5 easy cybersecurity principles to protect you

This article is for any individuals, irrespective of their IT skills or knowledge, who want to know minimal cybersecurity principles on how to protect their data and reputation online.

To start with, it was difficult to pick up only five principles. I could have decided to put an unlimited and endless list but actually those are the key preventive measares you must consider as individual user when you browse online either at work or for your private usage.

1. Think before you post, before you share, before you click, before you comment

This sounds so obvious that I should not mentioned it, but believe me, many people (either at work or when browsing online for personal reasons) still do not apply this simple rule. Just understand, any action you do online is tracked, checked, recorded somewhere. Think about your :

• Digital reputation and the image you promote of you: each of us have a digital identity and we are ultimately accountable for. Be very careful of impersonation threat (essentially some pretending to be you and approaching someone else to get a benefit, usually money). See What is impersonation in cyber security? (psichologyanswers.com)
• Digital reputation and image for your kids and loved ones: I see so many people posting literally pictures of their kids first walk, first eat, playing, etc.... but just put off your mobile phone for a sec and ask yourself: Did I ask my 4 years old kid if he wanted to be on Facebook ? When he grows up, could this post affect him in any ways negatively ? Is it so important to share with all your 'friends' on Facebook this memory ? Wouldn't you just prefer to share it with family and close friends ? etc.
• When you comment on a post your views or opinions, think about the reactions it could led too. It can be positive or reactive. I am not saying you should not be authentic online and play a role. All I am saying is that, all your comments and reactions could be used against you and put you in a difficult situation. Fortunately, we still live a place where freedom of opinion is a liberty and being in democratic system allow us to do that. But there are proper platform and ways to do it. Certainly online is not the best, in my opinion.
• When you browse, just think this : "All I do now is tracked and can be use against me or my loved ones"

At work, you should have been informed or even trained, to apply such rules. It is very dependent on industry. A smart boss wouldn't mind that you do promotion of its business on social media, but it has to be done in a proper way and aligned with companies policies. When you you receive a suspicious email (outside of your organising asking you to click on a link to redeem a price you have one, like travel ticket), just take out your hands from your keyboards and mouse for 10 seconds, read it at least three time....and then decide what to do. It might be legitimate. It might not. If any doubt, always assume it is not legitimate. You will never be blame to trigger false postive cases. The weakest link in any organisations, irrespective of size, industry, location, amount of data held, is and will remain the people not the technology.

As a business leader, train properly your staff and bring awareness of cybersecurity issues not just once a year but on a regular basis. Why ? Because

• Threat and vulnerabilities evolves over time...and they evolve very fast. The control protection you might have implemented 6 months ago (like a Two-Factor authentication, when logging in to your Virtual Environment) could be no longer sufficient
• Most valuable assets are your data and your people. No data + No People = No business. As simple as that. So invest on that, either internally or ask for external support in specific area (i.e. Doing a Vulnerability Assessment)
• New regulations and rule emerge and it is your responsibility to stay up to date and compliant.
• Even if you have all best technology, tools and processes in place, the people aspect is what will make the difference between success and failure of your business in this area
• Your staff, if engaged will raise new threats and vulnerabilities that you didn't think about it. Make them part of the process. Work as a whole team together. Practice and Practice over again. Send test phishing emails to see how people react. Exercising is the best and only way to improve. Just attending a trainings with no action plan is a complete waste of time and money.

2. Get an antivirus, do regular scans, auto update

Again you read this and might be surprised. But again I am telling you still many people don't see the value in investing in an anti-virus. Your machine needs exactly the same as your body: protection. For your body, we have vaccines and doctors. For machines, we have anti-virus. You don't need to pay a fortune to have a good one. Just the have the basics from a provider like McAfee, AVG, Avast, etc is sufficient. Check out this list Best Antivirus Software (2022) - Top 10 Best Free Antivirus Review (antivirussoftwareguide.com)

Do not expect the web to be kind with you. Expect the unexpected and be always in alert. Obviously once you have installed, configure it based on your needs and take appropriate actions. One easy task you should do at regular interval is to clean your browsing history, cache, etc... Essentially try to leave as less as possible trace anywhere you go online.

You must have very good reason not to use an antivirus. Here is an article that gives some 40 Reasons Why You DON'T Need An Antivirus - Emsisoft | Security Blog

3. Apply the concept of 'Need to know' principle in all what you do either in business or personal browsing

"Need to know’ principle is self-explanatory, it means : information is only given to those who can present a good case for knowing about it."

This principle essentially comes in two main few scenarios:

• When registering somewhere: When filling a registration form on any site, just provided the required fields not the optional ones. Do they really need to know your date of birth, postal address, favourite colour or song ?
• When sharing files: Who am I going to send this file to ? Does this person really need to see the whole pages of the document or just an extract of it ? Why this person is requesting this information ? For how long ? For what purpose exactly ? How my files will then be treated once this person has it ? Would it passed to third parties without my consent ? And so on...

4. Stay away from untrusted site and be suspicious

Any easy principle to say, but not so easy to implement considering we are continuously bombarded by offers, spam and so on. How to know if you are on a trusted site or not ? Check this article Is This Website Safe: How You Tell If it Is Legit | SiteLock

Essentially it is pretty easy

• Check the S in HTTP
• Verify contact information
• Trust seal. Do you see an icon with word "Secure" or "Verified"? If so, that's ok
• Check for suspicious popups, defacements or malvertising

5. Keep your critical data (tax, medical, financial, etc...) out of the cloud unless you encrypt them, or better in a separate hard drive

Here we are talking about your critical and high sensitive data. Nowadays the time is gone where we had only our medical, tax or financial records only on paper. My few tips on this

• It is strongly recommended not to leave them in the cloud unless you encrypt them.
• Check as well what you have in your Google Drive, Dropbox, etc.... Those are the data you even don't want anyone, except you, to view. Obviously with medical records, specially now with Covid certificates, ensure to have it all in paper as well.
• Check on your online banking your banks documents (statements, tax certificate, etc...) and ensure your banks protects them properly (Most of them have high level of security in place, so you should not need to worry).
• Always have the paper version of all your diplomas or certificate. Scan them and save them on your local hard drive
• Do regular backup of those in an external hard drive (for example every year)

Note this list is not exhaustive and based on several resources (blogs, books, talks, etc). I hope you find those useful. Please let me know what you think and provide your comments.

Do you need help with your IT project ? Are you feeling stuck with all new security trends and don't where to start ? Do you want to have a diagnostic of your IT processes such as incident, problem or change management ? I can help you with those. Feel free to connect with me to discuss further.

Thanks for taking the time to read this article and happy and safe browsing.