Last month (October 2021) was the CyberSecurity Awareness Month. One thing that has remained in our minds as cyber-security enthusiasts is the memorable Do Your Part campaign christened with the hash-tag #BeCyberSmart. This campaign has been very timely, and it comes against the backdrop of skyrocketing cases of cyber-bullying, hacking and other cyberspace security breaches. Led by the American Cybersecurity and Infrastructure Security Agency (CISA) and the National Cyber Security Alliance (NCSA), “Do Your Part. #BeCyberSmart” was aimed at encouraging individuals to own their role in cybersecurity and do their part in protecting cyberspace. Below are several stay-safe practices we should carry on as we move forward:
1. Multi-Factor Authentication – Double your login protection
No matter how long and strong your password is, a breach is always possible. All it takes is for just one of your accounts to be hacked, and your personal information and other accounts can become accessible to cyber criminals.
Enable multi-factor authentication (MFA) to ensure that the only person who has access to your account is you. Use it for email, banking, social media, and any other service that requires logging in. If MFA is an option, enable it by using a trusted mobile device, such as your smartphone, an authenticator app, or a secure token—a small physical device that can hook onto your key ring. This way, even if cyber criminals guess your password, they’re still out of luck!
2. Wi-Fi Safety – Stay protected while connected.
The bottom line is that whenever you’re online, you’re vulnerable. If devices on your network are compromised for any reason, or if hackers break through an encrypted firewall, someone could be eavesdropping on you—even in your own home on encrypted Wi-Fi.
Practice safe web surfing wherever you are by checking for the “green lock” or padlock icon in your browser bar—this signifies a secure connection. When you find yourself out in the great “wild Wi-Fi West,” avoid free internet access with no encryption. If you do use an unsecured public access point, practice good internet hygiene by avoiding sensitive activities (e.g., banking) that require passwords or credit cards. Your personal hotspot is often a safer alternative to free Wi-Fi.
3. App Security – Keep tabs on your apps.
Have you noticed that apps you recently downloaded are asking for permission to access your device’s microphone, camera, contacts, photos, or other features? Or that an app you rarely use is draining your battery life?
Your mobile device could be filled with suspicious apps running in the background or using default permissions you never realized you approved—gathering your personal information without your knowledge while also putting your identity and privacy at risk. Don’t give your apps an all-access pass. The following are some steps to avoid “over-privileged” apps:
- Check your app permissions and use the “rule of least privilege” to delete what you don’t need or no longer use.
- Learn to just say “no” to privilege requests that don’t make sense.
- Only download apps from trusted sources.
4. Over-sharing and Geo-tagging – Never click and tell.
Everyone seems to be posting their information on social media—from personal addresses to where they like to grab coffee. You may figure, if everyone’s doing it, why can’t I?
What many people don’t realize is that these seemingly random details are all criminals need to know to target you, your loved ones, and even your physical belongings—online and in the real world. Avoid posting names, phone numbers, addresses, school and work locations, and other sensitive information (whether it’s in the text or in the photo you took). Disable geo-tagging, which allows anyone to see where you are—and where you aren’t—at any given time.
5. Phishing – Play hard to get with strangers.
Cyber criminals cast wide nets with phishing tactics, hoping to drag in victims. Seemingly real emails from known institutions or personal contacts may ask for financial or personal information.
Cyber criminals will often offer a financial reward, threaten you if you don’t engage, or claim that someone is in need of help. Don’t fall for it! Keep your personal information as private as possible. If they have key details from your life—your job title, multiple email addresses, full name, and more that you may have published online somewhere—they can attempt a direct spear-phishing attack on you. Cyber criminals can also use social engineering with these details to try to manipulate you into skipping normal security protocols.
If you’re unsure who an email is from—even if the details appear accurate—do not respond, and do not click on any links or attachments found in that email. Always avoid sending sensitive information via email.
6. Passwords – Shake up your password protocol.
Gone are the days when you needed to come up with a frustrating mixture of letters, numbers, and symbols. According to NIST guidance, you should consider using the longest password or passphrase permissible. NCCIC guidance suggests 16-64 characters. Some sites even allow for spaces. Easy-peasy!
It’s important to mix things up—get creative with easy-to-remember ways to customize your standard password for different sites. Having different passwords for various accounts can help prevent cyber criminals from gaining access to these accounts and protect you in the event of a breach. Always keep your passwords on the down-low. Every time you share or reuse a password, it chips away at your security by opening up more avenues in which it could be misused or stolen.
7. Device Protection – If you connect, you must protect.
Our devices are great at making our lives easier and fun, but it’s important to be conscious about all the information you are generating and where it’s headed. Once your device plugs into cyberspace, you and your device could potentially be vulnerable to all sorts of risks.
These include malware that can steal information and data, destroy your hardware, log keystrokes, and infect other devices connected to your compromised device. Whether it’s your computer, smartphone, game device, or other network devices, the best defense is to stay on top of things by updating to the latest security software, web browser, and operating systems. If you have the option to enable automatic updates to defend against the latest risks, turn it on. And, if you’re putting something into your device, such as a USB for an external hard drive, make sure your device’s security software scans for viruses and malware. Finally, protect your devices with antivirus software. There are many kinds of antivirus software available, so find one that fits your needs and your devices.