Good personal cybersecurity hygiene can help you stay safe online
This feature first appeared in the Summer 2019 issue of Certification Magazine. Click here to get your own print or digital copy.
In our current culture our lives are completely intertwined with the thriving, evolving, occasionally endangering monument to information technology (IT) known as the internet. On a daily basis we use the internet and associated technologies for a myriad of purposes. We use it to shop and make purchases, send and receive e-mail, make appointments, socialize with family and friends, visit new websites of interest, catch up on the latest news and weather, do research, conduct our banking, download and play games, participate in education pursuits, visit dating sites, pay bills, engage in political conversations — the list is seemingly endless.
If you think about it, nearly every aspect of our daily lives and everything we do is somehow connected with the Internet. Our work, our leisure moments, our pleasure, and our frustrations, are quite often linked in some manner to the internet via our computers and, increasingly, the use of our smartphones.
How often do we reach for our smartphones? By some estimates the average American uses a smartphone for some purpose every 10 minutes! A report in Time magazine found that “Americans collectively check their smartphones upwards of 8 billion times per day.” That represents a tremendous amount of interaction with organizations and people via the Internet.
As we contentedly go about the daily usage of our devices, we generally give scant thought to the dangers that often lurk beneath the friendly and accommodating surface of the Internet. Yet hackers and other digital malefactors, those with evil intent, are constantly seeking to steal our personally identifying information (PII) or breach the security of the firms, merchants, and agencies that engage us in various transactions.
In discussing the “Top Hacks and Internet Breaches of 2018,” blogger James Watson writes that, “Hundreds of millions of people suffered at the hands of these attacks as their sensitive information and data was exposed and sold on the dark web.” Just in the past year, numerous big-name organizations were breached and customer data exposed.
Everyone is at risk
For example, Facebook was victimized by a hack that exposed 29 million users, Google suffered a data breach that affected 52.5 million users, and an attack on MyHeritage pinned down 92 million users like insects trapped for a 7th-grade science project. Believe it or not, those were the “small potatoes” hacks.
If we move up to the “adult” table the news is really grim. A breach perpetrated against business and consumer data brokerage firm Exactis stole information connected to 340 million people. A whopping 500 million people — roughly one-fifteenth of the entire global population — were victimized by the Marriott Starwood Hotels data breach. Though often ignored due to complacency, the danger of doing just about anything online is real.
As consumers, there is little we can do about the cybersecurity that organizations have in place to protect our information. We place our trust in them to be ethical stewards and provide the best security available — not just check the “basic” security boxes and then take out cybersecurity insurance.
Unfortunately, we must also grudgingly accept that no security is perfect and that, despite even robust and seemingly thoroughgoing good faith efforts, breaches will occur. After all, there were by some estimates nearly 1 billion global victims of cybercrime last year. Are you a citizen of the world? There a slightly better than one-in-seven chance you got dinged.
Don’t stand out so much
While we can’t control the cybersecurity practices of organizations we deal with, there are many things that the average person can do to lessen their vulnerability to cybercrime. No amount of personal caution will entirely protect you, but good cybersecurity hygiene is at worst a deterrent and at best could keep you entirely out of the next big breach story to hit the evening news.
To begin with, each of us needs to lessen our “footprint” in the world of technology. For example, you can start by eliminating unnecessary credit cards and store charge accounts. The more accounts you have open, the more vulnerable you are to cyberattackers. Sure, it’s tempting to take advantage of that 5 percent discount at checkout by signing up for a new credit card or rewards program, but that only makes you a bigger target. The point is to lessen your vulnerability, not increase it.
When you fill out a form somewhere, question the need to supply personal information such as your social security number — does your new dentist really need that information? Whenever you have the option to NOT supply an e-mail address, phone number, and so forth, leave that extra information off the form.
Decrease your social media profile. Miscreants and malefactors constantly troll social media to gather information, so refrain from telling the world about your purchasing habits, your travel plans, your personal likes and dislikes, and especially your personally identifying information (PII) — any information that uniquely identifies you.
Keeping all of that under wraps can be difficult to do in this age of sharing everything with everybody, but you would be amazed what a hacker can do with your birthdate (or even just your birthday), place of employment, personal photograph, the name of your bank, a list of places that you regularly shop, your telephone number or e-mail address, your home address, or a general account of who your family and friends are. All of these things are routinely shared on social media, and all of them can be used to attack you.
Protect logins and connections
Change your passwords and keep each one unique. Don’t use the same password at the library, for example, that you use for your bank account. If a hacker stumbles across your password at one place, they will try it at every single place they can reasonably assume that you regularly log in, and seek to gain access.
Where possible, use two-factor authentication and strong passwords that include upper and lowercase letters, numbers, and special characters. Not too long ago the generally accepted wisdom was that passwords ought to be at least 8 characters long, but currently at least 12 characters are suggested.
Monitor your financial accounts for unauthorized activity. Regularly check for charges you didn’t make, even small ones. Hackers will gain access to your accounts and routinely withdraw small amounts to see if the account is active, and whether or not the charges go unnoticed.
Be aware of cyberattacks on organizations you deal with. If you hear of such an attack, immediately change your password. Unfortunately, organizations generally do not disclose breaches immediately — often because they are not aware of breaches immediately — so you need to take action as quickly as possible to limit the extent of damage done.
Use public wifi with caution. It’s tempting to use the wifi at your favorite coffee shop, or at the airport, but be aware that others might be actively monitoring what you are doing. If you must use public wifi, never do any banking or financial transactions — that can wait. Consider using a VPN service or encryption, as well as turning “sharing” off on your device if you must use public wifi.
Watch out for others
Finally, have a cybersecurity conversation with your children and others who might use your devices. Make them aware of your security concerns and the hazards of sloppy Internet usage. You could be using impeccable cybersecurity hygiene, but if other users are careless, then your actions may be for naught.
We all would like to think that we are safe as we utilize and surf the Internet. In reality, however, it can be a highly dangerous place — especially for those who don’t exercise due caution a much as possible.
Just as in driving an automobile, each of us needs to be cautious of our own actions and aware of what others might be doing that could endanger us. If we safely follow the rules of the information superhighway, then we may not avoid all incidents, but the likelihood of a catastrophic event can be greatly diminished. Enjoy the internet — but watch out for the other guy!