Cybersecurity is a Shared Responsibility
Everyone should own their role in protecting their information and securing their systems and devices.
There are many steps individuals can take to enhance their cybersecurity without requiring a significant investment or the help of an information security professional. Below are ten tips you can put into action now:
Keep A Clean Machine
Keep all software on internet connected devices – including personal computers, smartphones and tablets – current to reduce risk of infection from ransomware and malware. Configure your devices to automatically update or to notify you when an update is available.
Enable Multi-factor Authentication
Use 2-factor authentication or multi-factor authentication (like biometrics, security keys or a unique, one-time code through an app on your mobile device) whenever offered.
Use Long, Unique Passwords
Length trumps complexity. A strong password is a sentence that is at least 12 characters long. Focus on positive sentences or phrases that you like to think about and are easy to remember.
Use a Password Manager
The best way to manage unique passwords is through a password manager application. A password manager is software created to manage all your online credentials like usernames and passwords. It stores them in a safe, encrypted database and also generates new passwords when needed.
Think Before You Click
Links in email, tweets, texts, posts, social media messages and online advertising are the easiest way for cyber criminals to get your sensitive information. Be wary of clicking on links or downloading anything that comes from a stranger or that you were not expecting.
Report Phishing
If you’re at the office and the email came to your work email address, report it to your IT manager or security officer as quickly as possible. If you’re at home and the email came to your personal email address. Do not click on any links (even the unsubscribe link) or reply back to the email and just delete it. You can take your protection a step further and block the sending address from your email program, too.
Use Secure Wi-Fi
Public wireless networks and hotspots are not secure, which means that anyone could potentially see what you are doing on your laptop or smartphone while you are connected to them. Limit what you do on public WiFi, and avoid logging in to key accounts like email and financial services. Consider using a virtual private network (VPN) or a personal/mobile hotspot if you need a more secure connection.
Back It Up
Protect your valuable work, music, photos and other digital information by making an electronic copy and storing it safely. If you have a copy of your data and your device falls victim to ransomware or other cyber threats, you will be able to restore the data from a backup. Use the 3-2-1 rule as a guide to backing up your data. The rule is: keep at least three (3) copies of your data, and store two (2) backup copies on different storage media, with one (1) of them located offsite.
Check Your Settings
Every time you sign up for a new account, download a new app, or get a new device, immediately configure the privacy and security settings to your comfort level for information sharing. Regularly check these settings to make sure they are still configured to your comfort.
Share With Care
Think before posting about yourself and others online. Consider what a post reveals, who might see it and how it might affect you or others. Consider creating an alternate persona that you use for online profiles to limit how much of your own personal information you share.
Additional Resources
Cybersecurity & Infrastructure Security Agency: Cybersecurity Tips
Federal Trade Commission: Cybersecurity Basics
When criminals go phishing, you don’t have to take the bait.
Phishing is when criminals use fake emails to lure you into clicking on them and handing over your personal information, or installing malware on your device. It’s easy to avoid a scam email, but only once you know what to look for.
See it so you don’t click it.
The signs can be subtle, but once you recognize a phishing attempt you can avoid falling for it. Here are some quick tips on how to clearly spot a fake phishing email:
- Contains an offer that’s too good to be true
- Language that’s urgent, alarming, or threatening
- Poorly-crafted writing with misspellings, and bad grammar
- Greetings that are ambiguous or very generic
- Requests to send personal information
- Urgency to click on an unfamiliar hyperlinks or attachment
- Strange or abrupt business requests
- Sending e-mail address doesn’t match the company it’s coming from
Oh no! I see a phishing email. What do I do?
Don’t worry, you’ve already done the hard part which is recognizing that an email is fake and part of a criminal’s phishing expedition.
If you’re at the office and the email came to your work email address, report it to your IT manager or security officer as quickly as possible.
If you’re at home and the email came to your personal email address. Do not click on any links (even the unsubscribe link) or reply back to the email and JUST DELETE IT. You can take your protection a step further and block the sending address from your email program, too.
Here’s how to…
- Block a sender on Outlook.
- Block a sender on Gmail.
- Block a sender on Mac Mail.
- Block a sender on Yahoo! Mail
Let them know.
Some email platforms let you report phishing attempts. If you suspect an email is phishing for your information, it’s best to report it quickly.
Here’s how to:
- Report a phish on Outlook.
- Report a phish on Gmail.
- Report a phish on Mac Mail.
WHAT IS RANSOMWARE?
Ransomware is a type of malware that accesses a victim’s files, locks and encrypts them and then demands the victim to pay a ransom to get them back.
Cybercriminals use these attacks to try to get users to click on attachments or links that appear legitimate but actually contain malicious code.
How to Avoid Being a Victim of Ransomware
Keep the software on all Internet-connected devices up to date. All critical software, including computer and mobile operating systems, security software and other frequently used programs and apps, should be running the most current versions. Turn on automatic updates in the security settings.
Install and keep security software (think of antivirus, antimalware & firewalls) current on all devices that are internet-connected.
Turn on two-step authentication – also known as two-step verification or multi-factor authentication – on accounts where available. Two-factor authentication can use anything from a text message to your phone to a token to a biometric like your fingerprint to provide enhanced account security.
Protect your valuable work, music, photos and other digital information by making an electronic copy and storing it safely. If you have a copy of your data and your device falls victim to ransomware, you will be able to restore the data from a backup.
Use the 3-2-1 rule as a guide to backing up your data.
The rule is: keep at least three (3) copies of your data, and store two (2) backup copies on different storage media, with one (1) of them located offsite.
What to Do If You Experience Ransomware
- Reach out to your IT expert, IT department, or local law enforcement to help you respond if you are not an IT expert
- Identify where your data backups are stored
- Report the incident to FBI’s Internet Crimes Complaint Center https://www.ic3.gov/default.aspx
- Set up Multi-Factor Authentication (MFA)
- Avoid Using Public Wi-Fi
- Keep Devices Updated
- Turn on Device Firewall
- Never Leave Devices Unattended
More recommendations: