October is National Cybersecurity Awareness Month. This is a great opportunity each year to take a look at your online practices around personal data, password management, and overall awareness. Raising your own awareness of cyber threats can help prevent you from becoming a compromised end-user. No one is perfect, and mistakes will still happen, but it’s up to all of us to do our best to safeguard data – for ourselves, our employers, and anyone whose information we interact with. Read on to review some areas to think about – and concrete actions you can take to protect yourself.
1. Don't be phooled by phishing scams
Traditional phishing methods have changed. Attackers have moved on from hosting suspicious looking spoofed bank websites. Banking Trojans can be silently installed on your machine after browsing to infected websites or opening suspicious documents attached to emails so it is wise to take heed of warnings from your bank and monitor your accounts closely.
Social engineering is a technique used by attackers to influence your behaviour. They can better do this when they know a lot about you. These days it’s common practice to have personal information about yourself available on the Internet. LinkedIn, for example, has 500 million users. Chances are you’re one of them, and your work history and education are viewable to anyone who cares to research you. Millions of people have public-facing Instagram accounts that provide even more insight into someone’s family life, favourite places to visit, and hobbies. It’s important to understand that when you make this kind of information publicly available, you also make yourself vulnerable to social engineering. If an email or direct message from a friend feels “off,” proceed with caution, especially if they’re trying to get you to click on a strange link or share personal or financial information.
- Review your social media privacy settings
- Trust your gut – if a message feels “off” it could be a spear phishing attempt
- Pay close attention to the link – many malicious websites are off by a single letter or by the top-level domain (for example, .net instead of .com)
2. Lock down your devices
Protect your cell phone, tablet, and computer. Your cell phone, in particular, is a powerful computer that is easily compromised or lost; more importantly your cell phone is the route into your private life and business dealings. Take advantage of the screen lock and passcode options on your devices, and use only trusted apps. Always update to the most recent operating system, and keep your software updated as well, as these frequently contain security upgrades. Consider implementing GPS tracking (either via apps/OS or a tracker) on your mobile devices, and learn how to remotely disable your device in the event of loss or theft. Finally, if you frequently use your laptop in a public setting, be sure to install a screen guard to prevent in-person spying.
- Upgrade to the latest operating system and software versions offered on your phone, tablet, and PC
- Learn how to remotely disable your devices
- Install a screen guard on your laptop
3. Get real about password management
When passwords are reused, attackers who obtain your username and password from one data breach can easily use that to access many more aspects of your online life. A password vault is a great way to avoid reusing passwords across services. By using a vault, which syncs across devices, you can create much stronger safeguards against would-be attackers. Additionally, use Two Factor Authentication (2FA) where possible. Most popular with online banking, but now seen on a variety of social media platforms and elsewhere, 2FA helps prevent unauthorised access to your accounts as an attacker will not have that second piece of information required to login. It is also worthwhile setting up the facility for One Time Passcodes (OTP) if available, especially for approving financial transactions when online banking. Consider password protecting important documents and certainly perform regular backups for peace of mind in the case of a ransomware attack or hardware failure.
- Use a password vault
- Use 2FA whenever it is available
- Perform regular backups – to a hard drive or to the cloud
4. Stay on top of leaks and breaches, and be mindful of who has your PII
Take heed of data breach notifications that you hear of in the press and from your breached provider. Understand what was leaked and assess the risk to yourself. If you are concerned about financial impact ask your bank to set up alerts on your account and credit records.
Data aggregators such as credit reporting agencies and government departments continue to be hacked. Email providers are being attacked or suffer data loss. Attackers have a treasure trove of stolen personally identifiable information (PII) at their fingerprints; some of which you cannot change such as your Social Security Number or National Identification number. Be aware that if this type of information gets in the hands of attackers it could lead to identity theft so protect your PII as best as you can.
- Make a list of those organizations who have your PII
- Stay on top of the news whenever there is a breach
- Set up alerts on your account and credit reports
5. Protect yourself at home AND at work
Remember that you’re responsible for more than just your personal data. Think about the ways you interact with sensitive data at work – and be sure to follow the data handling policies that have been set up within your business. Treat work-related data with as much care as you would your own. Most businesses have policies in place around data handling as well as response plans for breaches. Take the time to review those policies so you are prepared for how to respond if you identify an issue or see a dreaded ransomware demand message. Your employer will thank you for being their eyes and ears given today’s threat landscape.
- Treat work data as sensitively – if not more so – as your own personal data
- Review your business’s data handling and breach response policies
- Speak up if you have any concerns or questions about data handling at work
6. We're all in this together - don't be afraid to ask for help
Reach out for help – whether to a computer-literate family member if at home or your employer’s IT team. Take care of your data, take care of your employer’s data and adjust your behaviour to suit the current cyber security landscape. Stay Safe Online, the organization behind National Cybersecurity Awareness Month, is a great place to start if you’re looking for resources.
- Review the Stay Safe Online safety tips – and share them with a friend or family member
- Set up a quarterly calendar reminder to review all of your online privacy and security practices
- Trust your inner voice – if an email or message feels off, pay attention to that feeling and proceed with caution!