Welcome to week one of National Cybersecurity Awareness Month. It only seems fitting that week one focuses on protecting yourself. How are your “human firewall” skills? Do you know how to spot the activities of a social engineer, or can you identify an email that may contain an exploit? Is your home network secure? Do you know what to do if your identity is stolen?
Here are 17 important tips you'll want to keep in mind:
- I know you have heard it a thousand times but do not open emails from unknown persons.
- Do not click on links, even from what appears to be a trusted source. Instead, go to the solicitor’s website and access the link directly from the website (but again, only if you’re familiar with the solicitor).
- Always place a hold on your postal service mail before you leave town.
- Consider the “opt out” option of credit card offers and balance transfer checks that arrive through the US Mail.
- For mobile apps, limit data requests for sharing of contacts, photos, and documents.
- Use anti-virus software and configure for automatic scanning. (This is true for PCs, tablets, and smartphones… no matter the brand.)
- In your computer’s internet settings, clear your cookies and temporary files after each session and avoid the “remember me” options… you do not want to save your password’s using this method. If you want to save your passwords, use a password keeper software that following the new NIST draft guidelines which require that passwords be salted with at least 32 bits of data and hashed with a one-way key derivation function.
- Backup your data to an external source on a routine basis. You cannot restore what you do not backup, and external hard drives can be purchased for under $100, which is cheap insurance.
- Password protect your devices. Select passwords that are hard to guess but easy to remember such as a made-up phrase like “mydogeatscurds” if the application allows. The trick is to use words and phrases that mean something to you and nothing to anyone else (this is the new NIST proposed guideline, but it will take a while before applications can support these new guidelines) and remember...
- that no two devices or systems should have the same password because if there any of the sites are compromised, your credentials are now known for all the sites you access. The trick here is to develop a pattern to track all your passwords.
- Change the home network password on your cable modem/router. If the password was issued by your cable provider, perhaps even on a label, it increases your changes to become a member of the next bot army!
- Do not share your home network password. Contact your cable provider for instructions on how you can set up a guest password for visiting friends and family.
- Install a router. Hardwire the cable modem to the router and properly configure it. (Hopefully, your company has provided you one that is already configured along with an installation diagram to better protect your work laptop.)
- Create passwords to all your network-connected devices including your IoT devices. For those, make sure the firmware update capability is also enabled.
- As a reminder, in response to the recent Equifax Breach, it is recommended to freeze your credit with all four credit bureaus: Innovis, Experian, TransUnion, and Equifax.
- Finally, we hope you never need this information, but should you fall victim to identity theft, contact the FTC. To learn more, please go to their website.
This certainly is not an exhaustive list but an ounce of prevention today will better protect your Personally Identifiable Information in the months to come!
Stay tuned for follow-up content released each week that provides insightful tips on protecting your organization. For more in-depth knowledge, register for our upcoming IT Audit & Controls Conference in Austin, Texas.