What is the most important aspect of security? Security always begins with an attention to one’s personal responsibility. While citizenry depends on competent law enforcement, people must also take ownership of their personal actions and decision making and demonstrate an attention to the potential risks of their immediate surroundings. Common sense measures such as never leaving a valuable item unattended in a public place or avoiding poorly lit streets at night go a long way to ensuring one’s safety.
The same holds true for cyber security. When we are digitally connected, we are also vulnerable. It is an important truth to recognize. That is why proper attention to cyber hygiene is so imperative today. While we all rely on the collective efforts of corporate IT personnel, internet service providers and endpoint protection software, protecting our personal information and identity still comes down to the individual measures we take daily. Below are ten best practices that every digitally connected individual should take today to ensure their privacy and online security.
1. Turn cookies off
Browser cookies are a two-edged sword. While those tiny code snippets that websites automatically deliver to your devices make browsing convenient, they also put your privacy at risk. Cookies enable the ability for third parties to gather information about your computing device and track your movements. You probably have hundreds of embedded cookies on your computer and don’t know it. While it is true that cookies do not present a major security concern, it is advisable to delete and disable them. This can be easily done whether you use Edge or Chrome as your preferred browser.
2. Use more than one password
Think about it. You don’t use the same key to open every locked door you enter. Cybercriminals have an arsenal of advanced tools and attack methodologies to steal your password. They breach company networks to steal and harvest user logon credentials. There is a good chance that at least one of your online passwords will be exposed at some point for reasons beyond your control. Unfortunately, a 2021 survey showed that as many as one in five Americans use the same password for everything. Avoid using simple variations such as appending numbers to a core password. Passwords should be uniquely different for each account.
3. Don’t Save Passwords in Browsers
The good news is that many people do use different passwords for multiple online accounts. The bad news is that they save them in their web browser. This practice opens you up to multiple security risks as anyone that gains physical or remote access to your machine can now log on your accounts as easily as you can. In addition, older browsers do not properly encrypt stored passwords so hackers can gain access to them within your computer. Cybersecurity experts recommend the use of a password manager which encrypts passwords and stores them in a secure vault. Passwords can only be accessed with a master password that can also be backed up by a second authentication method.
4. Use multifactor authentication when offered
Many employers are now enforcing the use of multifactor authentication (MFA) for employee email accounts and other cloud services they use. There is a reason for this. Relying on a password alone to protect your online accounts is a risky practice as passwords can be easily cracked or stolen by cybercriminals. You should take advantage of MFA whenever it is offered. Check the websites of your banking and financial accounts to see if they offer MFA. All the major cloud services such as Google offer MFA options such as SMS texting or a FIBO key.
5. Have I been Pwned?
To be “pwned” means that one of your email accounts has been compromised or hacked. Most likely it happened because of a data breach. It also means your online accounts are seriously vulnerable to compromise. Fortunately, finding out whether you’ve been pwned is as easy as visiting this website that helps check your exposure on the Internet.
6. Confirm official Wi-Fi network when traveling
Digitally connected users are constantly looking for an area Wi-Fi network when they are on the road. Cybercriminals know this too which is why they broadcast rogue networks. Also referred to as evil trins, these fraudulent networks are wireless access points that an attacker sets up to emulate a legitimate Wi-Fi network that users might be looking for such as the guest network in a hotel or coffee shop. It is best practice to always confirm the name of an official guest network with the front desk or counter employee.
7. Be wary of free charging stations
Many businesses offer free charging stations as a customer courtesy. Unfortunately, these stations attract the attention of malicious characters too. These stations are often poorly monitored by the businesses that offer them, opening the door for cybercriminals to hijack them to deposit malicious code on devices that plug in to charge. The FBI issued a warning against using public charging areas in April of 2023. Take the responsibility for charging your devices by using your own chargers.
8. Email content
Email was created at a time when no one thought about cybersecurity. For that reason, email is highly vulnerable to manipulation and compromise. Just as you would never publicly post your personal information such as a social security number, always refrain from sharing any sensitive information via email. Never assume that an email is private.
9. Freeze your credit to protect your identity
Most people know to freeze their credit with the three credit bureaus once their personal information has been compromised. However, waiting to freeze your accounts until after the fact presents a lot more headaches. Why not freeze them now? Think about it. How often do you apply for a new credit card, car loan or home mortgage? These instances are rare so keeping your credit in a frozen state can proactively protect you from identity theft and financial fraud and ensure peace of mind. Note that different states have different laws regarding the freezing of accounts so check the website of your state attorney general’s office or consumer protection agency.
10. Deep fakes
Scams and frauds have been around for centuries, but advanced technology has made it easier than ever before. Seeing is no longer believing thanks to deep fakes. Deep fakes are a form of digital manipulation that utilizes artificial intelligence and machine learning to create convincing fake images, videos, and audio recordings. Fraudsters used AI to mimic a CEO’s voice to convince an employee to wire $243,000 to a new account. There is even a ploy called “The Grandparent Scam” in which fraudsters manipulate the captured voice of a grandchild to send a plea for help from a grandparent. A healthy dose of skepticism goes a long way today. Always verify something out of the ordinary.
BONUS
11. Search Engine Fraud/Malvertising/Scam Search Ads
Many rely on search engines to quickly access their online accounts. Bad actors identified this as an opportunity to steal credentials or download malware. Usually, search fraud involves faking a bank or financial institution in which the hackers develop online ads that mimic a larger, established organization. For example, for ‘Bank of America – bofa.com’, it would be ‘Bamk of America – boffa.com’. The fake ad or listing appears at the top of the page, as it is a purchased listing for anyone, and those that click the fake link would be taken to a fake website that looks deceptively like the actual bank site. For those in a rush, they would log in and not notice any of the tiny discrepancies. Unfortunately, the user’s ID and password are now in the cyber criminal’s hands. The best practice here is to take time in accessing your accounts – always check the URL for the official name and look for misspellings. Instead of relying on search to access your bank portal each time, get to the official login site, then bookmark it for future access.
SCHEDULE YOUR FULL HALOCK SECURITY BRIEFING
