Editor’s Note: This article, first published in July 2021, is an informative reminder that cybersecurity starts with you. Give it a read for easy-to-implement best practices that can help protect you while you’re online.
Each of us intuitively promotes security in our day-to-day life. Many of these behaviors happen automatically: We roll up the windows and activate alarms on our cars, lock our houses when we leave, and notice anything out of the ordinary when we return home.
As in the real world, there are some habits we need to practice in cyber space to keep ourselves safe. And given how much of modern life is conducted online, these habits should become as second-nature as everything you do to keep your home safe.
#1: Lock Up Before You Leave
Just as you would lock up your personal belongings before leaving your house, you should also be locking your computer. Leaving your computer unlocked for even a moment can lead to an intrusion or theft that will be difficult to recover from. It’s also crucial to protect the way back in by choosing complex passwords.
Keep Passwords Private
Never share your passwords. This seems like good advice you may have gotten many times before, but it has a couple of meanings you may not have considered. First, and most obviously, do not write down or tell other people your password. This also means you shouldn’t allow family or friends to access your password-protected work devices (that’s often a violation of your acceptable use policies, anyway); instead, keep personal and work activity separate on different computers.
Second, don’t share the same password across multiple software platforms or websites. Password reuse is a major contributor to data loss. Once a website is compromised, attackers will use the usernames and passwords they discovered on every site they come to in an effort to steal more data.
Protect Passwords with a Password Manager
Just like you don’t give out your passwords and don’t share accounts with others, you shouldn’t reuse passwords. You might be asking: What about reusing the same password but with a different character at the end? Also a bad idea.
Hive Systems has published a table on how quickly a hacker can force their way past a password based on how long it is. The fewer characters you use, the sooner someone can break in.
But remembering dozens of unique passwords using numbers, upper and lowercase letters, symbols, and more than 11 characters for all the online services you use every day isn’t especially convenient. That’s where a password manager can help.
Some of the more commonly known and used password managers include Dashlane, LastPass, and 1Password, though there are many more choices available, depending on your needs. You can create one long passphrase—of 16 or more characters, mixed case—to access your chosen manager and be done remembering any other passwords forever. Some managers will also store other information you’d like to keep handy, like credit card information and addresses.
#2: Stay On Top of Available Defenses
Most people are familiar with the task of an oil change in a car. You should do it at very regular, recommended intervals to keep everything running smoothly. Neglecting it could result in engine failure. Failing to lock your doors or engage the alarm, too, are easily avoidable ways to leave your property exposed to theft.
Computers are very similar in this regard. Make the most of available security functionality and practice good maintenance to avoid having someone take advantage of those vulnerabilities for nefarious purposes.
Take Advantage of New Features
From time to time, software developers introduce front-end features that can help you keep your information safe. This is especially true of companies who have a vested interest in protecting your data, such as banks and data platforms used to store and access personal information and sensitive commercial documents.
One such feature is two-factor authentication, which you’ve likely seen rolled out across many of the services you access every day—at work and for personal use. Although it may seem like a hassle to add this extra step to your login procedures, it can make a massive difference in keeping your data—and the data belonging to the company you work for, or the clients you’re serving—safe from hackers.
Two-factor authentication is available in RelativityOne. Read this article to learn more.
Not Just Your Computer
In modern households, there are numerous devices that connect to the internet directly (including TVs, smart home devices, and your phone). To keep your personal life safe, it is essential that at a regular cadence you look at each device’s manufacturer site and see if an update is available. We know from experience that within a week of a patch being made available, cyber criminals are out searching for vulnerable devices; sometimes they’re even faster.
#3: Question The Things You Trust Too Much
One of the primary ways criminals take advantage of their victims is to rely on your trust. Be careful with how you throw it around by taking these precautions.
Second-guess Senders
An extremely common way to do this is by invoking a well-known brand name.
Take as an example an email from a popular vendor, Amazon. It mentions an offer of $20 for just putting your email address into a form. That sounds almost too good to be true, but the offer is for a reasonable amount and you know the brand. Still, before you fill that out, take a closer look:
- Check the sender address: is it really <something>@amazon.com, or is it actually amazoon.com or some other spoof, or even a personal address?
- Is the greeting in the message odd looking, like “Dear Customer,” compared to what you expect from this vendor?
- Are there typos in the message?
The few seconds it takes to scrutinize can save you a ton of hassle. Letting scammers know you are willing to give up your email address easily will encourage them to phish for more information.
Stay Suspicious of Your Phone
Another source of oft-misplaced trust: our mobile devices. We tend to put far more personal information into it than we would tell a trusted confidant, let alone a device over which we have limited control, which is supplied by a company which uses information as a monetary source.
Even when we believe our carrier to be reputable, they do business with many smaller and less reputable companies and your trust is being carried implicitly to them. Be cautious with your personal information—particularly your date of birth. Don’t give it out to just anyone or any app that asks for it. If that level of detail is necessary, and it rarely is, then you should be aware of how they are going to use it before you agree.
Read the Fine Print
Many of us would never sign a document without reading it first, but we will happily click “Agree” to make something go away. Take a few minutes when agreeing to new things for the first time to really read what you are about to agree to. If you think it is requires sharing more information than you should be giving up for what you are getting in return, consider carefully what to do next. Many companies have not been good stewards of our freely given, personal data. That is evident from the number of data breach events reported in news outlets daily. There are not many legal restrictions on harvesting U.S. citizen data, on aggregating that data, or in reselling it.
Remember, as Scott Goodson once wrote for Forbes: “If you’re not paying for it, you become the product.”
Screen Your Calls (and Texts)
There has been a marked increase in home and mobile phone cold calls proposing difficult to believe situations. Despite what these callers may tell you, your utility company did not suddenly decide to give you money because you pay your bills on time. Don’t be fooled by an official-sounding pitch.
Similarly, text messages also receive far more trust than they should. Texting back to those numbers, email addresses, or vanity codes verifies that the information was received by you and they found a lure to entice you.
What can you do? Don’t respond to spam or unsolicited advertisements. Clicking a link to be removed from a list only confirms the message was received and invites more advertising. Similarly, vanity codes on mobile devices can bill you when you text them and, again, verify that you got the message and can be texted again in the future. Just block the number of your mobile device and delete the message.
Now’s the Time to Build Better Habits
At the end of the day, each of us have control over our security and protect ourselves from harm in cyberspace as we do in our real lives. All it takes is a little more attentiveness when doing our normal daily activities to significantly reduce our online risk.
Be cautious when you give out information, manage access to your accounts and devices responsibly, and take advantage of software developers’ efforts to keep your devices safe. It’s as simple as that to defend your digital turf as diligently as your physical property.
Darian Lewis was a staff engineer and lead threat intelligence analyst in Relativity’s Calder7 security group.