Chapter 19
IN THIS CHAPTER
Understanding that you’re a target
Protecting yourself using security software
Encrypting, backing up, and more
Not all security improvements require a large outlay of cash. In fact, many of the things you can do to greatly improve your security are free and require little effort. In this chapter, you discover ten ways you can quickly improve your cybersecurity without spending a lot of money.
Internalizing today’s reality will help introduce into you a healthy level of skepticism, as well as impact your attitude and behavior around cybersecurity in numerous other positive ways — many of which you may not even consciously notice.
For example, if you believe that you’re a target of cyberattackers, you’re less likely to blindly trust that emails that you receive from your bank were actually sent by the bank, and as such, you’re less likely to fall prey to phishing scams than are people who believe that they are not targets. You may feel that you already know not to trust such emails, but what if an email were to arrive was from your boss and instruct you to ship a laptop to some address? Or you heard your boss’s voice tell you that you should do so — and didn’t think for a moment about that fact that criminals know how to make targeted deep fakes that can impersonate voices?
People who believe that criminals are after their passwords and PINs are also more likely to better protect these sensitive pieces of data than are people who believe that crooks “have no reason to want” their data.
All computer devices (laptops, phones, tablets, and so on) that house sensitive information or that will be attached to networks with other devices do need security software. Several popular, inexpensive packages include antivirus, firewall, antispam, and other beneficial technologies.
Portable devices should have tracking and remote wipe capabilities and software optimized for mobile systems; remember to enable such features as soon as you get the device. Many phones come with security software preinstalled by providers — make sure you enable and use it.
Store all sensitive data in an encrypted format. If you have doubts as to whether something is sensitive enough to warrant encryption, it probably does, so err on the side of caution and encrypt.
Encryption is built in to many versions of Windows, and plenty of free encryption tools are available as well. It is amazing how much sensitive data that has been compromised could have remained secure if the parties from which it was stolen had used free encryption tools.
Also, never transmit sensitive information unless it is encrypted. Never enter sensitive information to any website if the site is not using TLS encryption (this type of encryption is sometimes called SSL, even though the SSL protocol was replaced by TLS many years ago), as evidenced by the page loading with HTTPS, and not HTTP, a difference easily seen by looking at the URL line of a web browser. Encryption involves complex mathematical algorithms, but you don’t need to know any of the details in order to utilize and benefit from encryption.
Also be aware of the two major families of encryption algorithms that are used today (in addition to the ostensibly “quantum safe” encryption mechanisms that are emerging):
Most simple encryption tools utilize symmetric encryption, and all you need to remember is a password to decrypt your data. Throughout the course of your professional career, however, you may encounter various asymmetric systems that require you to establish both a public key and a private key. The public key is shared with the world, and the private key is kept secret. Asymmetric encryption helps with sending data:
In reality, because asymmetric is processor intensive, it is rarely used for encrypting entire conversations, but rather it is utilized to encrypt special session keys —that is, to convey to the parties to a conversation the keys that they need for symmetric encryption. Subsequent communications between the parties are conducted using symmetric encryption using the keys securely communicated using asymmetric encryption.
Back up often enough that if something goes wrong, you won’t panic about how much data you lost because your last backup was days ago.
Ideally, you should have backups stored both onsite and offsite. Onsite storage of backups lets you restore quickly. Offsite storage of backups helps ensure that backups are available even when a site becomes inaccessible or something else devastates all the computer equipment and digital data at a particular site. And make sure you regularly test that your backups actually work. As many parties have sadly learned the hard way, backing up is worthless if you can’t actually restore from your backups.
Every person accessing an important system should have their own login credentials. Ideally, you should not share passwords for online banking, email, social media, and so on, with your children or significant other — get everyone their own login.
You have likely heard the conventional wisdom to use complex passwords for all systems, but do not overdo it. If using too many complex passwords is causing you to reuse passwords on multiple sensitive systems or to write down passwords in insecure locations, consider other strategies for forming your passwords, such as combining words, numbers, and proper names, such as custard4tennis6Steinberg
. See Chapter 8 for more details.
For systems to which passwords do not really matter — such as when accounts are required only so that the site operator can track you, but not to secure anything of value to you — consider using weak, easy-to-remember passwords. Don’t waste brainpower where it does not need to be used. You can even reuse such passwords on multiple such sites, but of course, never use such passwords on any sites where security is actually of concern to you.
Alternatively, use a password manager, but ideally do not use a password manager for your most sensitive passwords — keep them in your head — because you don’t want to put all your eggs in one basket. If you must write such passwords down for other people to use in case something happened to you, write them down on paper and store them in a fire-and-water-resistant bag in a safe deposit box or safe.
Oversharing on social media posts has caused, and continues to cause, many problems, such as leaking sensitive information, violating compliance rules, and assisting criminals to carry out both cyber and physical attacks. Be sure that your phone does not autocorrect anything to sensitive material when posting. Also, don’t accidentally cut and paste anything sensitive into a social media window. You would probably be amazed at how often errors of this type occur.
Nearly all modern Wi-Fi routers allow you to run two or more networks. If your router offers you such a feature, use it. If you work from home, for example, consider connecting your laptop to the Internet via a different Wi-Fi network than the one that your children use to browse the web and play video games. As discussed in Chapter 4, look for the Guest feature in your router’s configuration pages — that is where you will typically find the ability to set up the second network (often referred to as the Guest network). Many people use the Guest network not only for guests, but also for their children who connect devices to the Internet.
While public Wi-Fi is a great convenience that most people utilize regularly, it also creates serious cybersecurity risks. As such, if your phone allows you to create an Internet hotspot to which your other devices can connect, use that method of connecting to the Internet and forgo the use of all public Wi-Fi. Sometimes, however, using a personal hotspot is impossible — you may be located underground, for example, or in some other area to which cellular signals do not penetrate.
Cybersecurity practitioners who preach that people should refrain from using public Wi-Fi in such situations are about as likely to succeed in their effort as they would be if they instructed people to abandon insecure computers and revert back to using typewriters. In such situations, therefore, if you absolutely must connect to public Wi-Fi, it is important that you already know how to use public Wi-Fi safely and understand multiple techniques for improving your odds of defending yourself against mischievous parties (see Chapter 7) and do so before you find yourself needing to connect. So check out Chapter 21 before you need to use it.
Especially if you’re starting or running a small business, getting expert advice can be a wise investment. An information-security professional can assist you in designing and implementing your approach to cybersecurity. The minimal cost of a small amount of professional help may pay for itself many times over in terms of time, money, and aggravation saved down the road.
18.223.33.157