Written by: Carolyn Crandall, Attivo Networks CMO and Chief Deception Officer – As the threat landscape continues to evolve, today’s security experts will tell you that both perimeter security and active, in-network defenses are required to build a comprehensive cybersecurity solution. But they’ll also tell you that cyber hygiene is taking on greater importance as the scope, scale, and frequency of cyberattacks continue to grow.
Similar to personal hygiene, cyber hygiene refers to small practices and habits designed to help maintain the overall health and well-being of your system. By getting in the habit of practicing good cyber hygiene, you can reduce your overall vulnerability, making yourself less susceptible to many of the most common cybersecurity threats.
This is important because, whether acting as individuals or representatives of an organization, end users ultimately bear some responsibility for ensuring that their computers and information remain secure. The following are 10 simple, everyday steps that end users can take to better protect themselves (and in many cases their businesses) from cyberattacks.
- First, cover the basics.
- Make sure firewalls are active, correctly configured, and preferably next-gen; this is a shared responsibility InfoSec teams will take care of this in the office, and you need to take care of the one in your home. Also, make sure to segment your IoT devices and put them on their own network where it is not easy for them to infect personal or business devices.
- Install antivirus software (there are many highly regarded free options available, including Avast, BitDefender, Malwarebytes, Microsoft Windows Defender, and Panda, as well as for purchase, including Kaspersky, McAfee, Trend Micro, and Webroot)
- Keep your software updated. Updatescontain important changes to improve the performance, stability and security of the applications that run on your computer. Installing them ensures that your software continues to run safely and efficiently.
- Don’t rely on prevention technologies alone. Make sure you have accurate detection tools to quickly inform you of any attacks that bypass perimeter defenses. Deception technology is a technology recommended for both large and mid-size businesses. Not sure how to add detection? Look to managed services providers, they can help.
- Passwords aren’t going away; make sure yours are strong.
- Web security expert Troy Hunt recently wrote about longevity of the password protected system. Since passwords are unlikely to go away anytime soon, there are some steps individuals should take to make theirs stronger. For example, passphrases have been shown to be both easier to keep track of and more difficult to crack. Password managers, such as LastPass, KeePass, 1password, and other services can also be useful in keeping track of your passwords and keeping them safe.
- Also consider activating two-factor authentication if available for banking, email, and other online accounts that offer it. There are multiple options available, many of which are free or inexpensive.
- Make sure you’re on a secure website.
- When entering personal information to complete a financial transaction, keep an eye out for “https://” in the address bar. The “S” in HTTPS stands for “secure,” and means that communications between your browser and the website are encrypted.
- Most browsers will display a lock icon or green address bar when a site is properly secured. If you are on an unsecured website, it’s best to avoid entering any sensitive information.
- Employ safe browsing practices. Most of today’s major web browsers such as Chrome, Firefox, and Safari contain some reasonable security features and useful tools, but there are additional ways to make your browsing more secure. Clear your cache often, avoid storing your password on websites, do not install questionable third-party browser extensions, update your browser regularly to patch known vulnerabilities, and limit access to your personal information when you can.
- Encrypt sensitive data.
- Whether business records or personal tax returns, it’s a good idea to encrypt your most sensitive data. Encryption ensures that only you or those to whom you provide the cipher can access your files.
- There are many encryption tools available for free, including BitLocker (built into Windows 10), FileVault (part of Mac OS) and VeraCrypt.
- Avoid uploading unencrypted personal or confidential data to online file sharing services.
- Google Drive, Dropbox, and other files sharing services are convenient, but they represent another potential attack surface for threat actors. When uploading data to these file sharing service providers, encrypting the data before uploading it.
- Cloud service providers like Google Drive and Dropbox provide security measures, but threat actors may not need to hack into your cloud storage to cause harm. Threat actors may gain access to your files via weak passwords, poor access management, unsecured mobile devices, or other means.
- Pay attention to access privileges.
- It’s important to know who has access to what information. For instance, employees who do not work in a business’s financial department should not have access to financial information. The same holds true for personnel data being available outside of the HR department.
- Account sharing with a common password is strongly discouraged, and access to systems and services should be restricted to the users that need them, especially administrator level access. For instance, one should be mindful not to lend a company computer to anyone outside the company. Without proper access control, both you and your company’s information can easily be put at risk.
- Understand the vulnerabilities of Wi-Fi.
- Unsecured Wi-Fi networks are inherently vulnerable. Make sure that your home and office networks are password protected and encrypted with the best available protocols. Also, make sure to change passwords from their default.
- It’s best not to use public or unsecured Wi-Fi networks to conduct any financial businesses. If you want to be extra careful, it is probably wise not to connect to them at all if you have any sensitive material on your laptop.
- When using public Wi-Fi, use a VPN client, such as one provided to you by your business or a VPN service provider.
- Be aware of IoT device risks as they are added to your home environment. Segmenting them on their own network is advisable.
- Understand the vulnerabilities of email.
- Be careful sharing personal or financial information via email. This includes credit card numbers (or CVV numbers), social security numbers, and other confidential or personal information. Think about how Gmail predicts what you are typing. Everything you type can be read.
- Be aware of email scams. Common tactics include typo squatting, creating bogus email chains, impersonating company executives, etc. These emails can often appear valid until closer inspection. Never trust emails asking you send money or engage in other unusual behavior unless you are able to verify the validity of the source.
- Have a secret code password if you ever ask for co-workers for purchases, money transfers, or payments over email. Phone or text confirmations are highly recommended.
- Avoid storing your credit card details on websites.
- It may be easier to store credit card information on websites or your computer for each time you want to make a purchase, but this is one of the most common ways that credit card information is compromised.
- Make a habit of reviewing your credit card statements. Storing your credit card details online is just one way your information can be compromised. Always review your statements for fraudulent activity.
- Have IT on speed dial.
- If and when a breach occurs, you should have and understand your company’s or your own personal incident response plan. This would include knowing who to contact in your IT or financial department if you believe your information has been compromised and could include notification of your public relations team. It’s also a good idea to know which law enforcement departments can be helpful to you if you suspect you have been the victim of a crime or scam. Many cyber insurance companies will also require immediate notification.
- There is a lot to deal with during a breach. Learning your incident response plan during a breach is not your best bet. It is advised to get familiar with the plan and practice it so that you can act quickly and confidently if an event occurs. This includes personal response plans too. Do you know how to immediately turn off your credit cards or bank cards if compromised? Does that include when travelling?
Even the best cybersecurity in the world is bolstered by informed and prepared individuals. Understanding the vulnerabilities that exist in any network and taking the necessary precautions is an important first step toward protecting yourself against cyberattacks, and following these simple rules will improve your cyber hygiene and make you a more prepared, better protected internet user.
We encourage you to share this information with your employees and coworkers to help ensure that they are prioritizing cyber hygiene, so they can better protect their sensitive information—and yours.