2020 is here! As we approach the end of the first full week back on the job this year, here are some thoughts for resolutions to make to help keep you cyber safe in 2020.
Make strong passwords
This is a given, however with all the systems we use in a day, it can sometimes be hard coming up with strong passwords that we can remember without writing down. Here are some tips previously shared by Uzado to creating a secure password:
- Combining the names of your favourite colour and your favourite animal into one word – “greenelephant”.
- Replace letters with numbers that resemble the respective letters, i.e. Al3x (Alex), M0nk3y (Monkey), etc.
- Use a mnemonic phrase, i.e. Pbmval! (Please be my valentine!)
A passphrase that you can easily remember is a good way to make long complex passwords, rather than picking a set of random characters. Further information on the NIST password guidelines can be found here.
Use MFA wherever possible
Something that is even better than strong passwords alone is two-factor of multi-factor authentication (MFA). Multi-factor authentication provides more security than a single short password. Often described as “something you have and something you know,” multi-factor authentication requires you to enter two or more forms of authentication (any combination of: a password, a smart card or token, or a fingerprint or voice pattern). While it’s likely for one of the forms of authentication to be guessed, it’s much harder to guess two or more factors together.
Keep systems up to date
Keeping your systems up-to-date with the latest patches will go a long way to helping you remain cyber safe. Patch management is “an area of systems management that involves acquiring, testing, and installing multiple patches (code changes) to an administered computer system. Patch management tasks include: maintaining current knowledge of available patches, deciding what patches are appropriate for particular systems, ensuring that patches are installed properly, testing systems after installation, and documenting all associated procedures, such as specific configurations required.” Most hardware and software manufactures put out systems update on a regular basis. These updates are designed to help make your systems run more securely. Follow the advice of your IT department and run systems updates and patches when they are available. CarePartners was breached due to a vulnerability that had been left unpatched for 2 years. By keeping systems up-to-date and applying patches, you stand a better chance of having the latest security protection available.
Use caution when using wi-fi in public spaces
Public wi-fi may not be secure. Always refrain from sending any private information over public wi-fi. If you must work at Starbucks, always log in via the corporate VPN. While working in public, be on the look-out for “shoulder surfers” in crowded areas. These folks can capture passwords, PINs and data from taking a glance over your shoulder. You should also be wary of thieves while working in public. Remember, just like any other possessions, don't leave your mobile device(s) unattended. Lost or stolen devices could lead to a data breach.
Use Antivirus Software
One effective way to avoid malware and ransomware is to be using some form of antivirus software on all of your devices. It can help keep those suspicious emails out of your inbox, thus protecting you from viruses, malware and potentially even ransomware. Remember that not all viruses will be caught, and you still need to be vigilant with what comes into your mailbox. If something looks and sounds too good to be true, it probably is. Don’t click on suspicious links in emails.
Maintain your Privacy Online
This is easier said than done in our digital world. For many, avoiding social media is nearly impossible. The thing to remember is not to overshare personal information on social media. A simple google search can help a would-be hacker gain all the information they need to know about you to potentially gain access to a bank account. Information such as family relationships can help a criminal gain the leverage they need to access an account. Online quizzes that ask such questions as “what is the make and model of your first car?” or “name your first pet” could be used to harvest information to answer common security questions. According to Brian Krebs, “certain social networks — particularly Facebook — seem positively overrun with these data-harvesting schemes…. On the surface, these simple questions may be little more than an attempt at online engagement by otherwise well-meaning companies and individuals. Nevertheless, your answers to these questions may live in perpetuity online, giving identity thieves and scammers ample ammunition to start gaining backdoor access to your various online accounts.”
Educate Others About Cyber Security
Now that you’ve taken the time to educate yourself about cyber security, you now also need to teach others. If one worker in an organization doesn’t understand the consequences of clicking on a suspicious email link, it could put the entire business’s security into jeopardy. Teach them how to recognize suspicious emails by looking at headers, or simply highlighting links to show the true domain name. Often, these links will lead to a site asking for credentials or ask a user to download a Trojan horse, which can lead to ransomware being installed on company devices. Well-educated and suspicious employees can do wonders for your business’s security. And seeing as they have privileged information at their fingertips, they should be prepared to guard it!
Remember Phones Aren’t Immune to Cyber Security Threats
Phones are proving to be just as hackable as traditional computers. Make sure your device and apps are always up-to-date for the latest security protections. In addition, make sure that you are using trusted apps. Some bad actors have developed apps to help harvest your data. “If you find yourself wondering how to differentiate between legitimate apps and malware apps, you might find that malicious apps have these red flags. Be wary of weird/random/excessive permissions when downloading an such as location services, privacy settings, access to contacts, etc. Sometimes the permissions are legitimate, but if you’re downloading a ringtone app and it requires permission for location services think twice before granting permission to that app!”