Cybersecurity Awareness Primer – Rated E for Everyone
Raise your Cybersecurity posture and Safeguard your home IT perimeter
It is a fact that continuous Information Technology (IT) security awareness reinforcement goes a long way towards keeping our personal data secure. In the end, it is in the individual’s best interest to safeguard his or her personal data.
Regulations, such as EU’s GDPR (General Data Protection Regulation), are put in place to protect data privacy for individuals - to have more control over their personal data, what is shared and how it is used.
Data Threats and IT Vulnerabilities are everywhere; the overlapping area between the two is called Risk - the attack surface that you will want to keep to an absolute minimum. In this article, I will cover some of the lowest hanging fruits that are easy to do something about and be mindful of, without much effort.
The term Spoofing is used in IT speak for intentionally appearing to be something it isn’t – this technique can, for example, be used to trick your system to connect to a false Wi-Fi access point, or an email appearing to be from someone it isn’t. There are several ways and useful utilities to lower the probability of this happening, and as usual, the most efficient safeguard is raising security awareness for the individual users.
So-called Social Engineering is a technique used to trick people into disclosing personal and other sensitive information that shouldn’t be shared – avoid ever disclosing any such information over the phone!
Be careful when you connect for example memory sticks to your computer’s USB – there have been cases where individuals with ill intent have infected such devices with malware, and then slipped them into the sales bins at various stores. Here is an example of USB’s shipped from IBM being infected with malware and this sort of incidents happens all the time, so the common thread pops up again – be mindful and perform due care:
Also be aware of downloading and using software tools and utilities, including seemingly legitimate ones that you have paid for – perform a Google search to find out the latest in case the software has been compromised somehow.
Important – take some time to plan a backup scheme for your personal computer, set a schedule and keep to it. There is a lot of information on the web of different methods and guidelines how this can be done. Once in a while – perform a test restore to validate the backups. This is not hard to do and it will potentially save you a lot of headache and time should you ever need to recover your data!
Personally I always power off computers and other Wi-Fi connected hardware such as printers when they’re unused and unattended, and use a separate browser (Firefox for example) only for banking and other sensitive data sessions - in this browser especially I make sure to have as few as possible extensions, plug-ins, and add-ons and limit the use of cookies through white-listing trusted sites…
…which is a nice segue into my list of Eight Easy Safeguards for your home data environment, which follows below! Please note that this isn’t meant to be a comprehensive list whatsoever, but a good starting baseline to implement.
1. Keep your systems up-to-date – apply firmware updates, patches and service packs on all devices connected to your network, turn on auto-update on Windows, and don’t forget to check your browsers as well for updates (in Chrome for example – Help About). Remember to keep smart and IoT (Internet of Things) devices updated as well – including your kids’ smartphones!
2. Use a Passphrase as a Password - use a phrase that is easy for you to remember, one that doesn’t have to do with your immediate family and have an easy to remember method to format it into a password that involves uppercase, special characters, and numbers.
3. Family IT Security Awareness - To keep your home IT perimeter safe, you need to talk about it in the family, so everyone is aware. Cybersecurity is a team sport, and only as strong as its weakest link.
4. Use Antivirus and keep it updated – there are many good ones at varying prices. What is called Antivirus these days usually does so much more than what the name implies. Some have features that can monitor your Wi-Fi (so rogue access points can be detected), keep software and hardware drivers up-to-date, etc. Key here, obviously, is to keep the software and virus signature database up-to-date.
5. Don’t fall for email scams – I have seen spam filters continuously getting more and more sophisticated, but so obviously has the scammers! It is very easy to avoid but continues to be one of the biggest root causes of successful data breaches. If email users only took a few seconds, knowing what to check it would have a huge positive impact! ‘Have I Been Pwned’ is a website where anyone can lookup data breaches – here is a link to Wikipedia for more info:
Below is a typical phishing email that I received and is pretty well made, supposedly coming from PayPal. Rule number one – never click on links in an email. This is the way that malware can potentially infect your data system, and render it wide open for outside access and data breach. If you receive an email from any of the sites where you have an account, don’t click links inside the email! Instead go to the website in question, log in to your account and look to see if the message or notification is in there.
A quick review of below example makes it obvious that this is a scam email – the sender of the email has a @mail.com address, and not an official PayPal one.
When you receive an email that seems legitimate, always do a quick check and look for obvious signs which would give it away as a scam email. For instance - senders email address, spelling errors, format, context, and overall content.
6. Buy secure hardware from known brands, even if it costs more – the alternative is potentially much more expensive. Choose a brand that has been around for some time - that will maintain support and release firmware updates. Select a model which supports the latest and greatest security protocols and controls.
7. Monitor your network for rogue devices, especially the Wi-Fi. There are several utilities that make it easy to scan your local Wi-Fi for rogue access points and such (‘Wireless Network Watcher’ for instance). For example, I have a habit to turn on our Guest Wi-Fi only while we actually have guests in our home.
8. As much as possible, avoid connecting to Wi-Fi outside your home or otherwise known environs. When you connect to unknown Wi-Fi spots - avoid doing anything online involving your personal and sensitive data. To keep data more secure in such cases, you can utilize a VPN (Virtual Private Network) connection which will keep your session encrypted and private over public networks. You may want to consider a VPN service for this reason – there are many good ones available.
When browsing the web in general, it is a good idea to be aware if the connection to the web page is secure or not – HTTPS (Hypertext Transfer Protocol Secure) is a secure connection that should be supported on all servers nowadays. When you are on a web page you can verify in the browser’s address field that the connection is secure as per the image below (the ‘Secure’ indicator with a lock symbol), click on ‘Secure’ to look up more details (to check the certificate etc.).
There are plugins that can be added to the various browsers, to always ensure HTTPS connection – I use for example the ‘HTTPS Everywhere’ extension in my Chrome browser.
In Conclusion
There is much to be added to this, and what is mentioned above is of course just the very tip of the iceberg – the above pointers are just meant to be some relatively easy measures for you to be mindful of in order to keep your data more secure.
In the end, a big part of keeping your data secure is about being consistently mindful in your everyday interaction with the ever-expanding and evolving World Wide Web.
On another note - please join my newly started LinkedIn Group if you’re interested in Cybersecurity and IT Security in general – and let’s start a conversation!
IT SPoKE - IT Security | Cybersecurity | PM | Knowledge HUB
Mats Nygren
CISSP, CCNA Security, CCDA, PMP, ITIL
mats.h.nygren@it-spoke.com