(Originally appeared on Securing the Human)
Given how quickly technology changes, keeping up with security advice can be confusing. It seems like there is always new guidance on what you should or should not be doing. Regardless of what technology you are using or where you are using it, we recommend the following five key steps.
1. You: Attackers have learned that the easiest way to bypass most security technology is by attacking you. If they want your password or your credit card, the easiest thing for them to do is to trick you into giving them this information. For example, they can call you pretending to be Microsoft tech support and claim that your computer is infected, when they are really just cyber criminals that want you to give them access to it. They could even send you an email explaining that your package could not be delivered and ask you to click on a link to confirm your address. You are then taken to a malicious website that will hack into your computer. Ultimately, the greatest defense against attackers is you. Be suspicious. By using common sense, you can spot and stop most attacks.
2. Updating: Make sure your computers, mobile devices, apps and anything else connected to a network are running the latest version of their software. Cyber criminals are constantly looking for vulnerabilities in the technologies you use. When they discover these weaknesses, they use special programs to exploit the vulnerability and hack into whatever technology you are using, including your network, your computer and your mobile devices.
3. Passwords: A strong password means one that cannot be easily guessed by hackers or by their automated programs. Instead of a single word, use a long passphrase of multiple words with some symbols and numbers thrown in for good measure. Unique means using a different password for each device and online account. This way, if one password is compromised, all of your other accounts and devices are still safe.
If any of your accounts support two-step verification, we highly recommend you always enable it, as this is one of the strongest ways to protect your account.
4. Encryption: Data can be encrypted in two places: at rest and in motion. Encrypting data at rest means protecting it when it is stored as files on places like your hard drive or a USB stick. Most operating systems allow you to automatically encrypt all of your data using features such as Full Disk Encryption. We recommend you enable this whenever possible.
Encrypting data in motion means encrypting data as it’s transmitted from your computer or device to others, such as when you are banking online. A simple way to verify if encryption is enabled is to make sure that the address of the website you’re visiting starts with “https:” and has the image of a closed padlock next to it.
5. Backups: Sometimes, no matter how careful you are, one of your devices or accounts may be compromised. Your only option might be to restore all of your personal information from a backup. Make sure you are doing regular backups of any important information and verify that you can restore from them. Most operating systems and mobile devices support automatic backups.
It’s Cyber Swecurity Awareness Month and we’re spreading the knowledge all month long. For more information about each of these steps, refer to the Securing the Human.