How do you keep your digital life secure from hackers and scammers? Doing the basics goes a long way in protecting your personal data and safeguarding your accounts from thieves. Hackers and social engineers prey on the weak and building up a little bit of cyber resiliency is often enough to thwart their plans and force them to move on to a different (and easier) target.
Here are some tips for protecting your personal data:
1. Always be on the lookout for hackers
The first step in staying safe is situational awareness. Be cautious and suspicious of all emails, text messages, phone calls, and other forms of communication. Hackers and scammers have tons of tricks to make themselves sound legitimate. Naming all the different ways they can try to bamboozle you would take years. However, most of their tricks often use fear, uncertainty, and doubt to get you to do something urgently that could compromise the security of your devices, accounts, or wallet.
An example of a hacker using urgency to steal your personal information could include getting an email or phone call from what seems to be your bank asking you to confirm your identity. Maybe your bank is calling you to alert you of a suspicious charge to your account? Instead of talking with a potential scammer pretending to be your bank, hang up and call the bank’s customer service helpline using the phone number found on your paper statement. You could also go directly to your bank’s website and find their phone number there. Don’t use the potentially fake contact information the caller gives you.
You should also be on the lookout for suspicious hyperlinks found in emails. As an example, if your bank emails you saying someone transferred money out of your account without your authorization, don’t click on the links in the email. Instead, go directly to your bank’s website shown on your bank statement. That way they can’t trick you into going to a fake website to infect your computer with malware or steal your credentials and information. In the same sense, hackers can also send you text messages pretending to be your bank. These legitimate-looking text messages are just disguised requests to try to steal your money. Text messages can also contain links to malicious websites. As the saying goes: “Don’t trust everything you see and hear.”
Slow down and take the extra steps of always double checking. Spending an extra couple minutes of time can save you from having to clean up a huge mess if you were to fall victim to a hacker or social engineering attack.
2. Don’t Use the Same Password Everywhere
Shockingly 81percent of data breaches involve the use of poorly secured passwords. The average person has around 70-80 personal credentials to websites, accounts, and devices. At work, that number jumps up to around 191 business accounts. That’s a lot to remember! Because of the large quantity of sites, it is impossible to memorize a secure password for each one of them; hackers know to attack this weakness in your cyber defenses.
If you use the same password for all or most of your accounts, you are opening yourself to a very common attack called “credential stuffing.” Hackers will collect the passwords found in past data breaches, and they will conduct large scale automated login attempts to gain access to your other accounts and services that are using the same or similar passwords. Let’s say you use the same password for your LinkedIn account and your email. Hackers have compromised LinkedIn in a past data breach and stolen your LinkedIn password. They will attempt to login to your email account with that same password. Once inside your email account, they will conduct a “password recovery attack” on your banking account’s website. Since your email is listed as a valid password recovery email address with your bank, they will then get access to your bank account because they have access to your email account. With access to your bank account, they can then steal your money.
What is the solution? Start using a password vault to collect and protect all your secure passwords. All your passwords should be unique, randomly generated, and long (18+ characters). This will help prevent the myriad of different ways hackers can guess and crack your password. Check out LastPass.com or 1password.com for free, secure, and easy solutions to this problem.
3. Use Mulitfactor Authentication Everywhere
This security control is sometimes called Two-Factor Authentication (2FA), and it can really enhance your defense against hackers. Historically, when you login to your bank you are asked for only your username and password. If you enter this correctly you are given access. This is called “1 factor authentication” as you are only supplying the bank a single “factor” when logging in. A username and password is “something you know” which hackers can guess or steal easily. When your bank demands multiple forms of identification before giving you access, it adds additional security to your account.
The additional factor can come in different types. The most common type is a 6-digit code text being messaged to your phone or displayed in an app on your smartphone. As your phone app is “something you have,” this is your second form of ID. This security technology has increased over the last several years. However, not enough people are enabling this powerful defense.
An audit of all your accounts should be done in order to make sure they all have 2FA enabled, including your password vault, email, social media accounts, banking, and investment sites. Google conducted a yearlong study and found that using 2FA helped prevent 100% of automated bot attacks, 99% of bulk phishing attacks, and 90% of targeted phishing attacks.
4. Quickly Update All Your Software All the Time
Hackers love leveraging security vulnerabilities found in the software programs loaded on your devices such as Adobe Acrobat Reader, Java, Microsoft Office, Chrome, and Firefox. They also attack security holes found in the operating system that your device uses such as Windows 10, Mac OS X, Apple iOS, and Google Android. A security vulnerability abused by a hacker in one of these programs means they could remotely attack your computer across the Internet and take full control of your device without you having to even touch anything. They would then be able to do anything that you can do on the computer, including accessing your sensitive files and accounts.
The cure for this common attack is to keep all your software and your operating system running the latest updated version that is available by the company who makes it. Make sure to enable automatic updates where possible so that it applies them right away when they are released. Verify that the programs on your devices are still being supported and maintained by the developers that made them. If they aren’t being supported, uninstall them. Be sure to remove unused applications to reduce your attack surface.
5. Be careful sharing information online
Hackers’ and social engineers’ favorite weapon is information. This is information about you, what you are doing, where you are going, your interests, what you like to eat, who your family members and friends are, and what events are happening in your life right now. Hackers can use information that you share online to attack you at home. For example, updating Facebook saying you and your family are going on a two-week vacation to Hawaii could be a disastrous choice. Thieves have been known to use information like this to plan which homes they are going to rob or launch a highly targeted phishing campaign when you arrive in Hawaii. They could call you pretending to be your bank saying that all your bank accounts have been frozen due to “a criminal using your credit card in Hawaii.” Hackers will use this opportunity and information about your vacation to leverage a convincing story to get you to divulge information you normally wouldn’t.
The solution to this area of attack is easy. Eliminate as much information sharing as you can about your personal and business life. Don’t post information to the public and social media. Don’t over share. You never know who is listening, watching, or planning an attack.
These five steps can have great benefits to keeping your personal digital life secure. The key is constant vigilance. While none of the above tips are a silver bullet to keeping the bad guys out of your life, they are a good start. If you practice these same security tips at the workplace, you also make your company much more resilient to hackers.
Kevin joined WIN Technology in 2009 and is currently responsible for establishing and maintaining the company wide information security programs at WIN, which includes security operations, incident response, vulnerability management, identity management, network security, server security, cloud security, disaster recovery, risk management, security policies & procedures, red team efforts (offensive attack simulation), blue team efforts (defensive monitoring and mitigation efforts), governance and compliance. He holds 9 cyber security certifications from the SANS / GIAC. The certifications are: GXPN, GPEN, GCDA, GCED, GCIH, GPYC, GWAPT, GDAT, GAWN.