October isn’t just about pumpkin-spiced lattes – it’s also Cybersecurity Awareness Month! In a world where cyber threats are leveling up, fortifying your online presence is essential.
At Red Clover Advisors, we’re on a mission to empower organizations with rock-solid cybersecurity best practices. It all starts with helping you and your team grasp the vital role you play in guarding your systems and precious data.
In honor of Cybersecurity Awareness Month, we handpicked our top ten tips (plus two bonuses) to armor up your digital defenses and turbocharge your cyber hygiene.
Ready to act? Here is how you can start today:
1. Keep Software Up to Date
Ransomware attacks are a major attack vector for both businesses and consumers. One of the most important cybersecurity tips to mitigate ransomware is patching outdated software, operating systems, and applications. This helps remove critical vulnerabilities that hackers use to access your devices.
- Turn on automatic system updates for your devices
- Make sure your desktop web browser uses automatic security updates
- Keep your web browser updated
- Do not use software that has reached the end of its life (think Windows XP)
- When purchasing devices, consider how long the manufacturer has updated previous products
2. Use Strong Passwords and a Password Management Tool
Strong passwords have been and will continue to be critical to online security. According to the National Institute of Standards and Technology’s (NIST) password policy framework, you should consider:
- Don’t use the same password twice.
- The password should contain at least one lowercase letter, one uppercase letter, one number, and four symbols but not the following &%#@_.
- If not using a Password Manager, choose something that is easy to remember and never leave a password hint out in the open or make it publicly available for hackers to see
- Reset your password when you forget it. But change it once per year as a general refresh.
To make it easier to manage your passwords, use password management tools such as Dashlane or Bitwarden. Password managers typically include features that allow you to generate random passwords, view repeated passwords, and automatically suggest and register passwords when you visit a website.
While your device may have built-in password management tools, these tend to be less feature-rich and may look into that device’s ecosystem, particularly if you use Apple’s built-in tool. If you do use one, ensure your master password is complex and not used anywhere else.
- Use strong passwords
- Use a password manager
- Third party password managers are preferred
3. Use Passkeys
A new alternative to passwords, passkeys, is ushering in a new, more secure method of logging in. A passkey replaces the typed-in password with a digital private key that is largely invisible to both the user and the site you are logging into. They do not need 2FA/MFA, are extremely phishing resistant, and are more secure than a password. In sum, passkeys contain nothing to remember, are extremely secure, and are faster than typing in a complex password. To try one today, simply add it to your Google account, instructions are available here.
- Use passkeys when available
4. Use Two-Factor or Multi-Factor Authentication
Two-factor (2FA) or multi-factor authentication (MFA) is a service that adds additional layers of security to the standard password method of online identification. Two-factor authentication prompts you to enter an additional authentication method such as a Personal Identification Code, another password, or even a fingerprint. With multi-factor authentication, you would be prompted to enter more than two additional authentication methods after entering your username and password.
When choosing MFA/2FA, it is best practice to avoid using SMS as the authentication method. SMS is vulnerable to a variety of attacks, chiefly SIM swapping. Best practice is to use an authenticator tool, commonly an app on your phone that generates codes every thirty seconds (think Google Authenticator or Duo).
- Use 2FA/MFA
- Use an authenticator tool like Duo instead of SMS for 2FA/MFA
5. Learn about Phishing Scams
Phishing takes place when a cybercriminal poses as someone or something known to the recipient to trick the recipient into divulging credentials, clicking a malicious link, or opening an attachment that infects the user’s system with malware or a vulnerability exploit. This often leads to a ransomware attack. In fact, 90% of ransomware attacks originate from phishing attempts.
A few important cybersecurity tips to remember about phishing schemes include:
- Don’t open emails from people you don’t know
- Know which links are safe and which are not – hover over a link to discover where it directs to
- Be suspicious of the emails sent to you in general – look and see where it came from (check the email address) and if there are grammatical or formatting errors
- Check the URL of the webpage, does it match an official site?
- Always pay attention to the webpage design, a giveaway of a phishing scam is poorly formatted webpage graphics (think: the Wells Fargo logo is blurry or the size is wrong)
- Careful when scanning QR codes for things like parking, as scammers will use these to fraudulently collect credit card information.
- Play Google’s Phishing Quiz Game to Practice Spotting Phishing:
6. Use Your Mobile Devices Securely
Here are some quick tips for mobile device security:
- Create a difficult mobile passcode (not your birthdate or bank PIN) and/or use biometric identification (Face ID or fingerprint)
- Avoid sending Personal Information or sensitive information over text message or email
- Install apps from trusted sources such as the Apple App Store or Google Play
- Utilize built-in privacy and security features (such as limiting app permissions)
- Do not keep private information or passwords in the notes app
- Keep your device updated – hackers use vulnerabilities in unpatched older operating systems
- Leverage Find my iPhone or the Android Find My Device to prevent loss or theft
- Perform regular mobile backups using iCloud or Enabling Backup & Sync from Android
7. Back Up Your Data Regularly
Backing up your data regularly is key to protecting it from the ravaging effects of cyberattacks. Keep multiple copies of your data in both cloud, local and external storage locations.
If you become a victim of ransomware or malware, the only way to restore your data is to erase your systems and restore with a recently performed backup. Rarely should you pay a ransom.
- Consider setting a calendar to manually backup your device or invest in an automated backup solution
- Do not pay a ransom when infected with ransomware
- Back up data in multiple places (such as both in the cloud and locally)
8. Be Security Conscious when Purchasing “Smart” Devices
While smart devices, IoT devices, can make modern life more convenient. They also represent a major security risk for those that are not careful. The risk can be broken into three parts: Intimacy, Privacy, and Harm. They can violate your intimacy, such as sharing security video with an unwanted third party, they can violate your privacy by collecting and sharing data about you and your home, and finally, they can cause harm to society at large, such as in 2016, when malware known as Mirai took advantage of approximately 145,000 insecure printers, cameras, routers, and baby monitors to perform a DDoS attack on a critical element of the internet infrastructure.
- Buy from reputable/established brands + avoid ultra-budget products unlikely to get security updates (such as no-name branded products)
- Keep devices up to date.
- Ask yourself, “do I really need to connect this to the internet?” Just because your toilet has Wi-Fi, does not mean you need it to be connected!
9. Protect Your Sensitive Personal Information
Personal Information is any information that can be used by a cybercriminal to identify or locate an individual. Personal Information includes information such as name, address, phone numbers, date of birth, Social Security Number, IP address, location details, or any other physical or digital identity data. Your credit card information should be protected by companies if they follow the PCI DSS standards.
In the new “always-on” world of social media, you should be overly cautious about the information you include online. It is recommended that you only show the very minimum about yourself on social media. Consider reviewing your privacy settings across all your social media accounts. Avoid adding your home address, birth date, or any other Personal Information to decrease your risk of a security breach.
- Be cautious with what you share online
- When inputting sensitive information, take steps to ensure that you are not on a phishing site
10. Set up Legacy Account Features
When we die, we leave behind a large digital trail. Just as our physical estates need wrapping up, so do our digital ones. Doing so can be incredibly difficult for decedents, with major obstacles such as unknown passwords. To simplify the process, some tech companies offer features to simplify the process, allowing designated individuals to access and delete digital information of the deceased. Two of the most important are Apple, Facebook, and Google, companies whose devices and services are used by tens of millions of Americans. Follow The Verge’s or Washington Post’s guide to learn more and set up these services.
- Set up legacy features and explain to designated individuals what is involved
11. Bonus: Be Cautious with QR Codes
For all their benefits, QR codes contain an inherent security challenge: you don’t know what they are going to open up! The most commonly reported threat is a phishing attack; the user scans the QR code that purports to be for paying for parking or to access their bank website (two real examples). However, the link is actually a phishing site. Take care with what you are scanning and avoid scanning unknown QR codes.
- Be cautious when scanning QR codes
- Use search to find a website instead of a QR code
- Avoid paying with QR codes
12. Bonus: Google’s Space Shelter Game
The game, linked here, is an easy way for those of all ages to refresh on the basics of practical cyber security!
Seize the moment! Get started today.
Time is ticking and so is the risk of a data breach or other cyber threat. Cybersecurity Awareness Month is the perfect time to take small actions that will have a colossal impact on your ability to protect your employees, your business, and your customers’ data.
Keeping your online turf secure is non-negotiable, and we have your back. With years of experience helping companies navigate the intersection of business and privacy, Red Clover Advisors has the expertise you need to maximize your cybersecurity dollars. Contact us today to get started.
Together, we will create a safer, more secure digital world.