In our increasingly connected world, cyber awareness is a necessity. In order to protect our information, every single one of us has a personal responsibility to know and follow online safety basics, whether it’s at home, at the office, at school, or anywhere in between. In support of October being National Cyber Security Awareness Month, we’ve recapped some of the most basic - and important - online safety considerations.
Back It Up
Last things first here: always back up your data. In the event of a successful cyber-attack that either locks you out of your system (ransomware) or infects your machine, that data backup is your only guarantee. By focusing on cyber awareness and following cybersecurity best practices, you can definitely reduce your chances of becoming a victim of cybercrime.
But nothing can absolutely guarantee 100% fail-proof protection against a hack or a breach.
Which is why those data backups are so critical. They are your last line of defense against today’s cyber criminals.
And we’ll take it one step further.
If you’re securing your personal laptop, then a straight data backup to a removable storage device or cloud drive is sufficient.
If you’re securing your entire business network (and your everyday operations depend on that network), you need true data backups management which includes a plan for how to restore that data quickly and efficiently.
Think Before You Click
The vast majority of cyber attacks targeted at individual end users are done via phishing. The goal of a phishing attack is the entice you to click on a link or an attachment. Once you click, you may be taken to a malicious website to collect your personal information or your machine may be infected with malware.
Phishing is largely done via emails, but the tactic can also be used via text and social media sites and/or messaging services.
There is no way to know exactly when or how or where a phishing attack will pop up. That might seem like it makes them impossible to defend against, but that’s not true. Protecting yourself from phishing requires an understanding of the tactics, an awareness of the red flags, and a general cautiousness/vigilance.
Basically if anything about an email or a website seems suspicious, don't click on it.
If you always remember to think before you click, you are better able to spot the warning signs and avoid clicking on a bad link or attachment.
Always Stay In Control of Where You Land on the Internet
It’s not just about thinking before you click though. The larger objective is to always stay in control of where you land on the internet. (So if you think about it, and then click on the bad link anyway, you're still in trouble.)
That means avoiding clicking on links in unsolicited emails (or texts) or from unknown (or untrusted) senders.
It means that no matter how concerned you are that your bank account has been frozen or your computer is at risk of getting a virus you don’t click the direct link provided to you.
Instead, you (calmly) navigate to the KNOWN site in a fresh browser window and log in to your account and check your status. Or pick up the phone and call the service provider that supposedly just emailed you threatening to freeze/cancel your service.
This is also a good time to reinforce the fact that if something sounds too good to be true, then it IS. That link that promises a week’s vacation in paradise? Nope. Free vacations, electronics or other prizes don’t get handed out via pop-up ads or random emails.
Lock Down Your Login
Weak, insecure passwords are a hacker’s best friend. We’ve written extensive about passwords and our general lack of concern about them. Seriously, there’s a reason that “123456” and “password” are the most commonly used passwords year after year.
You can read those previous articles and resources here:
- The Trouble With Passwords
- Realistic Password Security Solutions
- Password Management Best Practices For Business
Here we’ll just remind you that good password management means using complex passwords, not having the same password for all your accounts, not sharing your password with anyone and using one that is at least 12 characters in length are all modern best practices.
It’s also highly recommend that you enable two-factor authentication wherever possible. This prevents someone who does steal or hack your password from accessing your account, due to the requirement that a second piece of information be input when a login occurs on an unrecognized device.
You can read more about the benefits of Two-Factor Authentication here.
Don’t Forget About Your Mobile Devices
While it’s true that we generally can’t live without our devices, it’s not always true that we take the steps necessary to protect them. And that device in your pocket contains a treasure trove of valuable information about you and your friends and family.
Things to remember about protecting your mobile device include (get the NCSAM Tip Sheet here):
- Be sure to always accept your smartphone’s latest update to the operating system and all apps.
- Password or passcode-protect your device (or use other features such as touch ID), so that it can’t be accessed by someone else in the event that it gets lost or stolen.
- Periodically review your apps and delete those that you no longer use.
- Limit what you do from your smartphone while on a public wi-fi network – even better is to disable Wi-Fi and Bluetooth when you aren’t using them.
- Be equally wary of unsolicited text messages and even calls and voicemails as you are about emails. These types of scams are on the rise.
Value and Protect Your Personal Information Like It’s Money
Adopting a mindset of cyber awareness means understanding that your personal information is to be protected at all costs. It’s a digital world, and once you put information out there, it stays out there.
Social networking sites are a part of our daily lives as much as (or more than) our email accounts, and it’s tempting to post updates with personal news. But it’s equally important to stop and think about any unintended consequences of sharing that information.
Check out this article for more on how posts about vacations, jobs or even your birthday can backfire.
Also make sure that you fully understand and know how to use the privacy settings on your social accounts. You can take steps to limit who has access to your updates and information.
You want to make sure that you fully own your online presence and that you think carefully about who gets what information, especially when it’s being collected through apps and websites.
Keep Your Software and Applications Up-to-Date
This is another foundation to online security basics. All of your technology should always be updated to the most current version. This includes all software, internet browsers, applications and operating systems.
Our technology systems are under attack 24/7 by hackers looking for new security holes or vulnerabilities. And because it’s not a perfect world, those holes exist, and once found they are exploited.
Fortunately the vendors that produce them react by issuing security patches that shore up those vulnerabilities. But – here’s the catch - they only work if you apply them.
And if you don’t, then you have left the door wide open for hackers to attack.
So if you’re one of those who regularly ignores, dismisses or delays the update notifications that pop up, stop what you’re doing and accept the updates. Any minor inconvenience to you in the way of upgraded functionality that looks different is well worth it when you consider the risk of operating on an outdated and vulnerable system.
And if your business doesn’t have a clear patch management process in place, it’s past time to find an IT service provider that will manage it for you.
Consider that the recent WannaCry attack was successful because it targeted an unpatched vulnerability in the Microsoft Windows OS. Even worse is that the more recent Equifax data breach that exposed the personal information of millions of Americans was the result of an unpatched website application.
Understand Social Engineering and How the Tactics Are Being Used to Target You
We’ve touched on this indirectly in the above points already, but it’s worth mentioning as a stand-alone topic. Phishing scams, pop-up ads and other scheme run by cyber criminals largely rely on social engineering tactics.
In short, they’re relying on our human nature to grant them access to what they want, instead of trying to break in on their own. Because it's easier. And it works.
The good news is that once you understand social engineering, it becomes so much easier to recognize.
The hallmark of a social engineering scam is that it will attempt to create a sense of extreme urgency. In this way, they are playing on our emotions, hoping that by getting you to react impulsively out of either fear or excitement, they will win. That’s why knowing about these tactics is critical.
Just like with phishing, there is no way to identify every single scam out there. They show up in your email inbox, your social media and messaging accounts and on your mobile device. The details change, as hackers follow the news and refresh their strategies. The alternative then to staying protected is understanding the foundation of these scams, and in every case, that’s human emotion.
So if you feel yourself reacting emotionally to an email or text, stop and take a deep breath. Remember your online safety basics and apply them.
Take Network Security Seriously
It should go without saying, but we still don’t want it to be left unsaid. Cyber awareness depends on every one of us taking network security seriously.
As individual citizens, we need to be smart about securing our home networks and our mobile devices. We need to approach social media posts with caution and teach our children about responsible, secure use of the Internet.
From a business perspective, far too many small and medium-sized business leaders shrug off the need for comprehensive network security, saying that they’re too small and not on any hacker’s radar screen. But by not implementing modern solutions, they are putting their entire business at risk.
Cyber awareness is our shared responsibility, and that means all employees need to be educated and trained in online safety and security.
And just as cybersecurity is a shared responsibility, protecting your business network is no longer just an IT function. It's a risk management issue that affects every employee, your daily operations and the reputation of your brand.
What's Your Cybersecurity IQ?
Test your cyber-smarts! Take this short 15-question quiz and see how cyber-savvy you really are.
Want more great technology updates, news and other industry information delivered directly to your inbox? Subscribe to the blog and each week you'll get new useful tech news you can use.