3 Biggest Mistakes People Make in Their Cybersecurity Practices
1. Not updating your devices
Odds are that your household contains multiple devices that have the ability to connect to the Internet. This includes computers, laptops, smartphones, gaming systems, and an ever-growing list of ‘smart devices’. All of these devices often have security updates that are pushed out by the vendors. For example, every second Tuesday of the month Microsoft releases their security updates for their Windows Operating System. These updates fix security vulnerabilities found in their Operating System code and should be installed as soon as they are released. You may recall hearing about the WannaCry attack that occurred back in May of 2017. This attack was only successful on Windows computers that had not installed an update that was released in March of that same year. The big Equifax breach? Yep, the attackers were able to compromise an unpatched server. And it’s not just Windows Operating Systems. Apple devices now have their fair share of vulnerabilities too and updates are frequently being released. Apple often touts their updates as feature updates but the majority of the time these updates also contain important security fixes. So, make sure you are keeping all of your devices up to date.
2. Clicking links or attachments in emails
Hackers are always looking for the quickest way in, which usually means they target systems that the highest number of people are using. It would be hard to imagine our world today without email. So, it’s no surprise that email has become the number one attack vector used by hackers today. Email accounts are constantly being hacked. The hackers then send mass emails to all of the contacts in that email account that contain harmful links or attachments. You may recall the big Target breach back in 2013. The whole thing started when a third-party HVAC employee (who had remote access to the Target HVAC system) clicked on a link in his personal email account that gave the attacker remote control of his computer. From there they hopped from the HVAC system to the Credit Card system and stole the information. Hackers will also often try to impersonate banks, social media sites, and news outlets by mimicking their notification emails trying to get you to click or open an attachment. Unfortunately, it’s come to a point where every email we receive should be treated with caution, even if it’s a family member. Here are a couple tips to consider when it comes to emails with links or attachments:
- Check the Sender: Do you recognize the sender’s email address or name? Are there any typos in the email address indicating it’s not really from the person you think?
- Spelling Counts: Is the email grammatically correct? If there are a lot of mistakes it should be a red flag.
- Email Content: What does the email say? Is the email trying to create a sense of urgency? Is it asking for personal or sensitive information? Big red flags!!
- Expectancy of the email: Were you expecting the email? If you ever doubt that then call the person who sent it and verify.
3. Poor password management
A recent survey reports that the average person now has 27 discrete online logins. However, the same study also indicated that the average person only uses 5 different passwords. That’s music to a hacker’s ears! Hackers know that if they can just get access to one password they often have access to several systems. But how could you possibly remember all of them? Especially when they also tell us never to write them down! Best practice is to create a unique password for every login. Here are some tips to help with that process:
- Use a secure password manager: There are a number of options available out there that can securely store your usernames and passwords. Typically these are secured with one master password that you have to remember. These managers can even help you generate random passwords that are long and secure.
- Use phrases instead: The longer your password is the harder it becomes to hack. Instead of just words start using phrases. Like a line of your favorite song. They will be easier to remember and more secure.
- Never share your password with anyone: No business or entity should ever need access to your password. If you are ever asked for it, it is a scam!
Ben Miller – Systems Administrator