by Patricia Frost
Contributing Editor

It is cybersecurity awareness month and although we highlight cybersecurity this time of year, the top 10 tips for your individual security should be a daily cyber hygiene must for every one of us. Thought I would take the time to share with you what I tell my clients when asked: 

1. Keep Your Software Up to Date & Use your Device Securely

One of the most important cybersecurity tips to mitigate ransomware or other cyber intrusions is patching outdated software, both operating system and applications. This helps remove critical vulnerabilities that hackers use to access your devices. Here are a few quick tips to get you started:

  • Turn on automatic system updates for your device (mobile phone, laptop, & tablet) 
  • Make sure your desktop web browser uses automatic security updates
  • When you receive an alert for an update, do it – don’t wait. (Watch for a number to appear on your mobile device on the “app” store. Click on Updates.) 

Note:Ransomware attacks continue to be a top attack vector of 2019 for both businesses and individuals. Ransomware is malicious software designed to block access to your computer until a sum of money is paid. 

2. Use Anti-Virus Protection & a Virtual Private Network (VPN)

Anti-virus (AV) protection software has been the most prevalent solution to fight malicious attacks. AV software blocks malware and other malicious viruses from entering your device and compromising your data. Use anti-virus software from trusted vendors and only run one AV tool on your device.

Why use a VPN: Typically, when you try to access a website on the internet, you start by connecting to your internet service provider (ISP). They redirect you to any website (or other online resources) that you wish to visit. All your internet traffic passes through your ISP’s servers, which means they can see and log everything you do online. They can also hand your browsing history over to advertisers, government agencies, and other third parties.

Here’s where a VPN comes into play: It redirects your internet traffic through a specially configured remote server. This way, the VPN hides your IP address and encrypts all the data you send or receive. The encrypted data looks like gibberish to anyone who intercepts it — it is impossible to read. Protecting you and your personal data, financial information etc. Top of the line:  ExpressVPN or NordVPN. 

3. Don’t Use Public Wi-Fi – I say again – Don’t use Public Wi-Fi!

DO NOT use a public Wi-Fi without using a Virtual Private Network (VPN). By using a VPN, the traffic between your device and the VPN server is encrypted. This means it’s much more difficult for a cybercriminal to obtain access to your data on your device. Use your cell network if you don’t have a VPN when security is important.

4. Use Strong Passwords & Use a Password Management Tool

You’ve probably heard that strong passwords are critical to online security. The truth is passwords are important in keeping hackers out of your data! Lock all of your devices including phone, tablet, laptop/desktop with a password or even better – biometric data (your fingerprint). 

  • Drop the crazy, complex mixture of upper case letters, symbols, and numbers. Instead opt for something more user-friendly by using a short sentence or motto. 
  • Don’t use the same password twice.  Write them down in a separate book. 
  • Choose something easy to remember and never leave a password hint out in the open or make it publicly available for cyber hackers to see. 
  • Reset your password when you forget it.  Change it once a year to refresh.
  • When available, always opt for two-factor authentication (See #5). 

5. Use Two-Factor or Multi-Factor Authentication

Two-factor or multi-factor authentication is a service that adds additional layers of security to the standard password method of online identification. Without two-factor authentication, you would normally enter a username and password. But with two-factor, you would be prompted to enter one additional authentication method such as a Personal Identification Code, another password or even fingerprint. With multi-factor authentication, you would be prompted to enter more than two additional authentication methods after entering your username and password.

6. Do NOT Use Public USB (Universal Serial Bus) Ports 

DO NOT use a public USB port to recharge your devices. Always use your standard electrical outlet plug.  If you do not have portable charger (cost starts at $10) or an available electrical outlet and must resort to using a USB, then ensure you are doing this in conjunction with a Virtual Private Network (VPN). By using a VPN, the traffic between your device and the VPN server is encrypted. This means it’s much more difficult for a cybercriminal to obtain access to your data on your device. Use your cell network if you don’t have a VPN when security is important.

7. Always protect your work with a Privacy Screen

DO NOT conduct your personal and private business out in public without using a privacy screen that protects an onlooker from seeing company or individual intellectual property.  A computer privacy screen, sometimes called a privacy filter, is a thin piece of plastic that’s placed over your monitor or display panel in order to prevent wandering eyes from absorbing confidential information.

Here are a few of the key takeaways from their worldwide results on the importance of visual privacy in the workplace:

  • Visual hacking is easy. In the global trials, a white hat hacker was successfully able to visually hack information 91% of the time.
  • It happens quickly. In nearly half of the trials, an undercover visual hacker was able to glean information in 15 minutes or less.
  • It goes unnoticed. The visual hacker was only stopped in 32% of global trials. It takes between a few seconds and a few minutes to glance and glean sensitive information which could later be used for malicious purposes.

8. Learn about Phishing Scams – be very suspicious of emails, phone calls, and flyers

Phishing scams are nastier than ever this year. In a phishing scheme attempt, the attacker poses as someone or something the sender is used to receiving with the intent that the recipient will divulge critical information, credentials, send a monetary payment, click a malicious link, or open an attachment that infects the user’s system with malware or a vulnerability exploit. This often leads to a ransomware attack. In fact, 90% of ransomware attacks originate from phishing attempts.  A few important cybersecurity tips are: 

  • Bottom line:  Do NOT open an email from people you don’t know. 
  • Know which links are safe and which are not – hover over a link to discover where it directs you. 
  • Be suspicious of the emails sent to you in general. Look and see where it came from and if there are grammatical errors.  
  • Malicious links can come from friends who have been infected too. 
  • If it is too good to be true, it probably is.  Don’t click the link! 
  • Your IT Department, bank or other institution will never prompt you to change your password or share your credentials.  ALWAYS pick up the phone and verify the request before taking action.  

9. Protect Your Sensitive Personal Identifiable Information (PII)

Personal Identifiable Information (PII) is any information that can be used by a cybercriminal to identify or locate an individual. PII includes information such as name, address, phone numbers, data of birth, Social Security Number, IP address, location details, or any other physical or digital identity data.  In the new “always-on” and “always connected” world of social media, you should be very cautious about the information you include online. Consider reviewing your privacy settings across all your social media accounts, particularly Facebook, Instagram or LinkedIn. Adding your home address, birthdate, or any other PII information will dramatically increase your risk of a security breach. Hackers use this information to their advantage! Recommend you keep highly confidential information, i.e. banking, on a separate computer, safe from family internet surfing.

10. Backup Your Data Regularly

Backing up your data regularly is an overlooked step in personal online security. The top IT and security managers follow a simple rule called the 3-2-1 backup rule. Essentially, you will keep three copies of your data on two different types of media (local and external hard drive) and one copy in an off-site location (cloud storage).

Important Note:  If you become a victim of ransomware or malware, the only way to restore your data is to erase your systems and restore it with a recently performed backup.

Lastly – ALWAYS LOG OUT of applications and websites when you have finished using them. 

Leave a Reply

Your email address will not be published. Required fields are marked *