by Ray A. Rothrock
In our increasingly digital world, we are all targets of hackers and fraudsters. To survive, we must use some best practices to ensure our resilience. I use the word resilience rather than security deliberately. Security is about trying to stop the bad guys. Resilience is what you do when one of them—inevitably—gets in. It’s about identifying the problem and neutralizing it, even as you continue to do business. It’s also about recovery, quickly and productively, stronger than ever.
To regain control both in feeling and fact requires that we become resilient in our digital lives. Here’s how.
CHOOSE NOT TO BE SOCIALLY ENGINEERED
Nine out of ten network breaches resulting in data theft begin not with sophisticated technology but with social engineering—the use of deception to manipulate someone into divulging personal or confidential information. Social engineering is a confidence scheme—a con—applied online.
These cons usually come in the form of unsolicited email asking you to take some action that will leave you open to attack. This is called “phishing” when the email is general and “spear phishing” when it has information specific to you. The more specific the information, the easier it is to fall for the con.
Where did the information come from? Most of it came directly from data you posted on social media platforms. Spear phishers stalk through social media in search of such gems.
What to do:
- Think before you post personal information anywhere on the web.
- Be skeptical of any email link or attachment.
- Inspect the email for literacy. Many phishing emails make errors in spelling or grammar.
- Don’t panic. The scarier the message, the more likely the fraud.
DECIDE WHAT’S REALLY IMPORTANT TO YOU – and restrict access to it
All data is not equal. You want your bank account number to be secret, but your street address can be readily available. Businesses have information customers should have access to, but that doesn’t include sensitive client data and personnel files.
Resilience also requires situational awareness—full consciousness of your current environment. Even at home, on your own WiFi network, do you want your guests to have access to all your data? What about your neighbors?
What to do:
- First decide what data you can freely share, what data needs to be more closely held, and what data needs to be essentially secret.
- Protect your WiFi network with a good password to keep unauthorized users out.
- Have a second, guest network without access to your important data.
PRACTICE BEST DIGITAL HYGIENE
Quite often, cyber criminals succeed because some basic – and easy — “digital hygiene” wasn’t followed.
What to do:
- Install and use antivirus/antimalware software as well as a good Internet security suite. It will help, but none is impenetrable.
- Update all software frequently. Hackers try to exploit known security flaws.
- Delete apps you don’t use. Unused programs are potential portals for attack.
- Manage your passwords, they’re your first line of defense. They should be protected and changed frequently. Make your resilient digital life easier and safer by using a good password management tool, which will enable you to use just one master password for everything, while encrypting all your other passwords.
THINK BEYOND THE EDGE
Think beyond the edge of your own network. The security and resilience of your network is only as strong as that of the networks you connect with.
What to do:
- Favor connecting websites that include the more secure HTTPS URL prefix versus the plain old HTTP.
- Take care using public WiFi. While convenient, it’s also a great target for cybercriminals.
- Disable automatic connection to non-preferred networks on all devices you carry with you.
- Never bank, make online purchases, or send sensitive information while using public WiFi.
MAKE PEACE WITH TECHNOLOGY
Don’t despair. You have more opportunities for controlling your digital life than your physical life. You can decide what and who to accept, and what and who to reject online.
Ray A. Rothrock is CEO of RedSeal, a premier cybersecurity analytics platform. RedSeal’s corporate customers span the finance, utility, technology, and retail sectors. Government clients include defense, intelligence, and civilian agencies. Ray is also the author of Digital Resilience: Is Your Company Ready for the Next Cyber Threat?