The Cyber-Security Threat and Steps You Can Take to Protect Your Information
With the recent cyber-attack on Equifax that impacted millions of individuals, it is a reminder that technology is exponentially expanding and proliferating our personal and professional lives more and more each day. While this brings its advantages and efficiencies, it also opens us up too many kinds of threats to our privacy and security.
As technology has advanced over the course of the past 40 years, the computer has shrunk from a machine that took up two rooms to a gadget we can hold in the palm of our hand. Studies have shown that as technology has improved, so have the security protocols for the internet. What this means is that as long as some fairly simple steps are taken to address chinks in your security armor, you will be in a good place to be able to avoid most, if not all digital security risks.
FIVE STEPS TO IMPLEMENT A HOLISTIC SECURITY MODEL
Understand Potential Threats
The number one risk for increased vulnerability is the user…that means you. Understanding that there are threats to your security and knowing how to identify them before falling prey is extremely important. Gaining knowledge about how to identify suspicious emails and information is a great first step. Today, it is prudent to be suspicious of anyone or anything that is requesting personal information.
Here are two examples where someone may attempt to gain personal information or infect your computer. One example of this is a frequent phone call that people get regarding the slowness of their computer. Someone will call offering a service to help them improve their computer speed. The caller will ask you to visit a specific website and enter their computer’s username and password so that they can remote into the computer. By doing this the user has provided the login credentials to their computer as well as complete access to the computer’s data.
Another example is called a phishing scam, it will come in the form of an email and typically involves a request to update your information at your bank or another institution but it can show in many forms. There will be a link to update your information, never click on that link. If you are directed to your bank’s website, enter the bank’s website address manually versus following a link. It may be a trick.
How secure are you in what you do with your personal computing equipment? Do you have a server for your small business or at home with a locked door? If you carry laptops and tablets, do you keep them in nondescript bags? People are far less likely to go rummaging through a duffle bag for a laptop than they are to quickly swipe a small bag holding only that. Keep your phone in a holster or pocket when not in use. Phones are most often lost or stolen because people have left them on the table at the restaurant or on the counter at the grocery store.
Set up an online tracking device for your phone and tablets. One that works across operating systems and works with phones and tablets is called Prey Anti-theft. You can find your phone or tablet by logging into your account and you can also setup features like allowing the phone to take a picture of the potential thief when they press a button on the phone (not knowing that it would manifest a trigger).
Password Management & Secure Access
With the average adult having more than 34 password-protected accounts that they are managing, it is no surprise that people are cutting corners when it comes to choosing passwords and ensuring secure access. It is paramount to protecting your information that you remain diligent in your password management.
Many of us are still walking around with very basic passwords. Using combinations of letters, numbers, symbols, and uppercase and lower-case letters are highly recommended for password selection. It is also advisable to choose a long password anywhere from 8-16 characters or more. If you have difficulty remembering the passwords you can use pneumonic sentences to help you remember. For example, MGmf8c&St41$ (My Grandmother found 8 cats and Sold them for one dollar).
As painful as it may sound, you need a unique password for each and every account that you have. This is important because if you use the same password, no matter how complex, for every account, then, if someone were to get their hands on that, then they would have a master key to all of your accounts.
What is most helpful for storing these passwords and keeping track of them is a password management tool. There are a lot out there, most of them are cloud-based and many of them are free. With password management tools, you only need to remember one master password and the tool will remember the rest. The application will then auto-populate the sites where you login so that you do not have to remember the password all the time or login to the password management system each time. Some tools to consider are LastPass, KeePass and Keeper Security.
Utilize two-factor authentication
Always look for options and opportunities to use two-factor authentication. You have to have both something that you know as well as something that you physically have in your possession. Most common is the utilization of a smartphone. You can download a two-factor authentication application which will ping your phone with a security code before you are allowed to access the accounts you have setup using the application. These two factor authentication protocols create an exponential increase in the security of your data stored online.
Password protect your router
It is vital that you take proper preventative measures in securing your router to protect your network. People who are able to connect to your wireless router or network may be able to do the following: • View all the files on your computer or laptop and spread a virus • Monitor all the websites that you visit, copy your log-in names and passwords, and read all your emails as they travel through the network • Slow down your computer or laptop and the Internet connection speed • Send spam and/or perform illegal activities using your Internet connection
To avert hackers from accessing your WiFi Network, it is vital that you use some form of deviation like WiFi Protected Access (WPA) protection. Either the WPA or the recent WPA2 standard is ideal. It is wise to create a randomly long password or passphrase to protect your wireless network. The randomly long password or passphrase can make it difficult for intruders to hack into your network. Take the time to test the security of the WPA protected network by using a service like CloudCracker.
Email is the primary entry point into our lives but email is not a closed envelope. An email is the digital version of a postcard in terms of security and privacy. The largest threat to our email security is the ability for hackers to send emails that we then open and unleash a virus on our computer. The biggest danger with email is something called phishing. This is when someone creates a false front email and then sends it to a group of people or just one individual.
Clicking on a phishing email can open you up to getting a virus. Ransomware is a virus that locks up certain information on your computer and the hacker requires the payment of the ransom in order to unlock the data or they will delete it after a certain period of time. Keep on the lookout for generic email introductions [Dear Sir or Madame], requesting of personal information, requesting an urgent response, requesting a financial transaction, or requesting opening an attachment.
SECURITY AND THE CLOUD
The cloud is actually your data living in servers in a data center. Local infrastructure is the data living in servers at your home or office. Having your data next to you for security reasons is similar to storing your money under the mattress. Larger servers have much better security protocols than what a cloud provider is capable of having. On-premise networks experience 60% security breached versus 27% in the cloud. This is not to say that you don’t want to take precautions when using cloud-based applications for security management.
We recently partnered with Alpine Business Systems to help us improve our digital security. We are following NIST (National Institute of Standards and Technology) protocols to ensure that we as a firm are doing everything possible to ensure the security of our clients’ data. Alpine also provided us with a checklist for our clients, colleagues, and friends to refer to and use in order to improve the protection of their information online. We hope that you will use it and feel free to share it with friends and loved ones.
If you utilize the tips and tricks mentioned above, as well as the checklist from Alpine, you will be in a better position when it comes to securing your data. As always, if you have other questions about data security and how to better manage your online accounts, please contact us for additional resources that can help you get organized and plan ahead.