October is right around the corner, and that means National Cyber Security Awareness Month (NCSAM) is practically here too! We are excited to be a 2017 champion. Throughout NCSAM, we will post blogs that address weekly themes to further educate and spread awareness around important cyber security topics.
The week one NCSAM theme focuses on “Simple Steps to Online Safety.” We’ve developed a 31-day plan, also available as a handy infographic, that you can immediately put into practice. These tips are designed to help everyone learn more about cyber security and create habits to protect ourselves, our companies, and our communities.
- Protect yourself and your information. Get out of the mindset that “it can’t happen” to you. Protect yourself and your information. If you’re vulnerable to attacks by cyber criminals, you could also be putting your family, friends, and company at risk.
- Audit your passwords. Make sure they’re strong and contain an assortment of characters. Change them regularly. Don’t use the same password for multiple sites. Google has some great tips for creating strong passwords: If you have a lot of passwords to change, break it up over a few days to make it more manageable.
- Don’t “See attached.” Don’t open email attachments you weren’t expecting to receive. If in doubt, call the person who sent it to make sure it’s okay. Learn more about phishing from SANS.
- Stay off the Wi-Fi. Don’t use unsecured or public Wi-Fi networks to conduct personal business like online shopping, medical appointments or records management, or banking.
- Cover your webcam. Here at Delta Risk, we have handy red webcam covers. Come see at us at an event and we’ll give you one, too! Until then, use a piece of opaque tape (such as painter’s tape or masking tape) to cover your webcam anytime you’re not specifically using it. Cyber criminals can use webcams to get all kinds of information on people, so don’t make it easier for them.
- Regularly update your browsers. Keep your Internet browsers and any related plugins updated to make sure you’re using the latest version.
- Secure your networks. Your company probably has this covered if you’re in an office, but there are steps you can take at home, too. Make sure your home Wi-Fi network uses a strong password. Update all devices connected to the network, and refresh the passwords frequently.
- Take a phishing quiz. How vulnerable are you to a phishing attack? Cyber criminals are getting more creative every day. Cisco has a handy phishing quiz you can take. Beyond phishing, we also recommend taking a general cyber security quiz to test out your overall security awareness.
- Trust no one. Take a closer look at your Facebook friends list, LinkedIn connections, Twitter followers, and other social networks to ensure there are no suspicious accounts following you trying to harvest your personal information. Don’t accept invites from people you don’t know.
- Lock it up. Lock your phone with a secure passcode. Lock your computer with a secure password. Whether you use your devices for work purposes, or access your bank accounts and medical records on them, or even if you just have the names and phone numbers of every single person you know on them – protect them.
- Protect your systems. Make sure antivirus, firewall, and ad-blocker solutions are patched and updated on regular basis. Your employer probably provides these solutions on your work devices, so consider asking for recommendations to use at home.
- Set up 2FA. 2FA is two-factor authentication and it requires you to link your accounts to your cell phone and/or email address to verify your identity when you sign in. Use it on everything. We’re serious. Even social media accounts can be hijacked and put to ill use by criminals and fraudsters.
- Check your bank statements and set up fraud alerts. When criminals steal your bank account information, they often make small charges first ($2 here, $5 there) before going for the big bucks. Make sure you can account for every dollar spent, when, and where. If you can’t, call your bank right away.
- Clean up your apps. What apps do you have installed on your phone and computer? Are you still using them? Go through and remove anything you’re not using (and updating!) frequently. Also, make sure to check your app permissions so you know what information your apps can read and change.
- Control app access. Shiny new apps are everywhere! Get into the habit of not installing any apps unless they come from the official app store. While you’re at it, check every app before you install it to make sure it’s not asking for any suspicious or intrusive permissions. If you’re not comfortable, find a different option.
- Disable auto-connect. It can be super useful for your phone to automatically connect to your home Wi-Fi or your car’s Bluetooth, but that’s not a good thing when you’re traveling or in public. Make sure your Wi-Fi auto-discovery function is off, and Bluetooth is off.
- Reach out. Even if you’re on top of your security game (kudos!), chances are you know someone who could use some help. Your child who’s new to the Internet. That friend who loves to shop online while he waits at the train station. Your aunt who might not know what emails to avoid opening. Your co-worker who checks their bank account in line at Chipotle. Pull together some resources that have been helpful for you and share them with people who could use them.
- Be wary. Whether it’s a USB device you found in the parking lot, or a phone call claiming your Apple ID has been compromised or your Windows system needs to be updated – think twice before you follow that path. Ask questions, do your own independent research, and don’t be afraid to say no.
- Update your software. Your company probably has this covered, but there are steps you can take at home, too. Make sure any software you use on your personal computer is updated regularly. Even if you have automatic updates enabled, check in to make sure everything is running properly. Be sure to also check on updates for video games, smart TV, smart home technology like Nest thermostats, and new Internet of Things appliances like that fancy refrigerator. The more you’re aware of how things are running, the more secure you’ll be.
- Back up your data. You don’t want to lose precious photographs, important documents, and sensitive information – and you don’t want to risk cyber criminals getting their hands on it. Back up your data frequently and in multiple locations. For storing critical information or irreplaceable files like photos, consider using a removable hard drive that you remove in the event you fall victim to a ransomware attack.
- Check your email accounts. You may have forgotten about that old rocketmail.com account from 2003, but a cybercriminal could still get into it and use your name to try to get information from your family, friends, and other contacts. Go through your email accounts, delete what you aren’t using anymore, and set up stringent security measures for the accounts you want to keep.
- Monitor activity. Check the activity logs for your accounts, like social media and banking, on a regular basis, and immediately select the “end session” option for any locations, dates, and/or times you don’t immediately recognize.
- Don’t click links from suspicious sources. We like short emails, short phone calls, and short videos, but don’t click short links from unknown or questionable sources. Cyber criminals can use these to mask the real location of a link and you could end up with a malware infection.
- Have a life vest. If you’ve ever changed jobs, changed email addresses, changed phone numbers, or moved, your email and account recovery options may be out of date. This increases the chances of you getting locked out of your own accounts, and the chances of cyber criminals getting into accounts you can’t access. Check and update the recovery email addresses, phone numbers, and physical addresses associated with your accounts.
- Be card smart. We know how easy it is to click “Save my payment information” when you purchase something online or on an app but be very careful. Does the site use https? Does the company specify how they’re protecting your credit card information? Does the app regularly provide security updates? If it doesn’t feel right, and you’re not consistently checking for misuse, don’t save your credit card information.
- Create an alternate you. Newsletter subscriptions, sweepstakes, fantasy sports galore! Everything you want to read and do requires an email address. Instead of using your primary email address for everything, consider creating an alternate email address for public-facing accounts and uses, such as subscribing to newsletters or signing up for your friend’s March Madness bracket. Many email providers will allow you to create forwards and filters so you can view the information you want, when you want, while the companies holding your data only have access to your alternate, public-facing email address.
- Be skeptical. If it sounds too good, too cheap, too sensational, or too urgent to be true, it probably is. Cyber criminals are always searching for ways to get you to click, open, allow, and share. Scamming is as old as time. Make sure you’re aware of what kind of scams are happening, and pause before you share your information with anyone offering you something.
- Take charge. If a new software or new app is asking for admin rights to your system, you’re allowed to second-guess it. Read through the access it’s asking for, look in documentation for reasons why, and contact a support team if possible. Remember that you can always say no.
- Track location services. Most phones, and many computers, are equipped with location services. While it’s tempting to advise you to never, ever turn on your location, that’s not realistic for families who need to keep track of each other, or for being able to find a lost device. As with everything else: be aware of what these services provide. Turn off location services when you’re not using it. Don’t check in on social media at the airport, or while on vacation, or at your home or business; even if you believe your accounts are private, the information could still be compromised by cyber criminals.
- Disconnect. It’s good advice for life in general, but it’s especially good advice for security. Disconnect your phone and computer from the Internet when you’re not using them.
- Create a security plan. Take everything you have learned this month and create a checklist for yourself of do’s and don’ts, reminders for regular backups and updates, and tips for passwords and general cyber security. Share your best tips with us @DeltaRisk!
Summary
In the words of the National Cyber Security Alliance, “Each and every one of us needs to do our part to make sure that our online lives are kept safe and secure.” Ensuring online cyber security safety requires daily vigilance and cyber hygiene upkeep. These tips will help you get started.
We encourage you to share this blog and our companion infographic with your friends, family, and co-workers. You can also stay on the lookout for our tweets to promote NCSAM using the hashtag #CyberAware.