In a perfect world, weâd always do our best to follow the basics of cyber hygiene in our professional and personal lives. But the world isnât perfect, and being cyber smart can take a bit of work. And with the holiday season just around the corner, October is the perfect time to take a step back to re-evaluate how weâre doing.
Not just because itâs Cybersecurity Awareness Month, but because it only takes a few moments to remind ourselves, our colleagues, and our family members of the simple things we can do to keep work and personal data safe all year round.
While some of this is pretty basic information, it never hurts to double-check ourselves. And there are plenty of people in our homes, offices, and shop floors who donât know or understand the basics. So why not share these simple steps they can take to help them be more cyber aware?
TL;DR
- Check and change your passwords from time to time.
- Enable MFA/2FA on your devices and apps.
- Keep your software updated.
- Uninstall any unused apps.
- Unplug and reset unused smart devices.
- Use device encryption.
- Secure your router.
Check and Change Your Passwords From Time to Time
Yep, this one seems like a âLike, duh!â recommendation, but itâs a pretty easy one to forget! A lot of times, we wind up recycling the same passwords (or password!) over and over again. We all do it because itâs comfortable and easy. But good cyber hygiene isnât meant to be easy; itâs meant to keep data safe.
Instead, take the time to develop a completely new password or series of passwords you can use to help keep bad actors at bay. Make sure your passwords arenât easy to guess and that they include things like special characters, numbers, and capital letters. If you use phrases for passwords, come up with a new phrase that doesnât directly relate to you, like a favorite lyric from a song or a line from a movie.
Or, if thatâs too much work (and for myself, it is), you can always find a reputable password manager that can create and track passwords for you. Just be sure to change the password to your password manager frequently. Since itâs your one password to rule them all, youâll want to take special care to keep it safe!
Enable MFA/2FA on Your Devices and Apps
If youâre not using two- or multi-factor authentication (MFA), youâre not doing passwords right. Why? Because passwords alone just arenât enough anymore. Large-scale data breaches like RockYou2021 and the recent T-Mobile data breach make it even easier for bad actors to get their hands on that information. And if a bad actor could figure out your password, MFA creates a second barrier to gaining access to your accounts.
MFA comes in many flavors, but the most common kind sends you a multi-digit verification code by text message. While text-based authentication is certainly better than none, there are some advanced techniques where a bad actor could hijack your SIM to steal your auth codes. And although this kind of attack is rare, it does happenâand sadly, with growing frequency. But text messaging isnât your only option.
Many enterprises go a step further and use an authentication platform like Duo or Okta to determine who you are before granting you access. These platforms can text you an MFA verification code, but most also have separate applications that prompt you to simply tap a button, provide your fingerprint, or stare into your selfie camera. And if your company doesnât use an MFA platform, most of these vendors have free or low-cost consumer options, or you can use a free MFA app like Google Authenticator.
Keep Your Software Updated
I canât tell you how many times a family member has asked me, âShould I do this Windows update thing?â When it comes to operating system updates, the short answer is always a resounding âYes,â but not everyone knows how, and some devices no longer support critical software updates at all. .
A recent survey reports that 90% of Apple iOS devices had iOS 14 running on them by June of this year, which is great news. But that still means that 10% of the iOS devices out there are either waiting to get updates or wonât ever receive updates at all. Thatâs a LOT of devices, and the adoption rate for Android updates is even worse. And even today, there are critical medical devices and heavy machines in the wild running old versions of Windows like Windows XP because they wonât support updates or canât be taken offline for updates if they could.
So unless you or your IT department have a specific reason for skipping a security update or patch, you make sure these get installed as soon as theyâre available whenever possible.
You should also keep your frequently used applications updated as well. Whether thatâs Microsoft 365 apps on your work laptop or games and personal apps on your smartphone, these updates are just as important as operating system updates. Software, app, and OS updates often include functionality and security updates, like patching vulnerable code or implementing new and more secure ways of transmitting data.
You can also make your life a little easier by setting your laptop or smartphone to download and install these updates automatically. Almost all smartphones and most laptop/PC-based applications have settings that allow automatic updates, so you donât ever have to worry about it.
And not to be forgotten, make sure the firmware of your devices is updated frequently. Laptops, Amazon Echos, Google Homes, routers and network equipment, smart light bulbs, and even cars all have firmware that needs to be updated from time to time. And this isnât the software YOU use on the device; itâs the software the device itself depends on to function properly and securely.
Uninstall Any Unused Apps
My smartphone has 125 applications on it, and I use maybe 15 of them. Why are there so many installed on my phone? Because like most people, I install applications thinking theyâre going to be fun, or cool, or super useful. And just recently, one survey notes that the average smartphone user has 40 apps on their phone but only uses about 18âand thatâs a problem.
Unused applications can still have access to the data on your smartphone and your laptop. So even when youâre not actively using them, they can still see and use data from other apps, which adds security risk. And if you use your phone for both work and personal purposes, the unused apps on your phone could potentially put your company data at risk too.
So the next time you pull out your smartphone because youâre bored, take a few minutes to tap and hold on your unused app icons. Pulling these apps into the trash to uninstall them is easy, and itâs also pretty gratifying to clear out all of that unused junk. And seriously, when was the last time you played Candy Crush? Does anybody even play Candy Crush anymore?
Unplug and Reset Unused Smart Devices
When smart devices like Amazon Echos and smartwatches were a new thing, you might have had one or two lying around the houseâor on your desk at work. Today, these devices are everywhere, and some homes and workplaces have layers upon layers of these devices, creating smart ecosystems that control everything from the temperature of the air to the music we listen to.
As we add new devices, however, they are sure to be others that become less used or not used at all. Last year, the Royal Society of Chemistry surveyed 2,000 people and discovered that nearly 40 million unused gadgets are lying around homes in the UK alone.
Not only are these devices a tremendous source of potential waste, but they can also be a security risk if theyâre left turned on and connected to the Internet. Thatâs because even if Alexa isnât listening, bad actors can hack these devices and use them to leapfrog across networks to more valuable targetsâlike your home computer or work laptop.
If youâre not using one of these devices and you intend to keep it to use it later, simply unplug it from its power source and store it away for later. The same goes for the workplace. If you arenât using things like smart TVs in your conference rooms because people are still working from home, go ahead and unplug them until theyâre needed again.
If youâre thinking about donating it to a charity like this one that provides used smart devices to patients in hospice for telehealth purposes, be sure to follow the manufacturerâs instructions for resetting the device to remove your personal information.
And if youâre sending a smart device to an electronics recyclerâwhich should be the final resting place for any electronic deviceâalso make sure youâve reset it before you hand it over. This will help ensure your personal information is kept safe, no matter where the device winds up.
Use Device Encryption
Device encryption isnât what it used to be. Gone are the days when encrypting data on storage devices slowed down performance, making it a hassle. Encryption provides you with additional peace of mind knowing that should your laptop get stolen, if itâs lost, or if you forget it at the TSA security checkpoint (again), the chances of someone getting their hands on your information is small.
Although the use of encryption is far more commonplace than it was many years ago, not everyone is on board, and that can lead to unencrypted personal and company data winding up in the wild. Another recent survey of IT leaders found that nearly a third require data encryption by default, and almost a quarter (24%) require encryption on data in the cloud. Even still, 12% of those surveyed believed theyâd been the victims of a data breach due to the loss of unencrypted data.
Generally, Apple iOS and Android devices made in the last few years have encryption turned on by default. And when you get a new laptop or smartphone from your company, chances are theyâll make sure encryption is turned on for you. But when it comes to your laptop at home, which you might sometimes use for work purposes, encryption might not be enabled. Luckily, itâs not difficult to check! Hereâs how to check encryption on a Mac, and hereâs how to do it in Windows.
Secure Your Router
Do you remember going to the store to buy a wireless router or when it arrived from Amazon? You probably unboxed it, plugged it into the power supply, to your Internet providerâs connection, created an SSID with a password (one hopes!), and away you went.
But if youâre like most people, you probably didnât change the default login and password information. This security oversight is probably the single most common one we all make. A few years ago, a survey found that only 14% of respondents had updated their routerâs firmware, and only 18% had changed the default credentials. Iâll bet not much has changed since then, either.
Luckily, though, this is one of the easier oversights to fix. You either donât skip the advice of the setup steps that ask you to change the defaults, or you actively log in to change them when your initial setup is complete.
And if youâre one of the literal millions of people whoâve never change the default settings on their home router, donât feel alone. There are an equal number of enterprise-grade routers and Wi-Fi hotspots out in the world using default credentials. (Iâm talking to you, IT departments of the world! Nowâs a good time for you to double-check that, too!)
Do Your Part to be Cyber Smart
Being cyber smart and keeping up with good cyber hygiene habits isnât meant to be easy, itâs meant to keep information safe and secure. Bad actors know we tend to let our guards down, and when we do, they are prepared to take full advantage of our laziness so they can exploit our oversights. So, even if these tips are things you already have covered, whatâs the harm in taking some time to make sure. A little bit of hassle now can pay off big time in the future.
LEVEL UP YOUR CYBERSECURITY EXPERTISE
Are you ready to level up your cybersecurity expertise? Join us for our series of educational webinars to help you be at your best.