Computer, Cyber and Information Security is paramount in this online world. So much of our information is entrusted to our devices and it is assumed that the device and the software is always going to protect you.
Do not ever assume this.
The cold reality is this: YOU must be aware and cognizant at all times that YOU are about 80% of the security of your devices and systems. The other 20% is the security features that are built in to the hardware and software.
The other thing to keep in mind is that Cyber Security revolves around the premise that the more inconvenient something is to access, the more secure it will be. It's a balancing act and it's never 100%. If it's online IT IS VULNERABLE. All you can do is make it a pain in the ass for an attacker, hopefully enough that s/he goes away.
Think about it like a house. Your house is secured by windows, doors, locks and keys. Other things like lights and cameras also help and are a deterrent.
YOU have to make sure the windows and doors are closed and locked. YOU have to make sure that you control the access to the keys. The lights and cameras are working. If you leave a window or door open or unlocked, lights off, cameras pointing at the sky, you are inviting any passerby to help themselves.
It's this way with Cyber Security. If you don't use the tools that are available and not aware of the limitations, you are inviting any passerby to help themselves.
You need to step up and take control of your information and security of your devices. It's that simple.
NOW: here are 10 tips to secure your devices, systems and information from attack.
Be aware of where and how you connect online in public spaces
This one is huge and you probably don't think much about the network you're connecting to, you just want to surf and enjoy your coffee.
I think the biggest threat here is that an attacker for $50 bucks can buy a jetpack, a battery powered router and duplicate the network name. Your device comes along and sees a high strength wireless network, which goes to the top of the list of devices to connect to (the lower strength router in the back office will be further down). You connect to it because: convenience and speed and poof the attacker is now on the take of all your information, passwords etc passing through this connection.
How many would honestly notice that there are 2 networks with the same name? Which one are you most likely to connect to? IF you were to see this, get up and ASK which one is the stores connection.
Unsecure wireless connections can also be sniffed and information and passwords grabbed out of the ether.
There are a couple of ways to combat this.
You can buy a jetpack yourself and use it to connect yourself to your cell network. Cell networks are encrypted end to end, which is the ideal circumstance to be in.
Connect through your wifi hotspot on your cell phone. Again probably the most secure you can possibly be here.
Both of these will eat into your data allocation, so be careful. Watching videos and streaming music are probably the two biggest hogs. So stay away from those, unless your data plan is unlimited or you're so rich you don't care. I know most of us aren't there yet, so, you've been warned ;)
Learn Safe Surfing Habits and Internet Security Features
Make sure all browser software is up to date. Security vulnerabilities appear all the time and these updates fix them.
Make sure your Operating System is SUPPORTED for security patches AND up to date.
I see many systems go through Digital Dr where people are STILL running Vista and in a couple of cases ... XP. This normally makes me want to smash my head into the desk as not only is it not up to date, there are gaping holes left in security because over time more vulnerabilities are found out. As it's no longer being patched, this represents an extreme risk to your system and information being compromised. If you own one of these, for the love of bacon, get a new current system or don't go online with it.
- Don't reuse passwords and don't have the browser store them.
With duplicate passwords, once they have one ... how many do they have? ALL, because most of you can't remember 50 different passwords and will reuse the same password for everything you do online. Remember if it's convenient, IT IS NOT SECURE.
Having the browser store passwords IS NOT SAFE. A competent attacker can very quickly find and compromise them all.
Get and use something like LastPass password manager that encrypts and stores all your passwords in the cloud. One advantage here is that once you log in to LastPass on any system, you have access to all of your sites and all you EVER have to remember is the one password.
- Would you eat candy that a stranger offered?
Those popups saying you need this update, or this software will make your life easier are just that. Candied scams to get you to install their tracking software, malware, spyware or really whatever the hell it wants.
Don't fall for that crap. If it's too good to be true, it is.
- When signing up for and entering any information into a site, make sure that the URL (the browser's address thingy) shows a green lock and green https leading the address.
- Make sure you have a paid package of Computer Security Software installed and up to date
I know other techs won't necessarily agree with this one but the thing is people want convenience, don't want to spend the time manually securing their computer. Pay for a good one and make sure it has a firewall, anti-virus and active real time detection of threats.
- Get a popup blocker for your browser. I personally use Ublock. Adblocker announced a bit back that they were accepting payment from websites to whitelist the paying site. Eff that!
Ignore and delete emails you did not ask for, especially those asking for personal information or containing attachments
If it's unsolicited, you can just about guarantee it's a scam or malicious software. Don't even be tempted, just delete.
Be wise and detached about the information you place on social networking sites
- Don't announce you're on vacation by posting pictures or a status about your trip, while you're still there
There are nefarious individuals that monitor for this and it signals to them you aren't home and ripe for a break-in.
- Try to put as little about yourself out there as possible
Birthdays, Mother's name, Pet's names etc are commonly used for passwords, please don't do this. Additionally many security questions are asking for these things. Further with enough of this kind of information, you can be the victim of identity theft or tricked into relationships that will not benefit you.
Use the highest security process you can when connecting to any website or account
Remember if it's convenient, it isn't secure
Strong, different passwords for each site. Use upper and lower case, numbers and symbols
Most sites offer 2 factor authentication. This is where you after you enter your password, a second code is asked for and the website or service will send that to your smartphone! If the website offers this and you have SMS (texting) on your phone, enable it!
Realize that in this day and age, your information is a succulent target for attackers, sooner or later if you don't pay attention, it will happen to you
Human beings suffer from amnesia when it comes to threats. After a time where nothing has happened, they become complacent and forget about the threat. With online security and the damage that compromised accounts, devices and information can cause, this is one area that you MUST NEVER FORGET about!
Make sure you have a supported Operating System and that all updates, especially critical updates are installed
- This has been covered above but it's worth repeating because it's so very important to security
Make sure all the software that you use on your devices is up to date, especially ones that connect online to a service
- Remember that through patches some holes might be fixed, in a few cases these patches can cause problems in other software, requiring more patches to other software. Always stay on top of this
Businesses MUST create and enforce Cyber Security Policies and Standard Operating Procedures - EVEN small companies
Include your team in the process - this makes everyone aware and accountable
Find a security expert to consult with and have a thorough security audit done
Considering the rapid pace that technology advances, you can't do this yourself. Additionally the audit will point out flaws in procedures and policies that will have to change to remain safe and secure. This should probably be looked at, at least once per year. More often if you have a dedicated IT department.
- Backup your important information, documents and pictures. DO NOT store this backup in the same place your computer is. If there's a fire ... hard disk failure ... corruption from malware or cryptolocker, if you don't have this done, you can lose it all.
Please share among your social networks so that as many people as possible are aware of how to protect themselves online!
If you have other tips that you think are important that I missed, please comment below and I will add them in and give you credit for the tip, plus a backlink to your website if you have one!