Did you know that October is National Cybersecurity Awareness Month? In an effort to simplify things this month, here are our top 10 cybersecurity tips for 2019.
You are your best defense. Technology, unfortunately, cannot always protect you; it is up to you to examine emails carefully, answer questions without oversharing, update your devices, and not provide information to others without verifying with certainty with whom you are speaking.
The most common phishing frauds are those that contain a fake invoice, fake court order or subpoena, fake friend request, “verification” of your password or credentials, or wire request. Always be cautious of these types of emails, particularly if they are not part of your work. Do not click on direct links (in emails, text messages, etc.), especially those that are asking you to enter sensitive information. It is best to go directly to the source.
Backup, backup, backup. Ensure that you are saving your data to a secure backup location. If you do fall victim to malware, or your device fails or gets lost or stolen, you will be able to recover using those backups.
Never reuse passwords between any website or service. If one is hacked, the hacker will try the stolen credentials on other sites (they can automate this), meaning they may gain access to something else if you have used the same password. Choose passphrases in place of passwords (“the CAT played cr1bbage” is far better than “Steven1” because longer passphrases are much harder to break).
Enable 2-factor authentication wherever possible. Using something you know (a passphrase) plus something you have (a mobile device or key fob that a token code can be sent to) is far more secure than a passphrase alone.
Update your personal hardware, software, and network devices frequently. Make sure each of your computers, mobile devices, programs, and apps is running the latest version of its software. Turning automatic updates on for Windows or Macs is a great start, but don’t forget to look for updates for your other applications (Office, Adobe, etc.), mobile devices (both the operating system AND the applications on your device), and network-connected smart devices (thermostat, watch, smart plugs, etc.).
Surf the internet carefully. Visit only reputable sites that you have heard of before, and ensure that the site you visit does not replace an “O” with a zero in the domain name, for example. Be cautious on social media sites, where malware is common; do not accept friend requests from those you are already friends with, or link with “colleagues” with whom you have no connection.
If you feel pressure to click on a link or attachment, provide information, complete a wire transfer, allow a visitor into a secure area, etc., stop and think about whether the request is legitimate, and consider verifying the request another way (by phoning a previously known number or by asking a supervisor or IT to take a look at the request, e.g.). Better to make someone a little impatient than to complete a fraudulent transaction.
Limit access as much as possible. Delete old accounts that are no longer needed; leave your device at work or home if you don’t need it for travel; tell IT if you still have access to an application after changing roles; don’t let your kids play on the internet on the same computer you bank on; in short, make a hacker’s job harder by simply removing yourself as a target where possible.
Report suspicious activity on your work devices to your IT department immediately. Remove devices from the network if you are unable to reach someone right away. If you notice suspicious activity on a personal device, stop using it and have a professional look at it.
We hope you have found some valuable tips here to protect yourself here at work, and at home. Stay secure out there!