This list is a combination of proactive steps you can take, as well as activities you should avoid for protecting your password and personal data. One of the main barriers to robust cybersecurity is an educated populace and willing participants. We all want our data to be secure, but it’s also human nature to downplay the risks associated with poor security practices in favor of taking the more frictionless route.
That’s why with this list we really want to highlight the passive steps you can take, the “do nots” and “dos” of cybersecurity.
- Don’t join unsecured WiFi networks like public hotspots. If you need to use unsecured WiFi, make sure you use a VPN.
- Don’t click on unsecured websites. Secure websites will be prefixed with HTTPS and unsecured websites will simply be prefixed with HTTP. This tells you whether or not the website is using a Secure Socket Layer (SSL), which is essentially just an encrypted connection between the browser and the webserver. Having this added layer of security protects you from Man-In-The-Middle attacks where the hacker will try to intercept your communications with the website and steal your credentials or other data. The popular browsers have now even taken to shaming websites that don’t use SSL by warning you that the website is unsecured by using a red-colored open lock graphic, or by telling you about the weak security in a pop-up text box. Setting up SSL is now standard practice but you’d be surprised how many legitimate and high-traffic websites still haven’t gotten around to it.
- Don’t download unknown applications. Make sure you vet any applications you intend to download, especially if you’ve never heard of them before. You may just find that they are secretly housing malicious software. This is something people tend to be more vigilant about on their desktop computers and laptops than on their smartphones, despite the risk being present across all devices. You should be extra vigilant if you have an Android phone because Android has more relaxed rules and fewer barriers to apps on the Play Store than Apple does for the App Store. This can sometimes be a benefit because you can gain access to a greater number of apps but it’s always worth checking the legitimacy of your apps.
- Be careful when linking accounts. When we create and manage multiple accounts for the plethora of services, we have the option to sign up with a different account. Plenty of websites or apps allow you to log in to their service by using your Google or Facebook account, for example. It’s important to stress here that this doesn’t mean that the app will receive your Facebook or Google account credentials, but there is other information they can take. This information includes your name, email address, birthday (and therefore age), and other information. Facebook dominated the headlines in early 2018 for their involvement in the major political scandal that was Cambridge Analytica. British political consulting firm, Cambridge Analytica was accused of obtaining the data of 87 million people without their consent, simply because the users shared their data with a personality test app. We’re so used to seeing pop-ups on our screens asking us for consent that we often just automatically click to give consent without reading the text. It may not be feasible to read the terms and conditions of every request you get, but you can make yourself safer by only consenting when it’s absolutely necessary. Finding out which candy bar matches your personality may gift you a bit of joy on a gloomy Monday afternoon but it’s not worth your long term security.
- Don’t skip on system upgrades. Your OS or other software will usually prompt you when a new version of the software is available for download. We understand these prompts can be annoying, but they do protect your software and data from Threat Actors who rely on exploiting vulnerabilities in old versions of the software.
- Encrypt the data on your computer or phone. Some devices have encryption built-in and turned on, and others will require you to turn it on. Mac has FileVault installed natively and Windows users tend to use Bitlocker which is native to Windows and pairs with Active Directory.
- Strong passwords are preferred but best practices around complexity requirements have relaxed recently. It’s important to pick a password you can remember and do not reuse passwords. Consider using a password manager.
- Backup your data. Ransomware attacks have been on the rise in recent years and the chaos they have caused has proved how important it is to have control over your data. If you get locked out of your data by a hacker, you can simply wipe the system and reinstall your data backup.
As you know, remembering unique and strong passwords is no easy task when the number of accounts we hold grows every day. It’s no surprise that we often opt for using the same password across multiple accounts. Of course, this is inherently unsafe, but it makes sense.
Hopefully this list of tips can help you protect your password and personal data moving forward.