4 Timeless Cybersecurity Rules to Live By
Cybersecurity has become an overly complicated, increasingly important part of our lives. These days, many people are concerned about their privacy; who is collecting their data, what data is being collected, how to prevent information from being stolen, how to prevent breaches, etc. Then there are the traditional threats like malware, ransomware, and phishing that are not only becoming more common place but are capable of doing more damage.
Protecting yourself isn’t simple, but there are a few time-tested rules you can live by to help fend off the threats and control your data while living in an increasingly complex world.
These rules are adapted from Brian Krebs, a reporter who has written hundreds of cybersecurity stories in the Washington Post and is an avid security blogger. We’ve added our own spin based on our experience with working with Virginia businesses over the years.
If You Don’t Need It, or Didn’t Ask for It, Don’t Click It
Malware and other cybersecurity threats often start with an end-user doing something to get infected. Thanks to the efforts of Microsoft and security software developers, an idle computer sitting in the corner of an office at night is much less likely to be breached than a computer that a user is sitting at and actively using. Cybercriminals understand this, and they use tactics to trick users into allowing malicious software to get installed.
For instance, most malware today is distributed through email attacks, where a legitimate-looking email comes in with an innocent-looking attachment that requires the user to click on to infect the computer. Other threats come in through installing bad applications that come bundled with malware. Remember a few years ago when browser toolbars would often get installed and slow down your computer or start manipulating how your browser worked?
While some of these threats are slowly getting weaned out of existence because the software, we generally use is getting smarter or at the very least, more security-minded, the threats are still out there. Visiting the wrong website could lead to a scareware popup stating that your computer is infected. This popup might look exactly like your antivirus, and you might make the snap-decision to install malware just because it looked legitimate and urgent. It’s really all about being aware and thinking before you click, or immediately contacting your trusted IT support before you risk being breached.
If You Did Need It, Keep It Updated
Almost all software receives occasional updates from the developer. These updates might include new features, fix bugs and compatibility issues, make the software run faster or more effectively, or patch vulnerabilities.
I know a lot of us also get that tinge of paranoia when we learn that something we use every day has been changed. For example, when my Gmail app on my smartphone updated and moved the setting to switch inboxes from the top left of the screen to the top right, it really upset my flow. It sounds small and stupid, but it has been several months, and my thumb is still not accustomed to going in that direction when I want to switch between my accounts!
Updates are a fact of life though, and while some software updates may seem frivolous or downright annoying, much of the time there is also a security aspect that cannot be ignored.
Cybercriminals are constantly looking to exploit software vulnerabilities; and, if they can find a way to break into hundreds of thousands, or millions, of computers through a vulnerability in an application, that’s payday for them. They might not know about a vulnerability until the developer releases an update for that vulnerability, but hackers also know that most people don’t run their updates right away. This opens up a window of time where they can take advantage of a security flaw, and the longer you ignore your software updates, the riskier it gets.
This rule, like the first, applies to literally every single device you own. Your desktop, your laptop, both PC and Mac, your smartphone and tablet, your Kindle, your Switch/Playstation/Xbox, your smart appliances, and everything else that connects to the Internet. Fortunately, a lot of devices these days automatically pull their updates, but it’s always important to understand that failing to keep your Internet-connected devices updated will lead to security breaches.
If You Don’t Need It, Get Rid of It
Want to avoid having to run updates for an application or device that you don’t use anymore? Just remove it from the equation. If you installed some software to edit a particular type of file for a project and don’t need it anymore, uninstall it. If you have an old tablet you keep plugged in that you haven’t used in six months, check it and run the updates or shut it down and take it off of your network.
Remember, every single thing you put on your network; whether it be a device like a computer, printer, or smartphone, or software on one of those devices, needs to be kept updated and secure. The more you have, the more overhead there is. Simplify your life and dial back. You’ll likely find there is a lot of stuff you’ll absolutely need to have as it is, but there is likely a lot of clutter you can remove.
Of course, you don’t want to remove anything that is actually actively keeping your network and files safe, so you’ll need to evaluate and audit things carefully, which leads to the next point.
Audit Your Technology Regularly, and Keep Additions/Removals/Changes Documented
Chances are you’ve made a lot of decisions over the last few years that you don’t remember making. We make decisions every day that are, in the long run, inconsequential and forgettable. This morning I had a bagel - I don’t normally have a bagel but we had blueberry bagels and I can’t say no to blueberries… the point is, in six months, I am not going to remember this bagel. I won’t even remember capturing this historical bagel moment on this blog post. The same goes for that snap decision to install a free application that lets you edit GIF files. In 6 months, you won’t remember that it is sitting there on your computer, and possibly increasing your chances that a threat might get in.
The same goes for the hardware on your network, the settings on your server, and even the security permissions for your online accounts, such as bank accounts, email, and social media. Taking time every few months to audit everything is crucial, because a simple inconsequential adjustment can come back to bite you later.
If you stick with these four golden rules, you can prevent a lot of headaches later, and these rules have proven to withstand the test of time, and probably will continue to for a long, long time. That doesn’t mean they are the end-all-be-all of protecting yourself and your business from online threats. For more help locking down your business and preventing cyberattacks, reach out to Ciracom at (703) 621-3900.
You can also check out the blog of Brian Krebs at krebsonsecurity.com, and for more IT security news and resources, be sure to follow our blog.