Cyber crime has dramatically increased over the past couple of years.
We see it in the news all the time—data breaches, social engineering attacks, ransomware and other attack methods that make the hair on the back of our necks stand straight up. Victims can feel helpless and unsure of where to turn or how they could have protected themselves in the first place.
I specialize in information security and I’ve written this article to teach you how to better protect yourself in the modern online world.
Use a password manager and strong passwords
It can be difficult to track multiple passwords for multiple websites. Some people write down their logins in a book that lives in their office desk, others keep it in a note or document stored on their phone. Unfortunately, both methods are very insecure, and pose a security risk to your online identity, as they can be easily accessed by a bad actor.
Thankfully, there are several programs that exist like Bitwarden, a free-to-use program that freely hosts the source code for developers, security researchers and the community at large to read through. These programs keep track of your passwords, help you generate secure ones, and ensure that you are not utilizing the same password for two sites.
In the event of a data breach, a company may unintentionally let your information, like emails and passwords, out to an attacker, who then sells or posts it online for others to use and try.
If you share passwords with multiple sites, they can get into all the sites you frequent in addition to the breached one, as well. It is best practice to use multiple passwords that greatly differ, include capital letters, numbers and special symbols (eg: “!”) when creating a password.
Google Chrome also offers this password storing service, but many viruses will target this feature.
Turn on multi-factor authentication (MFA)
There is a saying within the information security community: “Convenience is the enemy of security.”
While it may be inconvenient to pick up your phone every time you want to log into a website, it ensures it is, in fact, you who wants to log in to the site.
Unless a thief has both physical access to your phone, as well as your account credentials for the website they are attempting to infiltrate, they will not succeed.
But there are many kinds of MFA. SMS (text messaging) is the least secure method of MFA. Instead, try to opt for Google Authenticator, available for Android or iOS or a similar service offered by a company you trust.
These apps do not store your password themselves, but rather a unique, six-digit code to enter into the website you are trying to access. Not every website offers this feature yet, but if it does, you would find the setting under your account settings on that website.
Install antivirus software on your computer
While anti-virus software cannot catch 100% of malicious programs that are floating around the internet, they do a darn good job of finding the majority of them.
There are many to choose from, with many people having a favourite they will recommend to you. Ensuring you have some form of anti-virus technology installed on your computer is crucial, and while it may slow down day-to-day operations from time to time, the benefits of having it far outweigh the cost.
Do not open attachments from unrecognized senders
A common point of entry for attackers is sending people malicious attachments through email. Over my six years in IT and incident response, I have seen actors posing as giveaways and contests), the Canada Revenue Agency, long lost friends, you name it. Always double check the address that the email came from, and think to yourself before opening it.
Ask yourself: “Was I expecting this?” If you were not expecting a picture from a friend, do not open it. If you have a notice from the “Government,” call the official number by Googling it first. Do not call a number listed in the email. Get to the bottom of things before opening an attachment on your computer. Many Word documents, pictures and PDFs can contain malware.
A common question I am asked almost daily is: “How do I know if I’ve been involved in a data breach?”
There is a free, online resource, Have I Been Pwned, that lets you search for data breaches you are involved in by email. No signup is required.
If you have been caught in a data breach, change your passwords.
If you have questions, concerns or would like to learn more, please feel free to contact me at [email protected].
Adam Johnson is a cybersecurity and IT professional living in Kelowna with extensive experience in diagnosing, repairing, maintaining and protecting computer systems in both residential and business environments.
This article is written by or on behalf of an outsourced columnist and does not necessarily reflect the views of Castanet.