Cybersecurity for Everyday Users
Introduction
Cybersecurity is both critically important and difficult to understand from the outside looking in. In the 1990s we called it Information Security and Information Assurance. Once we determined that 'cyber' was a completely separate and complex domain, we decided to change the name. Here are a few of the most common practices that cybersecurity professionals adhere to and preach to our valued customers who use our information systems everyday.
Use Strong Passwords
The first and perhaps the most obvious is to use a 'strong password' but what exactly is a strong password? A strong password is a password that is very hard to guess. There are a few criteria that must be met in order to have a strong password that again confuse the issue; use uppercase letter, use lowercase letters, use numbers, use symbols, etc. But in a world where information systems are breached daily and passwords are exposed by the tens of millions, the only reasonable way to adhere to those criteria is to have a completely 'random' password. This is much easier said than done and works extremely well if you have only one account and only one random password that you need to memorize. But what should you do if you have dozens of accounts like the rest of us?
Manage Your Passwords
Use a password manager to do the heavy lifting. With a password manager such as 1Password, Dashlane or KeePass, you can create accounts and completely random passwords quickly. You can also use the password manager to copy and paste your passwords into your login screens (with the exception of the login used to get into your computer or mobile device). If pasting your password becomes tiresome, you can use a third-party plugin or extension in most web browsers to login automatically. Chrome, Firefox, Safari and Edge support most modern password managers with a plugin or extension. Managing passwords is only one step of a multi-layer approach; you must also ensure that your system or device is updated regularly.
Enable Multi-Factor Authentication
Multi-Factor Authentication or MFA is a common security enhancement that you should enable on every account that comes with this feature. MFA comes in many forms such as a PIN number, a security question, biometrics or a One-Time Password (OTP). It is also known as 2FA (2-Factor Authentication) or U2F (Universal 2-Factor) among many other names. Consult your account service provider and support documentation in order to determine if this feature is available for your software accounts.
Update Your System
Most computers, software, hardware and mobile devices require regular updates. These come in many forms and are commonly known as 'firmware updates', 'system updates' or 'software updates'. Running these updates is critically important to maintaining a computer system because it patches any holes or bugs in the system. Outdated firmware, systems or software lead to critical weaknesses and ultimately the exposure of your personal information and data to many risks.
Browse with Caution
Using a web browser is one of the most common ways that we interact with the internet. It is also one of the easiest avenues of approach to breach your personal computer system. But before you worry too much, remember that it is relatively simple to mitigate mosts of the risks that you will find on the web. Ensure that you browse with caution by following these simple tips:
* only visit reputable websites
* do not click on links or ads
* always verify the websites that you visit
* report anything suspicious that you see to your IT department or service provider
* do not allow your web browser to execute unknown functions or programs (when faced with a choice, if you are unsure 'do not allow')
Avoid Email Scams
In a similar manner, avoid email scams with the same caution as browsing. Email phishing is very similar to actual fishing - the fisherman sets enough lures in the water and when one is hooked he reels it in. Phishing is when a fake sender sends a fake email that looks very real and it is becoming more and more common and much more sophisticated. The goal of email scams and phishing attempts is to bait the recipient into clicking on a link or entering a password or simply responding with some information. The outcome of any of these actions is generally the same - the enemy has more information or intelligence to exploit further into your personal accounts or your organization.
Understand the Basics
Many topics in cybersecurity can be left to the professionals. But many of them translate into basics for anyone that uses computers and information systems. Cryptography and encryption are a great example - many of the professionals know how to implement secure cryptographic systems. But for most of us, we simply need to know how to encrypt a file so that we can send it securely without the knowledge of 'prying eyes'. The hard conclusion, learn about the systems that you use in order to understand the fundamentals that you need to keep your accounts secure. When in doubt, consult a security professional; preferably one who greatly values your privacy and security. At Element8 we desire for your privacy and security to be just like your experience with our internet service - so easy, just like Oxygen (Atomic Element 8), you never have to think about it again.