Let’s take a deep breath
Whenever a notable data breach is announced, the media is quick to throw big words and phrases – zero-day vulnerabilities, advanced cyber weapons, nation states, etc. Consequently, many consumers now harbor deep-seated beliefs that protecting themselves against cyber crooks is unattainable.
But if we pose and reflect, most of these cyber-attacks, even those crippling well-resourced enterprises, exploit common and easily preventable vulnerabilities. In fact, several studies reveal that most cyber attackers exploit vulnerabilities for which patches had been available for more than a year. Long story short, most attacks are prevented by elementary controls.
Granted, cyber security is a fast-moving target, and there is no set of controls that can provide immunity against attacks. With that caveat in mind, here are some nine tips that, if implemented appropriately, will significantly reduce your exposure online
- Always trust your instincts
We have often been advised not to trust instructions, hyperlinks or attachments from unknown sources, as these are preferred avenues to perpetrate fraud or propagate malicious code. Most people are now accustomed to these phishing emails, and press shift delete at first sight. But scammers are also rapidly transforming their tactics. In particular, they are hacking legitimate emails and using them to send custom phishing emails or propagate malicious files to business associates, spouses, or any other trusted contacts.
It’s easy to detect and fend off a scam from the infamous Nigerian prince, but the game changes dramatically when a malicious email comes from your spouse’s mailbox. So, when something feels off the mark, it probably is. Trust your intuition, pose and call the sender to check if they indeed sent the email.
- Use a commercial password manager
Use a password management tool, such as Dashlane, KeePass, 1Password or LastPass, to generate and maintain hard to guess passwords. A password managers, according to Wirecutter, “makes you less vulnerable online by generating strong random passwords, syncing them securely across your browsers and devices, and filling them in automatically.” The advantages are twofold. First, they are handy as they remove the need to remember dozens of insanely complex passwords, which irritates several consumers. Second, they boost your security generating strong passwords for you and locking them up in an encrypted vault. Keep high risk passwords, such as banking, offline.
- Maintain cyber security hygiene
Maintain up to date software patches on your home computer and mobile devices. Ensure your personal firewall is turned on and keep your anti-virus (AV) software up to date. Use a commercial AV solution, try to avoid freebies. In fact, most Trojans are now disguised as free AV solutions. Furthermore, if your PC is behaving strangely, or you suspect it’s been compromised, immediately disconnect it from the internet, run a full AV scan or seek help from your IT provider. In some instances, you may need to reformat the PC and restore files from the latest backup.
- Regularly back up critical files
Regularly back-up of all files you care about on a separate drive that is disconnected from your computer network. Cyber criminals are blocking access to users’ files using strong encryption and then threaten to delete them unless victims pay ransom in the form of Bitcoins. Up to date back up files may be your only fall-back. Even if you pay, remember you are dealing with criminals – there is no guarantee they will honour their promise. More often, they will simply vanish away with your files and your Bitcoins.
- Activate multi-factor authentication
Don’t rely on your traditional username and password anymore, especially when accessing high value systems. Over the last few years, billions of unencrypted passwords have been stolen by internet thieves. In 2017, Yahoo announced that passwords for its entire customer base, estimated 3 billion, was hacked and dumped on the darknet. In 2017, a hacker advertised details of 117 million LinkedIn users on darknet. The internet is awash with similar stories.
To increase security over your high-risk online accounts, especially e-banking and email, enable MFA. MFA requires an additional verification after login with your username and password, such as a one-time passcode accessible via a mobile app or SMS. Several online services, such as Gmail, Dropbox and Amazon support MFA, but you must opt in. Most people discount this basic advice until they have fallen victims to significant identity theft of financial fraud.
- Conduct high risk transactions over secure websites
Before you submit any sensitive information to a website, such as personal details, payment card information or tax file number, stop and check if the connection is secured. A secure web connection starts with https:// or has a padlock symbol. Https secures connections by providing authentication and encryption between your web browser and the associated web server, blocking your sensitive data from prying eyes.
- Be wary of rogue WIFI connections
Free WIFI hotspots are now almost everywhere – in fast food restaurants, cafes, airports, churches, etc. Here in Sydney, we have WIFI friendly beaches, enabling you to surf while you surf. Free WIFI is definitely a good thing, it enables us to stay connected, all while minimising our broadband costs. But while free WIFI is enticing, think twice before you connect, hackers are also setting up rogue WIFI connections in public places to steal banking usernames, passwords, payment card details or other sensitive details. They can also redirect an unsuspecting individual to phony websites that will install malicious programs on your PC. To reduce your exposure to this threat, avoid conducting high-risk transactions, such as internet banking over untrusted public WIFI connections. Doing so could expose your online information to increased risk.
- Enable full disk encryption
Turn on full-disk encryption on your laptop or PC. Encryption scrambles your data, ensuring it cannot be accessed without the correct password in the event the device is stolen or seized. Again, Apple and Windows offer built-in encryption, but you must turn the feature on. This is especially important if you are travelling to high-risk countries, where despotic regimes can seize your digital assets.
- Prevent further damage from hacked email
If you suspect your email has been compromised, it goes without saying that you should immediately your password. Also, check your password recovery secondary email, secret question or mobile phone number to ensure they have not been altered. Further, check your settings to confirm your emails are not being forwarded to an external address.
As Ben Buchanan, a cyber security researcher wrote, “When every case is described as unprecedented and every threat actor billed as nearly unstoppable, it fuels what I call “the legend of sophistication.” The effect of such a legend is to paint a picture of a world with so many talented adversaries that practical cyber security is out of reach”.
Phil is an experienced head of cybersecurity, strategic advisor, author, and public speaker. He is the Amazon best selling author of The Five Anchors of Cyber Leadership, a practical cyber strategy book for senior business leaders. 2017 winner of ISACA International’s Michael Cangemi Best Book/Article Award, for major contributions in the field of IS Audit, control and security.