How To Improve Your Cyber Security
As more and more of our life goes digital, a common concern we hear from our clients and colleagues is cybersecurity and how to keep your information safe online. As part of our commitment to helping you protect the things that matter most to you, we recently caught up with cybersecurity expert Jake Gord to understand what steps you can take to enhance the security of your digital footprint in both your personal and professional lives.
According to Gord, founder of Junto Services and cybersecurity advisor to organizations including SAP, Collective[i], the U.S. Army and the U.S. Marines, cybersecurity is just as important for individuals and small businesses as it is for large corporations. In fact, Gord noted that 43% of cyberattacks target individuals and small businesses, and at least one new cyber attack is attempted every 2 seconds.
The good news is there are a number of steps you can take immediately to protect yourself and your business from a cyber-related attack. Read on for Gord’s guidance on common cybersecurity risks as well as his top tips for steps you can take today to enhance your security at home and at work.
COMMON CYBERSECURITY RISKS
Phishing is a fraudulent email that involves the misrepresentation of the sender or the reason for contact with the goal of receiving personal or confidential information from the recipient (i.e. account numbers, passwords, credit card numbers). For example, this could be a fraudulent email pretending to be Amazon claiming that your account has been put on hold.
You can oftentimes spot phishing emails due to the poor grammar used, formatting of email headers, or alerts from your email provider noting that this email is from someone outside of your organization or contacts. It’s also important to look at the email address the message is coming from as senders can manipulate the “From” field that appears in the email. Be sure to click the “From” field to expose the actual email address and domain the email came from. If you are not familiar with the email address or domain, it’s best to avoid clicking on, downloading, or forwarding the message.
Note: You can also receive a phishing text (also known as Smishing) from someone who is claiming to be from someone you know. This is especially common with texts claiming to be providing shipping updates or tracking information. Gord advises not clicking on these texts and instead going straight to the providers website to check your status.
Http:// vs. Https://
Have you ever wondered why some web addresses start with “http://” while others start with “https://”? The added “s” in the URL actually means that you are visiting a secure website. Reputable sites should always begin with “https://”. If a website does not have “s” in it’s URL and is unencrypted, there is a good chance the site could be malicious. Gord recommends always checking the URL address of websites you visit before you engage with any content on the site.
IoT or “Internet of Things” devices such as Ring doorbells, routers, smart TV’s, and Alexa are common targets for cyber attacks. These devices usually come with a default password making it easy for cyber attackers to access your device and your information. Gord advises the first thing you do when you purchase one of these devices is to change the default password to a custom, secure password. Gord also advises changing your router password on a regular basis as a means of further enhancing your security.
When you travel, you’re exposed to a number of new threats. Gord recommends avoiding the use of public wifi networks and charging ports as use of these shared spaces can allow cyber attackers to access your device and the information on it. Instead, Gord recommends using your mobile Wifi hotspot. You can also purchase and use a charging port detector, which will notify you if a charging port you want to use engages in data transmission - in which case, it is not a safe port to use.
While QR codes have gained popularity over the past decade, the risk of cyber-related QR code attacks has as well. QR codes can be used to direct your device to malware or inappropriate websites. From Gord’s perspective, the risk of QR codes far outweighs the benefits of using them. As a result, he recommends avoiding scanning of unknown QR codes.
STEPS YOU CAN TAKE TO ENHANCE YOUR SECURITY TODAY
Use a Password Manager
One of the most important steps you can take to improve your cyber security is to make sure your passwords are complex, using a combination of letters, numbers, and symbols. Gord advises using a different username and password for each of your accounts, including any financial accounts you have.
Using a password manager can help you generate strong passwords automatically and store the information across devices. Password managers will also alert you if one of your accounts is found in a data breach, allowing you to change your password immediately to protect yourself. Recommended password managers include LastPass, 1Password, or Microsoft BitLocker.
Enable Two-Factor Authentication
Two-factor authentication is a method for gaining access to a system in which a user must successfully present two or more pieces of evidence to authorize access. You should be able to enable two-factor authentication across most of your accounts, including your financial institutions. For added protection, Jake recommends installing an authenticator app, such as Duo Mobile or Okta, on your device, which helps reduce the risk of authentication codes being intercepted. If you are a business owner, Jake recommends taking this one step further and investing in a hardware device, such as YubiKey, to serve as your authentication method.
Ensure Your Operating System & Antivirus Programs Are Updated Regularly
Another easy step you can take to enhance your protection is to make sure the operating system of your computers, tablets, and phones are up-to-date and that your antivirus programming is updated. Gord recommends putting all of your devices on an automatic update schedule, which means your device will be updated as soon as your operating system (Mac, Windows) makes new updates available. This ensures you’ll never be out of date with the latest security measures available.
Use an Ad Blocker
Gord notes that even legitimate websites can have malicious AdCode installed. To combat this, Gord recommended using AdBlockers such as UBlock, Origin, and AdBlock to help stop malicious tracking and scripts from executing on websites. Not only will it reduce the number of ads you are served, but it is an added layer of protection against cyber criminals.
While cyber attacks are a growing threat, Gord advises that you can greatly reduce your risk of attack using the strategies above.
About Jake Gord & Juntos Services
Jake Gord is a cybersecurity expert and founder of Juntos Services, a security consultancy committed to making lives easier and helping companies grow by connecting clients with best-in-class security posture solutions. Jake has over 8 years experience supporting businesses of all sizes and in every industry, including SAP, Collective[i], the U.S. Army and the U.S. Marines.