Everything we do is somehow, or another connected to the internet. Bad actors are using the internet to prey on user vulnerabilities. To lead an effective campaign against Cyber-attacks it takes a combination of prevention methods. By implementing these suggestions, you can reduce the risk of Data breaches, Identity Theft, and Ransomware.
1. Install Antivirus
Anti-Malware software is a protective measure to detect, quarantine, and remove various types of malware. Malware is malicious or harmful files and programs that can compromise your devices security. Its important to update the software and run scans regularly to make sure the virus catalogs are current.
2. Keep software updated
Regularly perform software updates to prevent vulnerabilities. Viruses and Malware are constantly seeking open doors. When a virus penetrates a computer system through an unprotected vulnerability, it is called an exploit. By performing regular updates your security posture is fortified through newer versions that address these weak spots.
3. Use Multi-Factor Authentication
Multi-Factor Authentication is a layer of protection on top of your existing username and password. It requires both a password and secondary authentication to successfully log in. Many web services are requiring this to access their apps and websites that contain sensitive data. The most common forms of multi-factor authentication include text messages, emails, and tokens.
4. Set Strong Passwords
Use complex passwords and be sure to update them every few months. Use special characters that can be used in the password field (@%+!#?). Consider using sentences or phrases so they are easier to remember but try not to use predictable single word passwords with a number behind them. Avoid using the same password for multiple accounts. Never share your password with anyone. Password Managers help store and keep track of them all.
5. Use Encryption
Protect your sensitive information by using encryption to safeguard your data. Encryption takes plain text and scrambles it into an unreadable format called “cipher text.” This protects data in transit over the internet. Legitimate websites use SSL certifications, which can be a form of encrypting data.
6. Back up Data
Regularly update your data on removable devices or through a Cloud-based data storage platform. To avoid losing valuable information, its recommended that you back up your data on multiple storage devices. Hard drives can fail, so its good to have backups of important data incase of failure. As technology evolves, Cloud-based data storage is becoming more cost affordable.
7. Lock your devices
Be sure to lock your device if you leave it unattended. Data breaches happen in moments of carelessness. A computer or cell phone left unlocked and unattended contain a treasure trove of personal, confidential data that you wouldn’t want in the hands of an untrustworthy person. Configure your devices to lock automatically. This will make it more difficult to access private information.
8. Recognize Phishing Scams
Never open suspicious links in emails. Phishing scams are fraudulent attempts to trick a user into clicking a link that will take them to a spoof of a more credible website. Their goal is to capture personal information that can be used against the user to steal their identity, gain access to their finances, or make unauthorized purchases on their behalf. Hover over links to see if they are the correct site. Poorly worded emails with misspellings are a common indicator of phishing scams.
9. Secure IOT Devices
Attackers are looking for sensitive data on Internet of Things devices. If compromised, these devices can be used to perform other attacks. Make sure that your IoT devices are password protected and meet regulatory compliance in the United States. These devices can be hacked, and their data extracted to be further used to monitor the victim, or as a bot to further expand criminal networks.
10. Limit number of Admin accounts
Admin accounts have more privileges than basic user accounts. Its better to use non-privileged accounts for normal usage. This reduces the permissions available if a user account becomes compromised. The more permissions a specific user has translates to having a golden key to implement system level changes, and even gain control of a network locking out their rightful owners. By having fewer admin level accounts and restricting regular day to day use to lesser privileged accounts, it minimized the possibility of infection through human error.
There is no single form of protecting a computer network, it takes several layers of protection to dramatically lower risk of compromise. Cyber hygiene is the combination of following best practices to improve your security posture.