Cybersecurity, whether you like it or not, is a hot and relevant topic these days, not just for business, but also for home users of technology. So, what do you need to know to keep your and your business’s data safe? The truth is, a lot, writes cybersecurity expert Martin Haak.
And herein lies the problem. Most people have had the pants scared off them with the constant hype about hackers, data breaches, scams, identity theft, ransoms, and the list goes on. The reality is that cybersecurity is scary!
And yes, unfortunately, it affects all of us who use technology, and even those that don’t. Cybersecurity was born from technology, so most people in the industry come from a technical or IT background. The very term itself is polarising, and even misleading. This is why most people relate it to technology and think it’s an IT problem, and not their problem. However, Cybersecurity is largely a human problem. It’s everyone’s responsibility and everyone’s problem. And, that makes it your problem too.
In fact, it’s relevant across all aspects of data, digital or analogue.
On a personal level it relates to the way we handle and look after our own information from documents such as bank statements and utility bills, and right through to medical records, photos, and of course our passwords.
On a business level, cybersecurity is relevant across all business information, and even every process in an organisation. And, what might be the weakest link?
No, it’s not your antivirus program, firewall, “The Cloud”, your IT guy, or your tech savvy kids who probably look after all of that stuff.
It’s you. It’s always you. Why? Because you are human. And, you make mistakes. Such as:
– You don’t always think about the risks of everything you do when it comes to personal or business information.
– You throw out those documents with personally identifiable or sensitive information, rather than shredding them.
– You leave your computer unlocked when you go to the bathroom when you’re working from a cafe.
– You give your kids your password(s).
– You let your kids use your phone when you need some time to yourself. That same phone which likely has sensitive work information on it.
– You let your kids use your work computer when you bring it home.
– You let your co-worker use your computer.
– You accidentally email company intellectual property or sensitive documents to the wrong email address.
– You forget to BCC your recipients in an email and CC instead (which can actually be a confidentiality or data breach)
– You click on that fake “phishing” email designed to trick you into stealing your information, and does exactly that.
– You open the attachment on the email that you supposedly get from your electricity provider. Only it’s not from them, and you’ve just encrypted all your files with ransomware.
– You don’t have a process in place that requires additional authorisation when you receive that new invoice from your client or supplier with a note to say that the account details have changed, then when you pay it, you’ve actually paid a hacker that had infiltrated the email account and altered the invoice. That money is gone, and you won’t get it back. You might if you have cyber insurance, but it depends. See, it gets very Confusing.
So what can YOU do? In a perfect world, cybersecurity should be a forethought, not an after-thought. Everyone needs to care, not just be forced to change their behaviours. Really, it needs to be intrinsic.
This cybersecurity stuff is overwhelming and confusing for everyone. Even us in the industry! The landscape is constantly changing. Every day there are new threats, new breaches, new policies, new regulations. And with it comes a lot of fear mongering. With fear comes shame. With shame comes overwhelm. And once you’re overwhelmed, you often do nothing because you don’t even know where to start or who to turn to.
You don’t have to change everything at once to start making a difference. You don’t have to start with your IT guy or tech department. You don’t even have to spend any money.
The holiday season is a time for reflection. Many of us make New Year’s resolutions. Many of us plan to make changes for the new year ahead.
Here’s some cybersecurity improvements you can add to your list that are easy to do and reduce your risk exposure significantly.
You might hear people bang on about password managers and how they are the best option for creating, managing, and storing your passwords.
I know, I know, for many of you password managers are a big change, and take a bit of getting used to. And if you’re one of those who absolutely HATE change, then you probably haven’t followed the advice to move to a password manager. So what’s the alternative?
Well, as you may well know, I’m a big fan of done is better than perfect, even when it comes to Cybersecurity, and any improvement is a step in the right direction. Many people use insecure passwords, or they use the same password across multiple sites, which is a big no no. It is possible to create a complex and difficult to crack password by creating random phrases. An example of this would be four random words that are memorable, or a sentence that means something to you with capitals and numbers.
Oh, and trust me, when you do finally take the leap and move to a password manager and get through the initial adjustment, you’ll never look back. And, thank me later!
2. Out of Office Message
The holiday season can bring out the best in people but unfortunately, it also brings out those who take advantage of the season. As we head off on our time away from the office, many workers are setting up their ‘Out of Office’ replies, but you could be unintentionally giving away information to scammers that you wouldn’t normally give. Do you include your normal signature in your out of office? Do you also include a personal mobile for emergencies or other colleagues details? How much do you include about where you are going and for how long? Each of these things are giving cybercriminals snippets of information allowing them to piece together ways to extract further information that could harm you or the company you work for.
Less is more…
Instead of saying the exact dates you will be away, use broader phrases such as ‘returning in the New Year’ or ‘late December/early January’. Only mention that they can contact you on your mobile but don’t give out the actual number. Provided all these details are in previous email signatures and/or the office number is available through Google or your website, no one maliciously “phishing” for information is going to get it easily.
3. Computer Auto Lock
At this time of year, things are winding down, and people are more relaxed. In fact your boss might even let you head off to a cafe, or the local pub to get out of the office and tie up those loose ends over a cuppa or a few sherberts. The amount of times I see someone working away on their laptop, only to leave it open an unlocked for anyone to see when they duck off to the bathroom, or head to the bar for another drink. It’s easy to set your computer, whether it’s Windows or Mac, or something else, to automatically lock when you’re away from the keyboard for a set amount of time.
4. Software Updates
Have you ever been working or surfing away on the web, and you get those pesky pop-up reminders to do a software update? Annoying right? I mean, how dare the software company force me to update. It’s probably going to break something or remove or change a feature that you’ve grown used to.
While this is all true, the most important reason to ensure you stay on top of your updates, is that they often fix security flaws or exploits in the software.
You may not like change, but I’m sure you’ll it won’t hold a candle to having your files encrypted with a virus where you have to pay a ransom to get them back. Software updates or patching can prevent up to 90% of many of these exploits.
5. When in doubt, call.
We’ve all seen them. Emails and text messages purporting to be from a trusted supplier or financial institution that we use.
If you click on the link to update your details, check the status of your package, approve a transfer you have received etc, they are commonly after one of two things. Either they want to steal your credentials, by redirecting you to a legitimate-looking site where you enter in your username and password, or they redirect you to a dodgy website that installs something malicious on your computer.
There are ways to check whether the email or SMS are legitimate, but they are getting cleverer and there’s always a chance you might get fooled.
The best thing to do is pick up the phone and ask the sender if it’s legitimate or log on to the website of your bank, insurance or service provider and see if the email you got actually came from them. Often they have a scam warning like ‘we will never request account details via email’ or warnings about dodgy emails.
If in doubt, don’t open the link, call the relevant company yourself and ask if they needed you to update your account or whatever the hacker sends you.
Hopefully, these 5 tips will keep you safer during the holiday season and throughout 2020. Even if you just implement one or two of them, you’re already on your way to improving your cybersafety, so you can head into 2020 with that little bit less worry, stress, or risk