Cybercriminals are searching for their next target. We have compiled this list to help you protect yourself and your business from a security breach or a massive data loss. While you have probably read some of these tips before, it never hurts to refer back to them.
1. Keep Your Software Up to Date
As you know, ransomware attacks were a major attack vector of 2017 for both businesses and consumers. One of the most important cybersecurity tips to mitigate ransomware is patching outdated software – both the operating system and applications. Taking this action helps remove critical vulnerabilities that hackers use to access your devices. Here are a few quick tips to get you started:
- Turn on automatic system updates for your device;
- Make sure your desktop web browser uses automatic security updates; and
- Keep your web browser plugins like Flash, Java, etc. updated.
2. Use Anti-Virus Protection & Use a Firewall
- Anti-virus (AV) protection software has been the most prevalent solution to fight malicious attacks. AV software blocks malware and other malicious viruses from entering your device and, therefore, compromising your data. Use AV software from trusted vendors and run only one AV tool on your device.
- Using a firewall is also important when defending your data against malicious attacks. A firewall helps screen out hackers, viruses and other malicious activity that occurs over the internet and determines what traffic is allowed to enter your device. Windows and Mac OS X come with their respective firewalls, aptly named Windows Firewall and Mac Firewall. Your router should also have a built-in firewall to prevent attacks on your network.
3. Create Strong Passwords & Use a Password Management Tool
You have probably heard that strong passwords are critical to online security. The truth is passwords are important in keeping hackers out of your data! According to the National Institute of Standards and Technology’s (NIST) 2017 new password policy framework, you should consider:
- Dropping the crazy, complex mixture of upper case letters, symbols, and numbers. Instead, opt for something more user-friendly but with at least eight characters and a maximum length of 64 characters;
- Not using the same password twice;
- Creating a password that contains at least one lowercase letter, one uppercase letter, one number and four symbols but not the following: &%#@_ ;
- Choosing a password that is easy to remember;
- Never leaving a password hint out in the open or making it publicly available for hackers to see;
- Resetting your password when you forget it and changing it once a year as a general refresh; and
- Using a password management tool or password account vault.
- LastPass FREE is a great tool for an individual. LastPass offers a FREE account and has a $2/month membership with some great advanced password features.
4. Apply Two-Factor or Multi-Factor Authentication
- Two-factor or multi-factor authentication is a service that adds additional layers of security to the standard password method of online identification. With two-factor authentication, you would be prompted to enter one additional authentication method, such as a Personal Identification Code, another password or even a fingerprint. With multi-factor authentication, you would be prompted to enter more than two additional authentication methods after entering your username and password.
- According to NIST, an SMS delivery should not be used during two-factor authentication because malware can be used to attack mobile phone networks and can compromise data during the process.
5. Learn About Phishing Scams
Be very suspicious of emails, phone calls and flyers. Phishing scams are nastier than ever.
- In a phishing scam attempt, the attacker poses as someone or something they are not to trick the recipient into divulging credentials, clicking a malicious link or opening an attachment that infects the user’s system with malware or a zero-day vulnerability exploit. This often leads to a ransomware attack. In fact, 90% of ransomware attacks originate from phishing attempts.
- Do not open an email from someone you do not know.
- Know which links are safe and which are not – before clicking a link, hover over it to be sure you recognize where it is directing you.
- Be suspicious of the emails sent to you in general – determine where the email came from and if there are grammatical errors.
- Malicious links can come from friends who have been infected too. So, be extra careful!
6. Protect Your Sensitive Personal Identifiable Information (PII)
- Personal Identifiable Information (PII) is any information that can be used by a cybercriminal to identify or locate an individual. PII includes information such as name, address, phone numbers, birth date, Social Security Number, IP address, location details or any other physical or digital identity data.
- In the new “always-on” world of social media, you should be very cautious about the information you include online. It is recommended that you show only the very minimum about yourself on social media. Consider reviewing your privacy settings across all your social media accounts, particularly Facebook. Adding your home address, birthdate or any other PII information will dramatically increase your risk of a security breach. Hackers use this information to their advantage!
7. Use Your Mobile Device Securely
According to McAfee Labs, your mobile device is a target to more than 1.5 million new incidents of mobile malware. Here are some tips for mobile device security:
- Create a difficult mobile passcode that is not your birthdate or bank PIN;
- Install Apps from trusted sources;
- Keep your device updated (hackers use vulnerabilities in unpatched older operating systems);
- Avoid sending PII or sensitive information over text message or email
- Leverage Find my iPhone or the Android Device Manager to prevent loss or theft
- Perform regular mobile backups using iCloud or Enabling Backup & Sync from Android
8. Back Up Your Data Regularly
- Backing up your data regularly is an overlooked step in personal online security. The top IT and security managers follow a simple rule called the 3-2-1 backup rule. Essentially, you will keep three copies of your data on two different types of media (local and external hard drive) and one copy in an offsite location (cloud storage).
- If you become a victim of ransomware or malware, the only way to restore your data is to erase your systems and restore with a recently performed backup.
9. Don’t Use Public Wi-Fi
- Don’t use a public Wi-Fi without using a Virtual Private Network (VPN). By using a VPN, the traffic between your device and the VPN server is encrypted. This means it’s much more difficult for a cybercriminal to obtain access to your data on your device. Use your cell network if you don’t have a VPN when security is important.
10. Review Your Online Accounts & Credit Reports Regularly for Changes
With the recent Equifax breach, it’s more important than ever for consumers to safeguard their online accounts and monitor their credit reports.
- A credit freeze is the most effective way for you to protect your personal credit information from cybercriminals right now. Essentially, a credit freeze allows you to lock your credit and use a personal identification number (PIN) that only you will know. You can then use this PIN when you need to apply for credit. To place a credit freeze on your information, contact any of the three major credit bureaus:
- Equifax – 1.888.766.0008 or www.freeze.equifax.com/Freeze/
- Experian – 1.888.397.3742 or www.experian.com/freeze
- TransUnion – 1.888.909.8872 or www.transunion.com/freeze