October is National Cyber Security Awareness Month, which was created to bring awareness to the growing cyber security threats that plague modern society. Since the evolution of the internet, almost every bit of information about us is strewn across the web, from our social curiosities, to our financial situations, all the way to our health records. Whether you like it or not you are being tracked, mapped, and monetized every time you use the internet (unless you are using a VPN which will be discussed below). With every click of your mouse and every stroke of your keyboard a virtual “you” is being stored. So with all of this information about you frolicking around the internet, what keeps you safe? Personal and commercial cyber security.
Cyber security awareness is aimed at strengthening the weakest link in the security chain: humans. No matter commercial or personal, one single human error can jeopardize important data and lead to catastrophic results. Does catastrophic seem too intense of a word to you? Jeopardizing your personal information can ruin almost every aspect of your life, from your financial security to social security. Once on the internet or the “dark web” your information can never be fully withdrawn, remaining forever and simply sold to the highest bidder or leaked to the lowest scumbag who aims to drain your accounts and steal your identity. This problem can be exponentially worse when an employee of a company falls victim to a cyber attack which leaks not just one person’s information but thousands of people’s information at once, such as the Equifax hack last year which exposed the Social Security Numbers, birth dates, addresses, and in some cases drivers’ license numbers of 143 million consumers.
It’s not all doom and gloom though! Fortunately not all who roam the internet are here to steal your information, some are here to protect you from the cyber security threats of the world. We’d like to share not only the 7 best tips to protect you on the web but also the reasons and technicalities behind each tip. We’ll give you an overview of each tip and how to utilize them as threats evolve.
Tip #1: Never Forget You’re a Target
Be aware that you will always will be a target for hackers.
This is extremely important to understand because far too often people don’t see themselves as targets which leads to unsuspecting victims and people letting down their guard. You must always stay vigilant in order to protect yourself and your information.
How serious is this problem? Here are a couple alarming statistics that you may have been unaware of.
- Since 2013 there are 3,809,448 records stolen from data breaches every day, which translates to, 158,727 per hour, 2,645 per minute and 44 every second of every day.
- In 2017 alone, nearly 158 million social security numbers were exposed from various breaches.
- The global cost of cybercrime has now reached as much as $600 billion.
- Unfilled cyber security jobs worldwide will reach 3.5 million by 2021.(Interested in becoming part of the solution? Check out our blog about starting a career in IT with certifications here.)
Tip #2: Create Strong Passwords
Your first line of defense is creating strong, memorable passwords. In other words, passwords that are hard for humans and COMPUTERS to guess but also easy for you to remember.
One of my favorite ways to do this is to use a “passphrase,” demonstrated in the comic below from xkcd.
The quote, “Through 20 years of effort, we’ve successfully trained everyone to use passwords that are hard for humans to remember, but easy for computers to guess,” could not be more true.
The simplest way to make a highly secure password is come up with an uncommon phrase that is unique to you and, like the comic shows, add a memorable twist. This twist can be an odd response, capital letter, or unexpected number, whatever you choose, be sure that it is also easy to remember.
For example: Say you really like fig newtons, your phrase can be “fig newtons taste figgy.” As goofy as that sounds it would actually take hundreds of years to crack and scores a 100% on strength.
You can use tools like OnlineDomainTools to see how strong your password is.
Tip #3: Manage Your Passwords
Once you have created a strong password the next part of your defense is password management.
Password management is being able to manage user passwords from one centralized location (not all on a sticky note). I will lay out three different strategies for password management. Password management is not a one size fits all, so choose the one that makes sense for you. The goal is to make the password management task as simple and secure for you and your specific situation.
Option A: Use a Password Management Site
One option is to use a password management site like LastPass. Sites like this allow you to store all of your passwords in one central location that can be accessed by a single password or as recommended a “passphrase.” This master password is to be stored in only one place: your brain.
LastPass passwords will be stored as keys on each site that you register in your password bank. Once you store your passwords you will then download a browser extension for the management service you chose. This allows the manager to auto populate your password on sites automatically and away from the prying eyes of hackers.
Pro Mini Tip: For ultimate password security you can use a site like Secure Password Generator to create rand
om, strong, and unique passwords for every site you use, store them in the password manager, and only use the “passphrase” password for the manager.
Option B: Use a Secure Spreadsheet
If a password manager isn’t your style, you can create your own password bank on Google Docs on a spreadsheet. This is actually a very secure way to store your passwords because Google can require two-factor authentication when logging in from a new device. This two-factor (2FA) or multi-factor authentication (MFA) adds another layer of security to your login by requiring another verification step on top of a password. For example: you may receive a text with a pass code that you would then enter on the website.
Similar to the recommendation above, use the password generator for all the sites except Google, where you’d use a hard to crack “passphrase” password.
Pro Mini Tip: Store your spreadsheet with
a name other than “Passwords.”
Option C: Use a USB Security Key
If you don’t want to fiddle with password management sites or password generators, a USB key like Google’s
Titan Security Key is for you.It adds another layer of security to whatever site you are logging into, creating a MFA (Multi-factor authentication) which is much more secure. Not only is it much more secure but you actually need to have the key with you for access. Note: Not all websites let you use these keys.
Pro Mini Tip: Get a backup key. Once you lose a key it’s toast, so have a backup.
Tip #4: Beware of Phishing Attacks
Phishing attacks are when the attacker tries to get you to take an action that will jeopardize your information. They may get you to click on a fake website to steal you logins credentials or get you to download malicious software through an email attachment or website.
If you ever click on a link that takes you directly to a login page make sure and check the URL. It’s important to understand what to look for in a URL to make sure you are on the correct site.
You want to make sure the domain name is correct and followed by the top-level domain and then followed by the file path. If there are any additions to the original domain name, you are on the wrong page and should close it immediately. See the examples below.
In the image below you can see that this is the authentic. It has facebook.com, followed by the top-level domain, directly followed by a file path.
In this other image you can see that twitter website has been forged. Even though twitter.com is the real domain name for Twitter, the actual ending domain for this phish is all09.info.
The phishing pages may look legitimate but it is always safer close everything out, open a new window, type in the URL that is confirmed to be legitimate, and then log in.
You can test your skills at spotting a phishing websites here.
Some other warning signs that you might be on a phishing page are: misspelled words, old landing pages and unfamiliar looking pages.
Pro mini tip: When entering private information, make sure that the URL starts with HTTPS. HTTP stands for Hypertext Transfer Protocol and the “s” stands for secure. When the “s” is present that means all communications between your browser and the website are encrypted.
Tip #5: Be Careful on Public Networks
Not all networks are created equal, especially public networks. The information going to and from your device can be easily intercepted by others using the network. Find out more about public networks and their risks in this short video from the FTC.
Sometimes public networks are your only choice, especially while traveling. If you need to log on to a public network be sure to avoid banking websites and other websites that contain extremely sensitive information. Or, if you have to use a public network, secure your information by using a VPN as discussed in the next tip.
Tip #6: Use a VPN (Virtual Private Network)
A VPN is a service that lets you access the web privately and safely. It does this by routing your connection through a VPN server that protects your identity and location, and encrypts transferred data.
The destination website sees that the information is coming from a VPN and shows the VPN’s location, not the user’s IP address and location. VPNs use encryption protocols and secure tunneling techniques to encapsulate all online data transfers. They also involve integrity checks that ensure that no data is lost and that the connection has not been hijacked.
How do you implement a VPN? It’s actually very simple. There are multiple providers and just like any business there are pros and cons for each. Luckily there is a website that has tested the top VPNs and ranked them based on various factors; you can see the list here.
Tip #7: Utilize Antivirus Software
Make sure that you have an antivirus program and that it is up to date.
Antivirus software is a program or set of programs that are designed to prevent, detect, and remove viruses, and malicious software like worms, trojans, adware, and more. These terms can me consolidated under the term “malware.”
Similar to phishing, malware is something that you want to do everything you can to avoid. Malware can steal your information, delete your information, hold your information for ransom, track everything you do on your device, and even hijack your webcam; all of this without you even knowing.
How do you know if your device is infected with malware? Besides having an antivirus program that detects malware, here are some common signs that your device might be infected.
- Unfamiliar icons displayed on your desktop
- Frequent computer crashes
- Internet traffic increases without any user action
- Popup ads start showing up everywhere
- Your browser keeps redirecting you
- Ransom demands
- System tools are disabled
- Unsolicited messages and posts start showing up on your social media/email
- Files start disappearing
- Your computer storage fills up without you adding any additional files
The reasons for these warning signs range from the malware using your computer to solicit ad money, to hijacking your computer’s resources, to phishing your information, all the way to directly requesting ransom money from you to get your information back.
With over 350,000 new malicious programs (malware) detected every day, it is important to have an up to date antivirus program. Antivirus companies are constantly updating software to combat the growing number of malware threats so you don’t have to.
When it comes down to it, cyber security, both personal and commercial, can be boiled down into preemptive and proactive decisions in order to protect your information as best as possible. These 7 tips were designed to give you a leg up on current threats and hopefully help prepare you for future threats. In any case it is important to remain vigilant while connected to the world wide web and implement as many as these safety techniques as possible. As the web evolves so will the threats that challenge its very integrity. The more individuals that are educated on basic cyber security techniques the better chance we have at protecting this vital tool on which we rely on every day.
Are you interested in joining the workforce and industry that actually combats online threats? From professional hackers, to infrastructure management, to entry level support positions, LeaderQuest can help you break into this industry in as swiftly as three months. This includes training, certifications, and employment services, all with goal of getting you a job as quickly as possible with the proper knowledge and skills to propel your future career for years to come.
The best part is that you can do this all around your schedule with a world class team at your back.
With an estimated shortage of 3.5 million cyber security positions by 2021, this industry offers unparalleled growth opportunity in combination with exceptional salaries. If you are thinking about a career change or are looking to start a career check out our Computer User Support Specialist program. It is designed specifically with entry level candidates in mind and helps you develop the skills that employers are looking for. Computer User Support specialists on average are making $52,810 according to the Bureau of Labor Statistics.
Want to talk to someone and see if a career in IT and Cyber Security is right for you? Click the button below and be contacted by a Career Advisor to discuss your future!GET STARTED