In a perfect world, we’d always do our best to follow the basics of cyber hygiene in our professional and personal lives. But the world isn’t perfect, and being cyber smart can take a bit of work. And with the holiday season just around the corner, October is the perfect time to take a step back to re-evaluate how we’re doing.
Not just because it’s Cybersecurity Awareness Month, but because it only takes a few moments to remind ourselves, our colleagues, and our family members of the simple things we can do to keep work and personal data safe all year round.
While some of this is pretty basic information, it never hurts to double-check ourselves. And there are plenty of people in our homes, offices, and shop floors who don’t know or understand the basics. So why not share these simple steps they can take to help them be more cyber aware?
Yep, this one seems like a “Like, duh!” recommendation, but it’s a pretty easy one to forget! A lot of times, we wind up recycling the same passwords (or password!) over and over again. We all do it because it’s comfortable and easy. But good cyber hygiene isn’t meant to be easy; it’s meant to keep data safe.
Instead, take the time to develop a completely new password or series of passwords you can use to help keep bad actors at bay. Make sure your passwords aren’t easy to guess and that they include things like special characters, numbers, and capital letters. If you use phrases for passwords, come up with a new phrase that doesn’t directly relate to you, like a favorite lyric from a song or a line from a movie.
Or, if that’s too much work (and for myself, it is), you can always find a reputable password manager that can create and track passwords for you. Just be sure to change the password to your password manager frequently. Since it’s your one password to rule them all, you’ll want to take special care to keep it safe!
If you’re not using two- or multi-factor authentication (MFA), you’re not doing passwords right. Why? Because passwords alone just aren’t enough anymore. Large-scale data breaches like RockYou2021 and the recent T-Mobile data breach make it even easier for bad actors to get their hands on that information. And if a bad actor could figure out your password, MFA creates a second barrier to gaining access to your accounts.
MFA comes in many flavors, but the most common kind sends you a multi-digit verification code by text message. While text-based authentication is certainly better than none, there are some advanced techniques where a bad actor could hijack your SIM to steal your auth codes. And although this kind of attack is rare, it does happen—and sadly, with growing frequency. But text messaging isn’t your only option.
Many enterprises go a step further and use an authentication platform like Duo or Okta to determine who you are before granting you access. These platforms can text you an MFA verification code, but most also have separate applications that prompt you to simply tap a button, provide your fingerprint, or stare into your selfie camera. And if your company doesn’t use an MFA platform, most of these vendors have free or low-cost consumer options, or you can use a free MFA app like Google Authenticator.
I can’t tell you how many times a family member has asked me, “Should I do this Windows update thing?” When it comes to operating system updates, the short answer is always a resounding “Yes,” but not everyone knows how, and some devices no longer support critical software updates at all. .
A recent survey reports that 90% of Apple iOS devices had iOS 14 running on them by June of this year, which is great news. But that still means that 10% of the iOS devices out there are either waiting to get updates or won’t ever receive updates at all. That’s a LOT of devices, and the adoption rate for Android updates is even worse. And even today, there are critical medical devices and heavy machines in the wild running old versions of Windows like Windows XP because they won’t support updates or can’t be taken offline for updates if they could.
So unless you or your IT department have a specific reason for skipping a security update or patch, you make sure these get installed as soon as they’re available whenever possible.
You should also keep your frequently used applications updated as well. Whether that’s Microsoft 365 apps on your work laptop or games and personal apps on your smartphone, these updates are just as important as operating system updates. Software, app, and OS updates often include functionality and security updates, like patching vulnerable code or implementing new and more secure ways of transmitting data.
You can also make your life a little easier by setting your laptop or smartphone to download and install these updates automatically. Almost all smartphones and most laptop/PC-based applications have settings that allow automatic updates, so you don’t ever have to worry about it.
And not to be forgotten, make sure the firmware of your devices is updated frequently. Laptops, Amazon Echos, Google Homes, routers and network equipment, smart light bulbs, and even cars all have firmware that needs to be updated from time to time. And this isn’t the software YOU use on the device; it’s the software the device itself depends on to function properly and securely.
My smartphone has 125 applications on it, and I use maybe 15 of them. Why are there so many installed on my phone? Because like most people, I install applications thinking they’re going to be fun, or cool, or super useful. And just recently, one survey notes that the average smartphone user has 40 apps on their phone but only uses about 18—and that’s a problem.
Unused applications can still have access to the data on your smartphone and your laptop. So even when you’re not actively using them, they can still see and use data from other apps, which adds security risk. And if you use your phone for both work and personal purposes, the unused apps on your phone could potentially put your company data at risk too.
So the next time you pull out your smartphone because you’re bored, take a few minutes to tap and hold on your unused app icons. Pulling these apps into the trash to uninstall them is easy, and it’s also pretty gratifying to clear out all of that unused junk. And seriously, when was the last time you played Candy Crush? Does anybody even play Candy Crush anymore?
When smart devices like Amazon Echos and smartwatches were a new thing, you might have had one or two lying around the house—or on your desk at work. Today, these devices are everywhere, and some homes and workplaces have layers upon layers of these devices, creating smart ecosystems that control everything from the temperature of the air to the music we listen to.
As we add new devices, however, they are sure to be others that become less used or not used at all. Last year, the Royal Society of Chemistry surveyed 2,000 people and discovered that nearly 40 million unused gadgets are lying around homes in the UK alone.
Not only are these devices a tremendous source of potential waste, but they can also be a security risk if they’re left turned on and connected to the Internet. That’s because even if Alexa isn’t listening, bad actors can hack these devices and use them to leapfrog across networks to more valuable targets—like your home computer or work laptop.
If you’re not using one of these devices and you intend to keep it to use it later, simply unplug it from its power source and store it away for later. The same goes for the workplace. If you aren’t using things like smart TVs in your conference rooms because people are still working from home, go ahead and unplug them until they’re needed again.
If you’re thinking about donating it to a charity like this one that provides used smart devices to patients in hospice for telehealth purposes, be sure to follow the manufacturer’s instructions for resetting the device to remove your personal information.
And if you’re sending a smart device to an electronics recycler—which should be the final resting place for any electronic device—also make sure you’ve reset it before you hand it over. This will help ensure your personal information is kept safe, no matter where the device winds up.
Device encryption isn’t what it used to be. Gone are the days when encrypting data on storage devices slowed down performance, making it a hassle. Encryption provides you with additional peace of mind knowing that should your laptop get stolen, if it’s lost, or if you forget it at the TSA security checkpoint (again), the chances of someone getting their hands on your information is small.
Although the use of encryption is far more commonplace than it was many years ago, not everyone is on board, and that can lead to unencrypted personal and company data winding up in the wild. Another recent survey of IT leaders found that nearly a third require data encryption by default, and almost a quarter (24%) require encryption on data in the cloud. Even still, 12% of those surveyed believed they’d been the victims of a data breach due to the loss of unencrypted data.
Generally, Apple iOS and Android devices made in the last few years have encryption turned on by default. And when you get a new laptop or smartphone from your company, chances are they’ll make sure encryption is turned on for you. But when it comes to your laptop at home, which you might sometimes use for work purposes, encryption might not be enabled. Luckily, it’s not difficult to check! Here’s how to check encryption on a Mac, and here’s how to do it in Windows.
Do you remember going to the store to buy a wireless router or when it arrived from Amazon? You probably unboxed it, plugged it into the power supply, to your Internet provider’s connection, created an SSID with a password (one hopes!), and away you went.
But if you’re like most people, you probably didn’t change the default login and password information. This security oversight is probably the single most common one we all make. A few years ago, a survey found that only 14% of respondents had updated their router’s firmware, and only 18% had changed the default credentials. I’ll bet not much has changed since then, either.
Luckily, though, this is one of the easier oversights to fix. You either don’t skip the advice of the setup steps that ask you to change the defaults, or you actively log in to change them when your initial setup is complete.
And if you’re one of the literal millions of people who’ve never change the default settings on their home router, don’t feel alone. There are an equal number of enterprise-grade routers and Wi-Fi hotspots out in the world using default credentials. (I’m talking to you, IT departments of the world! Now’s a good time for you to double-check that, too!)
Being cyber smart and keeping up with good cyber hygiene habits isn’t meant to be easy, it’s meant to keep information safe and secure. Bad actors know we tend to let our guards down, and when we do, they are prepared to take full advantage of our laziness so they can exploit our oversights. So, even if these tips are things you already have covered, what’s the harm in taking some time to make sure. A little bit of hassle now can pay off big time in the future.
Are you ready to level up your cybersecurity expertise? Join us October 4-7 for Cybersecurity Awareness Month and our series of educational webinars to help you be at your best.
Sign up to receive the latest news