When you consider a list of your most valuable assets — the items that you value the most and have taken steps to ensure and protect — you’re probably thinking of a piece of art or a family antique, cherished jewelry, and, of course, your loved ones.
What are you doing to protect the less visible assets that are both valuable to you and to others — those with self-serving and malicious intent?
I’m talking about data. Hackers who steal private information only succeed because the owners of this information didn’t value it enough to protect it. The lesson here is that you need to be thinking about what others value, not just about what you value, and protect accordingly.
Today’s IT systems, if managed by trained and well-resourced individuals, provide a good defense against data thieves. So good, in fact, that hackers frustrated by these defenses use phishing strategies to convince individuals to simply give them access to the data. A common hacking technique, phishing, involves an adversary crafting an email, text message, or social media message that is written to compel the recipient to click a hyperlink or open an attachment. The next step typically involves you entering your authentication details to access a bank account, email account, social media account, or other online services. The part of human nature that compels us to click and open anything sent our way has made phishing the most widely used technique to get people to give up their access credentials.
There are a few actions you can take to help ensure that you, your business, and your family members are not easy targets.
- Stop reusing passwords. I know, this a challenging request. We’re expected to log in to multiple websites every day, with each one requiring you to authenticate yourself with a username and password. To save you from having to remember hundreds of username and password combinations, use a reputable password manager.
- Enable multi-factor authentication (also called strong authentication or two-factor authentication) on all accounts that accept it. Essentially, this is a step beyond the username/password combination. The multi-factor aspect can be a text message sent to your phone, an email sent to the address you have on file with a service provider, a challenge request from an authenticator app (such as DUO or Google Authenticator), a voice call to a phone number on record or some other way to verify that you are actually the one trying to gain access to your account. Another strong option is to use your fingerprint as your means of access, which you can do with an increasing number of apps.
- Verify that the person or organization that sends you an email, text, or social media message with a link or attachment to click is the real sender. You can call them or go directly to their website—don’t click the link and assume that the website it takes you to is authentic. For example, if you receive an email from your bank or email provider asking you to reset or verify your password, open a new browser page and type the main service provider site address yourself and then log in to see if indeed they need you to take any action. One general caveat: Most reputable businesses and organizations don’t send you emails requesting you to reset your password unless you’ve already told them that you’ve forgotten it. So if you receive such an email, chances are good that it’s a fake
- Update everything. It is important for you to update all devices and software on a regular basis and when notified by the manufacturer or creator. Anytime an update (often called a patch) is available, a fix was made to a known problem with that device or software. Perhaps there is a way for someone to remove all the information from a computer or device. Or maybe there is a way for someone to remotely turn on the video camera on your device and take inappropriate videos.
- Protect yourself from viruses. Install (and keep updated) an anti-virus product. Antivirus products can protect you from certain attacks. And yes, even Mac computers should have anti-virus software too.
- Backup your data. Data is the most important aspect of your computer. Computer hardware can fail, data can be corrupted by a virus, computers can be lost, stolen, or destroyed. You can – and should – make wise choices to prevent any of this from happening. But it’s equally wise to regularly use data backup software that can help protect and restore your data when something goes wrong.
- Beware of public WiFi. Free public wireless networks lack strong security protections, making it easy for hackers to capture passwords and gain access to your credit card and bank account information as you shop or conduct other financial transactions online. Experts advise that it’s ok to use free WiFi to watch a video or read the news, check the weather or traffic conditions, or check on an airline flight to see if it’s on time. But don’t use it for anything requiring a log-in.
Be aware, stay vigilant, and fight your basic instinct to click and open anything sent to you. Make these changes, and you will enhance the security posture of your family, your business, and your data.
Savvy Cyber Kids educates and empowers digital citizens, from parents and grandparents to teachers and students. Sign up for their free resources to help you navigate today’s digital world with cyber ethics.