Cybersecurity Checklist: 7 Things To Do Right Now
Since the lockdowns began, scams, phishing attempts, ransomware, and other cybersecurity-related threats have exploded.
Speaking to the Senate Judiciary Committee on June 9th, an FBI spokesperson stated the following:
“As of May 28, 2020, the Internet Crime Complaint Center (IC3) received nearly the same amount of complaints in 2020 (about 320,000) as they had for the entirety of 2019 (about 400,000). Approximately 75% of these complaints are frauds and swindles, presenting a challenge for the FBI’s criminal program given the sheer volume of submissions.”
Here’s something most people don’t know: the overwhelming majority of cyberattacks don’t succeed because of an attacker’s supreme method of hacking. Rather, they happen because of a victim’s lack of proper vigilance.
Often times this means failing to install a routine software patch, using weak passwords, or falling victim to a phishing attempt.
For more on the various causes of breaches and how often each type occurs, see this excellent post on the Station X Cybersecurity Blog: https://www.stationx.net/leading-causes-of-breaches-revealed/.
Fortunately, it doesn’t take a lot of know-how to protect yourself from many of these attacks that have become successful all too often.
Here are seven simple things you can do today in an effort to shore up your security at home.
1) Enable Auto-Updates
This one is simple. Set your devices to install updates automatically. That way, you will be less likely to be caught off guard by any zero-day exploits (vulnerabilities that have just been discovered recently).
While the above mentioned StationX post reveals that only about 1/20 exploits involve these kinds of vulnerabilities, it's still an important point to consider. Neglecting a small thing like this could be the downfall of an individual or organization.
2) Secure Your Network
When it comes to network security, the basics include having a firewall at the device level as well as a firewall at the network level.
[Photo by Misha Feshchak on Unsplash]
The network-level will be on your home router, which likely has a firewall already installed. Some routers also allow for custom firmware to be installed, which would be something for advanced users to consider. There are also device-level firewalls.
On PC, the firewall provided by Windows works pretty well and has a fair level of customizability built-in.
On Mac, however, there is no real firewall that comes with Mac OSx. There’s just a button that allows you to block all inbound connections with a click (which you should, of course, use. This inbound connection blocker is turned off by default, for some strange reason that Apple has yet to explain).
Mac users will do well to use third-party firewall software. I won’t go into detail here, but Murus and Little Snitch are two good options to consider.
3) Use a Password Manager
Using a password manager makes it easy to have strong and unique passwords across all of your online accounts.
When it comes to password strength, the length is what matters most. Password cracking software can make quick work of short passwords, even if they are complex.
14 characters should be a bare minimum for any password. If the platform allows it, go for the maximum length allowed by your password manager.
[Photo by Jason Dent on Unsplash]
This might be 25 characters or more. Passwords of this length would take many years for modern password cracking software to crack.
The most important password will be the one used for your password manager. Losing this password will mean all the rest of your passwords have been lost forever, since it's stored in an encrypted manner and can't be recovered.
This password must be written down on paper and kept in a safe place. Using a phrase, e.g., "this password is the most secure one," along with a few numbers and special characters, ensures security while being easier to remember and type.
4) Enable Detection Methods
Canary tokens allow you to be alerted when someone has gained access to one of your files.
All you have to do is create the token file, give it an enticing name (like “master password backup”), and place it somewhere on your device. If the file is opened, you will receive a notification email.
The ideal scenario is to never have anyone allowed into your system in the first place, of course.
But if the unthinkable happens, it’s far better to be knowledgeable of the fact you’ve been breached than to be left in the dark. Then you can take steps to prevent further damage.
5) Get Network Scanning Software
Having the ability to scan your network is crucial, as it allows you to see what’s happening. If an unrecognized device is active on your network, you may have a potentially serious problem.
[Photo by Kevin Ku on Unsplash]
Fing, for example, is an app that lets users scan their network on mobile. This will reveal all devices currently connected to the network.
More advanced users can even go the extra mile and use Wireshark, which filters through network packets, showing each piece of information being exchanged by your device.
6) Compartmentalize and Isolate
Isolation creates additional security by providing a sort of fail-safe. If someone does compromise one part of your system, they won't be able to get into the other parts (or will at least have a much more difficult time doing so) if the compromised part has been isolated.
Compartmentalization and isolation can be implemented in a variety of ways.
One of the simplest ways might be using different browsers for different functions. For example, using Chrome for your financial needs, Safari for work, and Brave for everything else (these are just random examples). There are also techniques used for sandboxing within the same browser, which won't be covered here.
Physical isolation is the simplest – this refers to hosting different data on different devices. Some companies demand that their employees use a specific laptop for work purposes, for example.
More advanced users may want to consider measures such as isolating devices on the same network so malware can’t jump from one device to another and using virtual machines to create additional isolation inside of an operating system.
7) Don’t Forget Your Smartphone
For many people, their phone can be one of their biggest vulnerabilities.
I recently discovered an app called iVerify that has a terrific checklist of simple actions you can take to make your iPhone more secure.
[Photo by NeONBRAND on Unsplash]
Sorry Droid users, there may not be an alternative for you just yet.
Some of the simplest things to do involve turning off your Bluetooth and wi-fi when not in use, preventing apps from refreshing in the background (this causes them to leak data), using a VPN on public networks, and turning on as many privacy settings as possible (e.g., preventing ad-tracking).
Security vs. Usability
In the end, all of this involves a trade-off between usability and security. The most secure way to lock down your phone, tablet, or laptop, for example, would be to set it on airplane mode, place it inside a faraday cage, and then place that inside a safe. Of course, this makes the device totally unusable.
Finding a middle ground is often the best option. Depending on your needs and perceived threat level, you may want to take many steps related to security during these times, or you may not feel the need to do much of anything at all.
As a bare minimum, everyone should educate themselves on what a phishing attempt looks like and how to avoid falling victim to such a thing.
I share status updates on LinkedIn regularly exposing fake profiles that try to get information or money from people. Connect with and follow me to see those and more.
[Disclaimer: the author is not a certified cybersecurity expert and shall not be held liable for any results that readers take or fail or take based on the statements made in this article.]