If you believe cybercrime is something that only happens to businesses and “other people,” now is a good time to reboot your attitude.
According to the Cybersecurity and Infrastructure Security Agency (CISA), one in three homes with computers are infected with malicious software, and 47 percent of American adults have had their personal information exposed by cyber criminals.
“Most people don’t fully understand the gravity of the situation,” says Dave Lewis, Global Advisory CISO at Cisco. “They think that security people are running round with their hair on fire, but the reality is everyone is a target of opportunity for an attacker.”
Here are 5 steps that can help you stay safe in a world of rising cybercrime.
1. Mind your passwords
You’ve heard it before—don’t reuse the same passwords for different sites. If you do, you’re making the attacker’s job easier, even if your passwords are strong. A hacker could break into a website, steal your username and password, and run those credentials against other websites to get even more of your information.
But, you say, how do I remember dozens of different passwords? A simple solution is to write them down. Don’t write them on a sticky note on your computer monitor. Store them in a digital password manager or record them in a file that you keep in a safe place. That way you don’t have to commit them to memory.
2. Use multi-factor authentication
Passwords need to be paired with multi-factor authentication (MFA) to create an effective security control. A password is like a house key. You can use it to lock your door and protect your possessions, but if it falls into the wrong hands you could wind up losing your valuables. That’s because a key—a password—does nothing to validate who comes through your door.
That’s where MFA comes in. It’s an authentication mechanism that grant you access to 1a website or application only after you successfully present two or more pieces of evidence, such as a PIN number or a device such as a cell phone. Today, most websites allow you to enroll in some form of MFA for better security.
3. Turn on automatic updates
Enabling automatic updates is an easy way to reduce your exposure to cyberattacks and can be done with a few clicks on your Mac or Windows machine. In most cases this is true for Linux machines too. When a security vulnerability is announced, there’s often a very short window before a cybercriminal cooks up an exploit to take advantage of it. Enabling automatic updates, or patches, ensures your system is always running the latest versions of software.
Be sure to do this not only for your operating system, but especially for your browsers (Safari, Chrome, Firefox, Edge, etc.). Most of our internet activity—for work, email, shopping, banking, and so on—is done via browsers. And browsers are a favorite target of cybercriminals.
4. Be skeptical
According to author and journalist Malcolm Gladwell, human beings are wired to trust by default. In the online world, this can land you in a world of pain. Phishing scammers rely on your trust when they email you a link or attachment to click on a bad link. Bad actors rely on it when they impersonate a tech support person or IRS agent on the phone to extract information from you. Still others rely on it when they invite you to fill out a survey in exchange for a $200 gift card. In many of those circumstances, they may intend to catch you off-guard with a sense of urgency. In all these situations, it pays to be skeptical.
The same is true in some situations in the offline world. If you’re out in public or traveling, an attacker can stand near you and scan your RFID-enabled credit cards, eavesdrop on a phone call in which you give your credit card information, or even glean information about you from your baggage tags. In such cases, you can reduce your risk of cyberattack by sharpening your situational awareness and exercising a degree of skepticism about the intentions of people around you.
5. Ask questions
Often we don’t ask questions because we’re too trusting or too embarrassed. But asking questions is how we learn and take control. For example, if you don’t know how to set up MFA or how to turn on automatic updates, ask someone who does. It could be a security practitioner at work or a tech-savvy friend or family member.
For security practitioners, a helpful practice is to empower people and peers to ask questions. It’s easy to get impatient and frustrated with those who are less tech-savvy, but it’s precisely this behavior that makes some users reluctant to speak up. Instead of chastising users for their security faux pas, start the conversation with them and try to tap into their innate curiosity.
These five measures will help reduce your risk of exposure, even at a time when the bad guys are pulling out all the stops to make you a cyberattack statistic.