Cybersecurity: Seven Easy Steps to Protect Ourselves

At our annual PFS Client Dinner last week, we had the pleasure of hearing Steve Ryder, President of True North Networks, discuss cybersecurity threats and what we can do to protect ourselves.  Whether the cybersecurity breach leads to identity theft, a compromise of credit card or banking information, or direct extortion or loss of data, resolving the situation often involves a significant loss of time, money, or both. Fortunately, there are many actions that we can take to help protect ourselves in our everyday use of technology.  These actions may involve a small sacrifice of time and convenience, but cybersecurity is an issue that is worth taking seriously considering the magnitude of data breaches in the United States in recent years (over 6 billion data records stolen since 2013) and the possible consequences.

Steve Ryder had many suggestions for how to improve cybersecurity in personal and professional settings, but here are seven action items that he recommended, which do not require much time or technological savvy:

1. Use strong passwords. Ideally, a password should be both lengthy and complex. Many websites require the use of uppercase and lowercase letters, numbers, and symbols, which are important criteria in thwarting hackers. However, recent studies have shown that using passphrases (19 characters or more) significantly boosts the security of a password as well. As most internet users know, you should also have a unique password for each log on. How is that possible when the average American has to remember several dozen passwords? Steve recommends using a password manager (e.g. LastPass, KeePass, DashLane) and having the password for your password manager account be the most lengthy and complex password of all (which you commit to memory). Alternatively, you could have a written or printed list of passwords near your computer— just be sure to always keep it in a locked drawer when not in use.
2. Use two-factor authentication whenever possible. For those unfamiliar with this term, it refers to when a website sends a unique temporary code via email or text to verify your identity, in addition to your regular log on credentials (username and password). It is possible for a hacker to compromise your email and/or cell phone in addition to stealing your username and password for an online account, but it is much more difficult, so two-factor authentication will thwart most hackers trying to access your account.
3. Protect your home network and beware of public wifi.  Be careful about all of the devices—refrigerators, thermostats, security cameras, and other “things” that might be connected to the network in your home.  Make sure that you change the default password on your router and any new connected devices, that you password-protect your wireless network, and that you use the latest encryption on your network.  When using public wifi, watch out for phony network names and avoid accessing any sensitive website or apps (e.g. banking websites).  A safer option is to use your smartphone as an internet hotspot and connect any other devices to that hotspot instead, even though it will use up some of your data.
4. Freeze your credit. Since September 2018, you can now freeze your credit for free with the three major credit reporting agencies—Experian, Equifax, and Transunion.  A credit freeze inhibits someone who has obtained your personal information from opening new accounts in your name. The only catch is that you need to lift the freeze for all three agencies if you are applying for a car loan, mortgage, new credit card, etc. According to the Federal Trade Commission though, requests to lift a credit freeze should be completed within an hour if made by phone or online.  (For more information, we wrote a blog on this topic a few years ago—back when credit freezes were not free.)
5. Educate yourself to recognize phishing emails and other common threats. Hackers frequently use legitimate-looking emails to trick you into revealing some information or taking some action. However, there are often clues within the email, if you look carefully. You should be suspicious of emails that come from an unknown source and/or reference an unknown subject, especially if they are trying to compel you to open an attachment or click on a link. Check the “to” and “from” fields to see if you recognize the sender and the other recipients. Check for any grammar or spelling errors. Hover your mouse over a link to check whether the link destination actually matches what is written in the email. If you are wondering if an email from a company or a friend is legitimate, go directly to the company’s website from your own browser or call the friend to see if you can corroborate the email through other means. There are free programs to help educate yourself on potential threats through StopThinkConnect, OnGuardOnline, SANS, and StaySafeOnline.
6. Back up your data regularly. Steve recommends using an automated program, which will back up your data frequently whether or not you remember to do so.  Such programs can back up data regularly to an external drive or to the cloud (e.g. Backblaze).  If you do use an external drive to back up your data, set reminders so that you complete the task regularly. Also, be sure to disconnect the external drive from your computer in between back-ups. Otherwise, a hacker could also encrypt your external drive in the case of an attack.
7. Run updates when available.  The purpose of updates for software, apps, and operating systems often includes security patches to address problems or potential vulnerabilities.  Do not delay in running updates— or set your computer to update automatically whenever possible.

October is National Cybersecurity Awareness Month!  Take the last couple weeks of October to check off all of the items on this list, so that your accounts and personal information will be more secure from cyberattacks.