At Hg, we take cybersecurity seriously, and we hope you will too. It’s our shared responsibility as Americans and citizens of our globalized world. October marks the month that we all heed cautions and update cyber security settings. But it’s important to be vigilant every month of the year.
While all of us working in cyber intelligence and cybersecurity put our clients’ cybersecurity needs at the forefront of our work, we would be lax not to urge all individuals to consider the importance of protecting yourself and loved ones when you are on the Internet. This includes what you post on social media, who sees your posts, and what personal data you share with other apps via Facebook, Instagram, and other platforms. This includes scrutinizing all emails you receive from unknown persons and entities, particularly if they are requesting that you send money. This includes running anti-virus scans on your PCs to prevent malware from hijacking your computer and personal information. This includes choosing passwords for online sites that only you would be able to know. And, finally, this includes protecting and securing your medical and health information when using your smartphone.
In an effort to help educate the public during the 16th Annual National Cybersecurity Awareness Month, we are disseminating these top tips developed by the U.S. Department of Homeland Security and the National Cyber Security Alliance:
—-> There are three categories of credentials: something you either know, have, or are.
Double your login protection. Enable multi-factor authentication (MFA) to ensure that the only person who has access to your account is you. Use it for email, banking, social media, and any other service that requires logging in. If MFA is an option, enable it by using a trusted mobile device, such as your smartphone, an authenticator app, or a secure token—a small physical device that can hook onto your key ring. Read the Multi-Factor Authentication (MFA) How-to-Guide for more information.
—-> Use phonetic replacements, such as “PH” instead of “F”. Or make deliberate, but obvious misspellings, such as “enjin” instead of “engine.”
Shake up your password protocol. According to National Institute for Standards and Technology (NIST) guidance, you should consider using the longest password or passphrase permissible. Get creative and customize your standard password for different sites, which can prevent cybercriminals from gaining access to these accounts and protect you in the event of a breach. Use password managers to generate and remember different, complex passwords for each of your accounts. Read the Creating a Password Tip Sheet for more information.
—-> From the top leadership to the newest employee, cybersecurity requires the vigilance of everyone to keep data, customers, and capital safe and secure.
If you connect, you must protect. Whether it’s your computer, smartphone, game device, or other network devices, the best defense against viruses and malware is to update to the latest security software, web browser, and operating systems. Sign up for automatic updates, if you can, and protect your devices with antivirus software. Read 5 Ways to Be Secure at Work.
—-> “Our records indicate that your account was overcharged. You must call us within 7 days to receive your refund.”
Play hard to get with strangers. Cybercriminals use phishing tactics, hoping to fool their victims. If you’re unsure who an email is from—even if the details appear accurate— or if the email looks “phishy,” do not respond and do not click on any links or attachments found in that email. When available use the “junk” or “block” option to no longer receive messages from a particular sender. Read the Phishing Tip Sheet for more information.
—-> Work with your social media platform to report and possibly block harassing users. Report an incident if you’ve been a victim of cybercrime. Local and national authorities are ready to assist you.
Never click and tell. Limit what information you post on social media—from personal addresses to where you like to grab coffee. What many people don’t realize is that these seemingly random details are all criminals need to know to target you, your loved ones, and your physical belongings—online and in the physical world. Keep Social Security numbers, account numbers, and passwords private, as well as specific information about yourself, such as your full name, address, birthday, and even vacation plans. Disable location services that allow anyone to see where you are – and where you aren’t – at any given time. Read the Social Media Cybersecurity Tip Sheet for more information.
—-> With more connected “things” entering our homes and our workplaces each day, it is important that everyone knows how to secure their digital lives.
Keep tabs on your apps. Most connected appliances, toys, and devices are supported by a mobile application. Your mobile device could be filled with suspicious apps running in the background or using default permissions you never realized you approved—gathering your personal information without your knowledge while also putting your identity and privacy at risk. Check your app permissions and use the “rule of least privilege” to delete what you don’t need or no longer use. Learn to just say “no” to privilege requests that don’t make sense. Only download apps from trusted vendors and sources. Read the Internet of Things Tip Sheet for more information.
—-> If you discover that you have become a victim of cybercrime, immediately notify authorities to file a complaint. Keep and record all evidence of the incident and its suspected source.
Stay protected while connected. Before you connect to any public wireless hotspot – like at an airport, hotel, or café – be sure to confirm the name of the network and exact login procedures with appropriate staff to ensure that the network is legitimate. If you do use an unsecured public access point, practice good Internet hygiene by avoiding sensitive activities (e.g., banking) that require passwords or credit cards. Your personal hotspot is often a safer alternative to free Wi-Fi. Only use sites that begin with “https://” when online shopping or banking. Read the Identity Theft and Internet Scams Tip Sheet for more information.