Yesterday’s list was so long I decided to break it into two posts. Here is the second part.
To recap – here are some recommendations from Dark Reading. Most people will pick and choose from this list, but pick some today and then come back in a week or a month and pick a few more. Remember, you are just trying to make life hard enough for the bad guys that they hack someone else.
11. Turn on auto update – Installing updates is a pain and even though updates sometimes happen at inconvenient times, they are important. The challenge with updates is that there are so many. Whether it is your laptop, phone, tablet, desktop and then, of course, all of the applications too. Add to that your firewall, digital assistant, Wi-Fi and whatever else. Updating it could be a full time job. Which is why so many updates are missing. The largest data breach in US history (Equifax) was caused by one missing patch. If it is possible to automatically update, turn that feature on. It just makes life easier. ESPECIALLY for those Internet of Things devices.
12. Segment off your personal network – here is one you probably didn’t think of. Put your work computer on its own network segment – give it its own Wi-Fi hotspot. If you isolate your work computer then if your kid’s computer gets infected, it won’t infect you.
13. Use a password manager – passwords are a weak spot. People can’t remember a thousand passwords so they either make them all the same, so when one web site is breached, they all are or they make them easy to guess. Some people ask their browsers to remember their passwords. After all, what could go wrong by asking the one part of your computer that talks directly to the Internet to store all your passwords. There have been numerous attacks against browser password stores and many companies disable that feature for that reason. Password managers actually make using unique, crazy passwords easy.
14. Enable Multi-Factor Authentication – Not only that, but it is better to do that with an app such as Google Authenticator or Authy instead of a text message. If you have the option and a business is storing your sensitive data – like a bank – and they don’t offer multi-factor authentication, find a new bank. I mean it. Really.
15. Avoid Browser Extensions – Speaking of not asking your browser to do un-natural acts, browser extensions are often security nightmares. To the extent that you can avoid them, do so. For one thing, it slows things down. For another, many times they have bugs. And going back to number 11, they often don’t automatically update. It is a matter of security vs. convenience. Your choice.
16. Carry a spare portable battery for your phone or tablet – DO NOT use those handy USB charging ports in airports and other public places. They can literally infect your device. An alternative to a portable battery is to use the AC power outlet. That won’t infect things.
17. Make sure you share documents securely – In the mortgage business where I spent many years, loan officers often asked for bank statements, tax returns and other personal information via email. Not exactly secure. If you don’t have an ENCRYPTED email solution, ask your company for one. If you need to control access, don’t use solutions like Dropbox. Work with your IT department to figure out the best, secure, controlled access solution.
18. Be skeptical. And then be more skeptical – you have a lot of things to do. You have a lot of emails to read. You have a lot of web sites to visit. Bad actors are counting on that. We hear about people falling for scams every day. The FBI said that between Mid 2016 and mid 2019 losses due to scams reported to them totaled over $26 BILLION. That is a lot of money.
19. If you have a remote working policy, follow it. If you don’t have one, create one – When it comes to reducing risk, you need to tell employees what they should and should not do. If you don’t have one then you can’t complain if employees do things you don’t want them to. For certain industries, these policies are legally required. In fact you should have a complete set of security policies which are in addition to typical employee HR policies.
20. Last but not least, get to know your IT and security folks – we really don’t want to make your life difficult. We are working hard to protect the company and that includes making sure the company does not get breached or sued due to losing customer’s data. Those kind of incidents can cost a company a lot of money and sometimes that translates to layoffs or even closing the company’s doors. If you need something, ask. We may not be able to do it, but hopefully we can explain why.
That is the end of this list. If you have questions, please reach out to us – refer to number 20 above.
Based on information from Dark Reading.