Cybersecurity Awareness Month
October is Cybersecurity Awareness Month, so now is a good time to think about ways to keep you and your information safe when using technology. Here are tips for helping to protect your systems from malware infections, to protect your data, and to prevent identity theft.
- Update software and firmware on all internet-connected devices. This includes operating systems, routers, cell phones, tablets, printers, smart televisions, gaming consoles, smart refrigerators, doorbell cameras, and anything else connected to your network. Out-of-date software can be used to hack into a system. Consider replacing hardware when it is no longer receiving security updates from its manufacturer.
- Turn on automatic updates whenever possible to ensure your software and firmware is always up to date.
- Be aware of phishing schemes and verify unexpected emails, phone calls, and text messages. Sometimes these methods are used to trick victims into installing malware. Don't click links or open attachments that are unexpected without verifying their authenticity.
- Backup important data. When ransomware strikes, restoring from backup may be the only way to recover data without paying the ransom.
Prevent Data Theft
- Don't reuse passwords across different websites. Attackers often try to use the passwords they steal from one website to log into other sites. For example, if a store's password database is breached, they might try to log into bank accounts using the same usernames and passwords.
- Use good passwords that aren't easy for a computer to guess and haven't been stolen from another site. Long passphrases are better than short passwords.
- Consider using a password manager. Password managers are apps that can be used to generate and store long, complex, and unique passwords. They can also monitor known breaches and alert you when one of your passwords is compromised. Some password managers also have options for families so that all of the passwords can be managed from one place. This is a great option to help children and seniors.
- Use two factor authentication (2FA) whenever possible. Ideally this would be through an app on your phone or a hardware token and not with text messages. 2FA using text messages can be compromised through attacks against cell phone networks or fraudulently porting the victim's phone number to a phone under the attacker's control.
- Set passwords on mobile devices including cell phones and tablets. A lost or stolen phone without a password can give someone a lot of access to your accounts.
- Avoid truthfully answering security questions when creating an account. Security questions often have answers that can be obtained from public records or your social media account. You can make up an answer to these questions. Just make sure you remember your answer.
- Encrypt hard drives on computers using a utility such as BitLocker (built into some versions of Windows), FileVault (built into macOS), or a third party encryption program.
- Securely erase hard drives when retiring a computer. Reformatting the hard drive doesn't destroy the data that is there. A utility designed to securely wipe a hard drive or to initiate the drive's built-in ATA Secure Erase function is needed to make the data unrecoverable.
- Perform a factory reset on any cell phones or tablets when getting rid of them. Modern phones and tablets render its data unrecoverable when performing a factory reset.
- Set port-out PINs for cell phone accounts if your carrier allows them. This prevents an attacker from taking over your phone number without your permission.
- Disable obsolete encryption protocols in your Wi-Fi router. Use the latest settings that are compatible with your devices. Most modern devices support WPA3 and/or WPA2 encryption protocols. Disable WPA1 if possible and definitely disable WEP. Use AES instead of TKIP whenever possible.
- Avoid using public Wi-Fi hot spots. Nearby attackers can easily eavesdrop on your internet traffic and can maliciously modify the traffic content as well.
Prevent Identity Theft
- Set credit freezes at the major credit reporting agencies, including Experian, TransUnion, Equifax, and Innovis. Federal law now requires freezing and unfreezing your credit report to be free. Freezes prevent an attacker from opening a line of credit in your name. You must temporarily unfreeze your credit profile before applying for a new line of credit, such as a credit card.
- Set freezes at other reporting bureaus, including ChexSystems and the National Consumer Telecommunications and Utilities Exchange. Freezing these reports prevents attackers from opening bank accounts and new utility accounts in your name. As with credit freezes, you must unfreeze access to these reports if you intend to open a new bank account or an account with a utility provider.
- Avoid leaking information on social media that can be used to impersonate you when applying for credit.