How to Stay Cyber Safe and Secure this Holiday Season
Credit: Vasin Lee/Shutterstock

How to Stay Cyber Safe and Secure this Holiday Season

A Few Practical Steps to Cyber Safe Success

I know most of you probably want to hear a refresher on cybersecurity and privacy about as much as you want to hear that you’re a close contact the day before Christmas. And let’s not beat around the bush…… wherever you are around the world, 2021 has been a long, drawn out, weary and uncertain year. Not just because of Covid. Not just because of supply chain issues, shortages of Adblue (which interestingly is made out of urine), being on mute on your video calls for the second year running, the never-ending list of cyber breaches and vulnerabilities being discovered, La Ni?a, being an England supporter and watching the Ashes or watching the Euro's…..the list goes on.

However, criminals never sleep. Especially not cybercriminals who operate in every time zone on the planet. I also know many of you are taking time off over Christmas and New Year. So, as a public service, I’m going to put a list together of things that you as an individual should consider doing in a morning or an afternoon over the holiday season to help you stay cyber safe in the year ahead.

Here we go.

Step 1: Backup Your Data

I know that you are going to tell me that you already backup your data. Sure. However, a complete and readily accessible backup of your data remains the gold standard in safeguarding yourself against ransomware. This means that you really REALLY need to think about implementing the 3-2-1 rule of backup – 3 copies of your data, on two different types of medium and one copy being offsite. And you need to check that backup and make sure that its actually happening, that its complete and that can be accessed if needed. And that’s not all:

a.????Are you keeping your backup in the same physical location as your computer? You're going to have a bad time.

b.????Are you keeping your external hard drive plugged into your computer all the time? You're going to have a bad time.

c.????Are you relying solely on OneDrive, iCloud or some another cloud provider as your ‘backup’? Bad time.

I really can’t reiterate enough how essential backing up your data is.

Step 2: Update the Software on ALL Your IT Equipment

‘Oh Tony, I’m a savvy cat and I already update my phone and my computers’ I can hear you say. Great work, you get a pat on the back from me. Now, have you also updated the firmware on your Wi-Fi router recently? Have you updated any access points or repeaters/extenders you are using? Any network switches? Your Smart TV. Your Wi-Fi-connected air conditioner. Your kid’s smart watch. Your tablets. Your wearables. Your Wi-Fi connected clothes dryer? (why!) ….

Now that I have expanded your horizon a bit more, a few more things to consider:

a.????Do you see a popup with a message such as ‘Windows / Mac needs to install an update and restart your computer’ and keep postponing it for the next day and the next day and three months later you still haven’t done so? Please, don’t.

b.????Are you updating the applications (or what the cool kids call ‘apps’) on those devices as well? For example, any apps running on your tablet, or any programs running on your computers? As such, you need to do this and check manually.

c.????Are you updating the BIOS on your desktop and laptop computers? The BIOS is the code which runs your computer at its most basic level. Most people don’t need to tinker with the BIOS but BIOS bugs and vulnerabilities are a major cause of vulnerabilities and a source of cyber breach. Some of the larger vendors (HPE, Dell, Lenovo, Apple etc) provide BIOS update utilities on their product support page. All it takes is a matter of checking, downloading, and updating.

d.????Are you confirming that operating systems updates are occurring? For example, some operating systems may not prompt you to install a major release. Worse still, despite some operating systems claiming to the contrary, many do not automatically update.

e.????What are you doing with devices that haven’t had software updates in a long time, maybe even years? Chances are that device is End of Life. When this happens, you need to think very carefully about whether to retain that product or replace it, as the device will inherently have security risks associated with it. These risk can be managed, but you need to be careful about it. Because if you don’t, and you leave End of Life devices connected, ?this is never a good thing.

Step 3:?Get Rid of Apps You Don’t Use.

Does your iPhone home screen span across 20 scrolls because of all the apps you have installed? Did you know that every single one of those apps represents one or a multitude of vulnerabilities that a cybercriminal can use to access your device? Its best practice to delete any unwanted or unused software from your mobile devices, laptops, desktops, or any other computing device. You’ll also get the added advantage of more free space and (probably) a faster running device as well.

Every six months or so, I go through my devices and delete any app I don’t remember using in recent memory. I recommend the same.

Step 4: Using a Good End Point Protection (EPP) Product is Critical.

In the olden days, what we now call an EPP used to be called an ‘anti-virus’. However, an EPP is far more sophisticated. Most EPP products include a firewall (which looks to keep intruders out), email filtering (to prevent spam malicious attachments to emails from infecting your computer) and nowadays include detection and response functionality (which provides proactive protection and indicators of suspicious activity as well as actual malware).

All devices, including devices such as laptops, desktops, phones, NAS's and anything else with an operating system should have an EPP installed.?Contrary to the baseless myth that keeps being perpetuated, Mac computers (desktops and laptops) need an EPP as much as a Windows machine does.

Which product should you use? Well, products change regularly and my recommendation is to look at product review sites for your best particular need.

Step 5:?Update Your Passwords and Enabling Two Factor Authentication Where Possible.

This section deserves to be an article by itself. However, despite cyber security professionals banging on about passwords for decades now, passwords remain one of the most common ways for cyber criminals to compromise accounts. So, are you still using the same password you cleverly created in first year university??If youre as old as I am, I admire your perseverance. However, you can rest assured that that password is swimming around on some hacker forum tied to your email address and you probably used it?for a bunch of different sites, including some that need things such as credit card details or your date of birth. So, here is an action plan for you to look at this issue and fixing it:

a.????Start off by having a look at the website ‘Have I Been Pwned’ and type in your email address to see if your details come up on any known data breach list. (don’t stress, the website was set up as a tool to help people). Don’t forget to check old email addresses and work email addresses as well. Its very likely that you will find some accounts on here. Simply log in and change the password.

b.????If you have decided on a possible new password, run it through the ‘How Secure is My Password’ site. The site will also provide you a guide on how to best create a password, including through using numbers, letters, characters, a minimum length, and other ideas such as not using personal information or putting a ‘1’ at the end of an existing password followed by an exclamation mark. Recall my clever first year university password? It would take a computer approximately 54 milliseconds to crack today.

c.????If you are wondering, ‘Tony, why can’t I use personal details for my password?’ check out this video.

d.????If you are wondering, ‘Tony, look…. I get that your password has to be complicated, however I think youre talking garbage about the “1” and the exclamation mark!’ check out this video. (fast forward to 2:30). ?

e.????If remembering passwords is hard to do, consider the use of passphrases instead.

f.?????Use a secure, credible, and strong password keeper app to store your passwords. We all need help remembering sometimes. Better still, invest in a notepad and pen and write them all down on hard copy. Keep the notepad in a safe.

g.????Have you ever seen a website asking you to set up ‘multi-factor authentication’ when you log in? Multi-factor authentication (MFA or sometimes called ‘2FA’ for Two Factor Authentication) is a mechanism by which logging in requires two steps. The first ‘factor’ is to use your traditional password (hopefully updated by now!) which consists of something you know. The second ‘factor’ is to use a token, key or PIN number sent to you through an ‘out of band’ pathway. This could be an SMS with a pin number, an email with a key, a phone call with a?sequence of numbers or a pin generated by an authenticator app. You then need to enter these details into the login screen. This represents something you have. Once you provide both, you can login to the service you need. Now, I need to stress that MFA/2FA is not full proof. But its lightyears better than simply using a password, no matter how good that password is.

Step 6:?Check the Privacy Settings on your Social Media Accounts and Carefully Consider Your Approach to Privacy.

Besides LinkedIn, which I use purely for professional reasons across the various capacities and functions which I work within, for a myriad of different privacy and ethical reasons, I flat out refuse to use social media. However, I understand that people like to use social media, like to share their lives stories, and like to stay connected with people, regardless of what people like me say, think or suggest.

So, my recommendations to you are as follows:

a.????Check Your Social Media Privacy Settings. Each platform should provide tools to help you review your privacy settings. A selection of the most popular ones are below:

b.???Assume that whatever you share regardless of your privacy settings will become public. Its very easy for someone who is a ‘friend’ on social media to take a screenshot and then reshare it. Suddenly, its outside of your control.

c.????Don’t share personal details, even if your profile is set to ‘private’. This includes old drivers licences with you sporting a mullet, a boarding pass of your business class fare to L.A., a winning gambling ticket to a horse race or anything that could be of value to anyone else.

And finally, if you love sharing your life away on social media but also happen to be concerned about things such as government surveillance and intrusion into your life, and as such feel the need to deploy a VPN to ‘protect your privacy’, I think that it’s very important that you carefully reconsider your overall approach to privacy. To provide contrast to the hyper-politicised agenda-driven take of the world that’s often seen on different social media platforms today, as a kid growing up in the 80’s, I remember asking my uncle who he voted for in a federal election. He sternly told me that voting is a secret matter and not to be discussed openly. Now, let’s fast forward four decades and I can pretty much figure out how people vote by studying their Facebook profiles for 2-3 minutes (maybe even less). As I remind peers and professionals of all experience levels, privacy is the grandfather to cybersecurity.

Step 7: ‘Trust No One’ Needs to be your Default Position when using the Internet and electronic devices.

What does this mean? Do you remember ‘stranger danger’ as a kid? Well, you need to think the same way when on the Internet. Assume that every link is dodgy until you confirm otherwise. Assume every email is fake unless you confirm its not. Assume that you are being misled, lied to, or deceived unless you can confirm otherwise. In a practical way, this means doing the following:

a.????Learn to type websites into your browser window, rather than relying on links.

b.????Learn to confirm that the website you are visiting is a ‘https’ website and not a ‘http’ website.

c.????Look for the padlock in the address bar to confirm the website has security features built in.

d.????Get into the habit of manually checking the email addresses of emails you receive that you are unsure of.

e.????Do not open attachments in emails unless you know for certain they come from the person who says they come from.

f.?????When being asked to amend bank account details for payments, call the supplier on their official phone number, not the one listed on the email or letter.

g.????Install anti-tracking software into your browser. Its for this reason that I prefer to use Firefox and its suite of comprehensive tracking protection mechanisms.

h.????When paying for products, consider using a secure payment platform such as Paypal instead of using a manual credit card number. The reason for this is that it's going to be far easier to deal with fraudulent transactions via Paypal than it will be to have a new credit card reissued every time, given the sophisticated mechanisms these providers use to validate payments to prevent fraud.

i. When receiving text messages from numbers purporting to be from a parcel service, the ATO or any other source, don't rely on information provided in the message, including links. Visit the purported services official website and log in manually to verify any claims.

I hope all of this comes in handy in protecting you, your loved ones and your family and friends this holiday season.

Any comments, suggestions or corrections are welcome.

Important Note: This article represents the views of Tony Vizza as a cyber security and privacy professional and does not represent the views, opinions or endorsements of any affiliated parties or entities.

要查看或添加评论,请登录

社区洞察

其他会员也浏览了