10 Fundamental Security Measures – Protecting You Personally And In Business
Cyber Security: Top Tips Part 1 | Filter out the noise. Focus on what’s important.
10 FUNDAMENTAL SECURITY MEASURES
PROTECTING YOU PERSONALLY AND IN BUSINESS
1. Don’t be fooledBe wary and sceptical of emails, websites and phone calls. Think before you click. Go to the website directly – Do not click the link. Hover over hyperlinks in emails – most of the time, the real URL behind the hyperlink will then appear on screen. Verify that the start of the URL is going to bring you to the site that you expect. Verify the content of the email directly with the sender (using a phone number you have on file for them).2. BackupsBackup your phone and your computer. If you are a victim of ransomware, having a recent backup of your data will ensure you don’t lose your data and don’t need to pay the ransom. External USB drives are cheap. Just make sure the data is encrypted or the device is stored in a secure location. Pro tip: DropBox etc are not a good backup location, especially if they are always visible and accessible in Windows Explorer. Ransomware will encrypt these files too.3. Account SecurityPasswords need to be complex, frequently changed, not reused or shared. Use password management software to help you – e.g. LastPass, 1Pass. Set up two factor authentication wherever possible (where you receive an SMS message with a security code every time you log in).4. Device Securitya) On your PC, use a standard user account rather than an administrator account. Why? 94% of vulnerabilities patched in Windows in 2016 would not have been a problem for people using standard accounts!b) Set up a PIN / lock screen on all of your devices.c) Encrypt wherever possible.5. Patch RegularlyYes, this advice is old and boring. But it helps! Make sure you download and install software patches frequently. Patches usually address vulnerabilities in software – If you don’t patch, you have the vulnerability. This applies to every operating system and piece of software on your phone or PC. For example, Android, targets.6. Secure with Multiple LayersEnsure you are running layers of security software on your devices. On Windows, we recommend Windows Firewall, Windows Defender, plus anti-virus software(e.g. Kaspersky, Avast), as well as anti-malware software (e.g. MalwareBytes)7. Access the Internet SecurelyUsing WiFi hotspots is convenient but seldom secure. If possible, use your phone’s data allowance to access the web while away from the office or home. While a 3G or 4G network is not inherently secure, hacking the network involves expensive equipment that is beyond the budget or interest of the average hacker. If this is not an option, consider using VPN software on your device to encrypt your internet connection. It will secure your data away from anyone else on the WiFi network.8. Perform Sensitive Business on a Secure DeviceOnly use a well-managed and fully-patched device for sensitive matters (e.g. online banking). If possible, use different devices for general web access, online gaming, video streaming etc. Unfortunately, cyber criminals are also now targeting children as they may be more likely to click on anything that pops up – So try to keep their activity separate too. And needless to say, monitor their activity for their own safety!9. USB keys – Treat them like your ToothbrushOnly use a USB key if it’s yours, you know where it’s been and you know it’s clean!10. Discuss Sensitive Business over a Secure ChannelEmail is not secure. It is easy for an unauthorized party to read and change your emails. Password-protected MS Office documents are slightly better but still easily cracked. Putting files into an encrypted zip file (using WinZip or 7 Zip) is secure but not always convenient. But if the matter is sensitive, secure is better than convenient.
Prepared by: Sam Glynn, Code In Motion Ltd for Kildare Chamber of Commerce
Sam Glynn holds a Professional Certificate in Data Protection with the Association of Compliance Officers in Ireland (ACOI), accredited through the Institute of Banking and UCD and is a designated member of the Association of Compliance Officers and a member of the International Association of Privacy Practitioners (IAPP). For more about Sam Glynn visit Code In Motion Ltd