Resolve To Be Cyber Smart in 2023
With the Holidays in the rear-view mirror and a new year ahead, a lot of people like to make resolutions for change. And as we all know; change can be hard. But when it comes to cybersecurity change may be necessary to prevent bad things from happening. 2022 was another banner year for ransomware and malicious attacks. These attacks are constantly evolving which continually makes it hard to maintain a proper defense. So here is a list of some best practices you can do right now to defend your information and make 2023 a secure one.
Resolve to Use Strong Passwords
Passwords are our keys to the kingdom. Do you have one key (password) for all your accounts? While it sounds difficult to do it’s very important to use a different password for each account you have. That way if a password is ever compromised you don’t have to reset it on every system, and the malicious actor can only affect one account instead of all of them. Take advantage of Password Managers which securely store a database of passwords and can even help generate strong random passwords. The more characters you use the harder it is to crack. Try to avoid saving passwords in your browsers for sensitive accounts. If someone got remote access to your computer, then they wouldn’t even need to know your username or password if they are saved in the browser. As data breaches for large organizations continue to rise there is a good chance that some of your logins are out there for sale to the highest bidder. A great tool to use to check if your email or password has been involved in a data breach is https://haveibeenpwned.com. While the site name may sound funny it contains a database of over 12 trillion accounts compromised by known data breaches. If your password is on the list, it is time to change it, especially if it is the Master password to your Password Manager tool.
Resolve to Use Multi-Factor Authentication
This one is a good follow-up to the previous recommendation on strong passwords. Multi-Factor Authentication (MFA) has become widely available over the last couple of years due to its ability to greatly decrease the chance of an account being hacked. That being said, MFA is not hackproof by any means. The bad guys can still find ways to circumvent these controls and gain access, but MFA is still much better than nothing at all. The most secure MFA method is using an Authenticator App (Microsoft, Cisco, and Google have one, to name a few) which can be used for push notifications or to generate passcodes when logging in. These are more secure than just receiving a code via a text message. Hackers have figured out ways (research SIM swapping for more detail) to receive those texts instead when logging in (research SIM swapping for more detail). For mobile devices make sure you take advantage of fingerprint and facial recognition features to lock down those devices. Think about all the apps you use on your phone that don’t require you to log in each time you open it after initial setup. If your phone doesn’t have a lock set on it, then a stolen phone provides access to a lot of information.
Resolve to Not Trust Links or Attachments
The majority of data breaches that you hear about in the news all start with one user clicking a link or opening a malicious attachment that they shouldn’t have. Attachments can contain embedded code that, when opened, executes and can do a lot of bad things, such as installing remote access software without you even knowing. With today’s current threat landscape, you have to treat every email with caution, even when it’s from a trusted source such as a friend or family member. Email accounts are frequently being hacked and then used to send malicious emails to anyone in that person’s contact list or Sent Items folder. Always hover over links first with your mouse and see where that link is going to take you. If you ever question the legitimacy of an email then contact the sender using an alternative communication method (call/text, etc.) and verify the email first.
Resolve to Search Safely
The Internet can be a wonderful source of information when used safely. There are currently over 1.7 billion websites out there with approximately 400 new websites being created every minute!1 46% of Google searches are looking for local information. With that many websites out there it’s hard to know which ones are safe. A best practice is to always stick with reputable sites. Buying Office software from Microsoft is always better than trying Joe’s Discount Software Shop, no matter how cheap Joe has it. And just because something is on the Internet, doesn’t mean it’s true. Fake news has become a major problem in recent years, and not just in the political realm. Whenever you enter payment information or login information on a site make sure the web address starts with HTTPS://. The S at the end stands for Secure and means traffic is being encrypted between your device and the server hosting the site.
Resolve to Share Wisely
If you’re like me, you get bombarded with emails and phone calls all the time from someone trying to sell you something or “remind you” that your car’s warranty is expiring soon. Another common one is phone calls from someone impersonating a software company, such as Microsoft or Dell, telling you that your computer has a problem or virus and needs to be fixed. These are always scams and looking to get you to buy software you don’t need, or worse, remote in to fix it for you and instead install malicious software that monitors your computer for logins to sensitive sites. Never trust a cold call. Instead, hang up and call the company back using a number on their website and talk with someone about the item in question. Always use caution when being asked to provide personal information such as your social security number, account number, or address.
Benjamin D. Miller, CBSM, CBSTP, CBEH
Stillman Bank Vice President & Information Technology Officer
Resources:
1Stats obtained from websitesetup.org.
References to any specific company, products, processes, or services by trade name, trademark, manufacturer, or otherwise does not necessarily constitute or imply its endorsement, recommendation, or favoring by Stillman Bank.