Increasingly, we live our lives in a digital world. Phishing through online impersonations has become rampant, making that digital world increasingly more difficult to navigate. However, there’s a misnomer that you have to be a security expert to be able to keep yourself safe online, which isn’t necessarily the case. For the Average Joe or Jane, there’s just not time to dedicate to threat hunting, especially when you’re not sure where the threats are coming from. So, you trust companies you interact with to keep your data safe, and when a breach occurs you change your password and move on. Unfortunately, that’s not enough, especially when it comes to keeping your business safe as a remote or hybrid worker.
To help you stay safe online, we’ve compiled these six simple cybersecurity tips that should be studied seriously by anyone who uses the internet (that’s you!) to #BeCyberSmart. Make sure to share these tips as part of National Cybersecurity Awareness Month!
1. Check for breaches and data leaks
Let’s say you accidentally clicked on a phishing link (it happens to the best of us). Now, your data has been breached and is for sale somewhere. How do you check for that? You can start by searching your email address on haveibeenpwned.com, which will help you find information that has been leaked from some of the biggest hacks to date. While this site does not cover every leak, it should give you some insight into just how big of a risk cybersecurity is to our ever-connected society. If you do not show up on this site now, be wary that the next breach could have already happened, and you don’t even know about it yet.
You can also use breach protection and response software to proactively monitor the surface and dark web for your information. This can be useful for both individuals and businesses alike.
2. Enable Multi-Factor Authentication
Multi-factor authentication, also known as MFA or 2FA (two-factor authentication), is a security practice in which a user adds an additional layer or security to any login credentials. By enabling MFA, you require not only a password and username when logging in, but additional verification that you, and only you, have. Generally this is a randomly generated key that is sent through your mobile device. This key resets every thirty seconds or so.
This type of authentication is also referred to as a “Time-based One-time Password Algorithm (TOTP)”. Woah, acronyms – sound overwhelming and intense? It’s really nothing to be scared of.
Perhaps you have seen something like this key fob on some IT experts’ belts, which is an example of a physical MFA process. Or maybe you have seen the Google Authenticator app, which can be used for a more secure login process anywhere you take your phone. It doesn’t matter which type of MFA or 2FA you prefer, just that you use it. At the end of the day, all your logins, from email to bank to social will be exponentially harder to hack when you use MFA. Additionally, it will become increasingly apparent that a link is not legit when it does not ask for your MFA instructions.
3. Deploy password managers
Here is where our cybersecurity tips get simple: find a password manager. In the age of constant connectivity and login after login (both personal and professional), a password manager is crucial in establishing a secure digital life. Password reuse is a huge big problem, and one stolen password often means the attacker can access a slew of different accounts.
There are a variety of password managers available, but there are three that stand out from the rest: Dashlane, LastPass and 1Password. You may also opt to use the password manager in your browser, like Google Chrome.
4. Reset ye olde passwordes!
Login credentials are often found for sale in dark web forums. Changing your passwords frequently is a simple protection you can take against credential theft and sale.
While not using “123456” or “password” as your password seems like obvious advice, you may be surprised that up until 2011 about 9% of all passwords were either one of those two. Fast forward to 2022 and those two only account for less than 1% (whew!). This decrease in bad passwords should not be a moment for celebration, but we believe that the 1% or less that still use bad passwords are still too many.
When you create a new account, you are often required to use a CAPITAL letter or some sp3cia! ch4ract3r; these are just band-aids to a potential security compromise. For example, you might think your password is cryptic, with your child’s name and your wedding anniversary spelled using special characters, but threat actors who have already gained access to your information are able to figure that out. Using a complex password that isn’t connected to the names of family members, pets, or hobbies, through a password manager that requires MFA is your best bet.
Remember, reusing passwords is a big no-no, and you should be sure to keep all your passwords to yourself.
5. Update privacy settings
Social media and other platforms constantly push updates to their privacy settings, and many of these aren’t communicated to users. So how do you know your privacy settings are up to date?
We recommend downloading the AVG plug-in for starters. This will give you basic protection while surfing the web. Second, spend some time looking through your social media settings. Are you sure you’re comfortable sharing everything you post? What is public? What is visible only to connections? These settings are always changing so being up to date on these changes can be the difference between that old embarrassing photo being public, or not.
We have a few more tips you can read in our social media best practices post. But, as a general rule of thumb, make sure you know what is visible and to whom on every platform (even business platforms like LinkedIn). This can prevent you from inadvertently sharing something with your network that might make you a target for phishing attacks.
6. Curate your connections
If you’ve been on social media for a long time, there’s a solid chance you have “friends” or followers with whom you rarely, or never, interact with. These followers might seem harmless, but if one was a bad actor who’s watching your moves online, it can be a big risk – especially when scammers are trying to figure out who would be most likely to click a phishing link.
Cleaning out “friends,” followers, connections and more can take some serious time. While having the most connections may seem like a popularity contest, it is also a huge liability to both your personal and professional life. The more connections you have, the more potential ways for a fraudulent or compromised account to send you a malicious link, or even for an impersonator to trick you into romance scams. Remember that while these networks are social in nature, that does not mean that they are particularly safe. Take some time to clean up your friends and followers list and make sure that only legitimate connections are able to interact with you online.
Follow ZeroFox for more tips
The best defense is vigilance. If it smells phishy, it probably is. But beyond that nugget of wisdom, the best defense against cyber threats is a good offense. This applies in both your personal and professional life. Subscribe to the ZeroFox blog to get more practical cybersecurity tips delivered to your inbox.
You can also learn more about modern threats in our new whitepaper, the Guide to External Cybersecurity. Get your copy here!
Tags: Cyber Trends