Happy New Year! It’s a new year and the same malicious actors haven’t left our sights. It’s always best to refresh easy tips and advice to improve our experience. Below you shall find five tips for improving your cybersecurity for personal and professional use.
1. Multi-factor everywhere
Unless you’re living under a rock, you probably have seen the uptick in password breaches over the recent years. Hackers of all skillsets take advantage of this information floating on the dark web and other hosted sites. As an active user, you should review the popular site https://haveibeenpwned.com and enter your emails into this free service. If your account has been identified in any breaches, you can identify where and when that occurred. If you are someone who recycles or adds a different number to each password, please be sure to change that password everywhere.
2. Use a password manager
Do you remember in 2018 when Hawaii issued a false alarm about a ballistic missile? It was discovered that the AP had a photo of the headquarters from earlier in the year where the operator had their password out in the open on a sticky note on a monitor. Anyone would know and be able to gain entry by merely walking into the office. This is extremely dangerous. Or as we alluded to in the last talking point, you’re possibly recycling the same password as its easier to remember and use. But why? You have several free applications available to you that are cloud-hosted and can be stored locally to your device. I recommended BitWarden as it can be used in almost every popular web browser and integrated to your mobile devices. Never memorize a password again!
3. Install the latest updates
If you’re ignoring the notifications on your phone or computer, simply put: STOP. Whether it is your operating system, software, or apps on your mobile devise, stop ignoring the updates. The updates are not there to disrupt your day or break anything you’re doing. In many cases they are fixing issues in performance and often security holes. Many breaches and incidents you hear about in the news start by finding a piece of technology missing an update or several updates. Malicious actors know that updating your technology can take time and they are actively looking to exploit that.
4. Social Engineering is stronger than ever
How many social media platforms are you on? In 2020, the average person has 8. While social media provides great engagement opportunities, it can also provide a holistic view into who you are to any outsider. A talented malicious actor will perform a rigorous amount of recon to craft a unique phishing email, known as “spear-phishing” to gain access to your organization’s environment or your personal accounts. It’s incredibly easy to do this and there are many tools available to scrape this information. This practice is often referred to as “OSINT,” or open-source intelligence gathering.
5. Does it sound “phishy?”
In life, if it’s too good to be true, it probably is. It’s not likely Home Depot is giving you a $100 gift card and Microsoft is not going to reach out to you directly to repair your personal laptop. Be heavily suspicious of any outreach that may come in. In recent years, phishing emails keep growing, “smishing” or fake text messages are becoming more common, and of course, the fake phone calls where someone is looking to gather your banking information. Bad actors know that you are likely using one of the big box brands (Amazon, Apple, Google, Microsoft) and try to use this against you. As valuable as your data and information are to you, it is not to these organizations.