So you’re new to the cyber security world and you don’t know where to start? Where do we begin? Firewalls? Intrusion Detection Systems (IDS)? Anti-virus? It’s all very complicated and can be quite expensive… Many of these suggestions sound quite simple and appear to be common sense, but for one reason or another, they are reoccurring problems within many organizations. Let’s explore a few simple and inexpensive ways to lower your threat surface.
***This is by no means an all-inclusive list! Please consult your local IT security specialist***
1. Use strong passwords. The longer and more complicated, the better. The more complicated your password, the more difficult it is to guess. A strong password is defined as:
- 8 characters or longer
- Combination of upper and lowercase letters
- Include at least 1 numeric and/or special character (@,#,$,*, ect), punctuation and spaces.
- Using a phrase or sentence for your password can help increase complexity while still making it memorable (example P@ssw0rd(2014) is a good strong password). http://www.columbia.edu/acis/security/users/passwords.html
2. You must resist the urge to use the same password for everything. I know that it’s harder to remember multiple passwords, but this limits the damage if/when a password is compromised. Never use the same password for email/Facebook/twitter/online banking. This could give someone access to your entire digital life with a single password! http://macgroup.org/blog/2012/08/06/the-dangers-of-using-the-same-password-for-everything/
3. Patch your systems early and often! This is more than simply running Windows Updates. Adobe Flash, Java, and Microsoft Office must also be continuously patched and updated. Major software manufacturers like Microsoft, Adobe and Oracle release software updates for a reason. The primary method of attack for most hackers is through known vulnerabilities in common applications. If you are a Mac or Linux user, you are still at risk! Although these Operating Systems are less likely to be targeted, their applications are still vulnerable. Even mobile devices running Android and iOS have vulnerabilities that can be addressed with software updates. http://www.lavasoft.com/company/newsletter/2011/02/article_patch_time.php
4. Retire that old OS. Once an operating system gets too old, the manufacturer stops releasing software updates. If you are still using Windows 98, Windows 2000, Mac OS 9, early Mac OS X or Windows XP (end of support in April 2014) you are at much higher risk of data loss. Since the manufacturer no longer releases updates for these systems, hackers are able to find new vulnerabilities and exploit them with impunity. Yes, upgrading or replacing your old PC can be painful, but so is losing your personal / sensitive information. http://www.bcbr.com/article/20131011/EDITION07/131019987
5. Think before you click. Many security professionals agree that most system breaches occur through phishing emails and “free” apps downloaded from the internet. Phishing is the practice of using email or websites that look legitimate to deliver malicious software (malware) to your computer. Most of these emails will contain a malware laden attachment or link to a dubious website. Attackers are very good at disguising these attempts as legitimate messages and may appear to be coming from known family, friends or co-workers. This makes it important for you to critically evaluate each and every message before you blindly click on the link or attachment contained. When it comes to free downloads, always ask yourself how are the developers making money? If they aren’t charging for their product, could it be a scam? In many cases it is! http://www.microsoft.com/security/online-privacy/phishing-symptoms.aspx