everyday solutions are easy to make part of your routine, and they are essential as threats multiply. Prepare yourself, so when the next cyber attack hits the news, you’ll be confident in your proactive security plan.
To learn more about cybersecurity best practices and how you can protect your organization, download our cybersecurity resource kit.