On a daily basis, the global media reports a huge loss of personal data, damaged reputations, pilfered intellectual property, or millions of dollars stolen as the result of cyber incidents. An event reported in the news today will likely be eclipsed in scale or audacity in a few months’ time. Neither banks, global corporations, celebrities, nor even governments seem able to protect themselves from these digital events.
Even in an era of acute cyber awareness, we still struggle to keep our business networks and personal computers secure. And now the Internet of Things (IoT) exponentially increases our risk from hacktivists, nation states, and criminals. Today our smartTV, home security system, toaster, and heart pacemaker have a username and password. These devices increase what the security community calls the attack surface – that is, new and novel ways for intruders to hack into your life.
Yet people must communicate, statecraft must be practiced, and commerce and money must flow around the world. Adherence to a basic cyber hygiene regiment can greatly reduce cyber risk exposure. Just like exercising, eating healthy, and getting more sleep – good cyber habits are not difficult, but they must become a routine to be effective.
If you don’t do anything else to protect your digital self, do the following:
Use a new password for every account.
Why? Hackers know people reuse their passwords. So, when a hacker obtains millions of usernames and passwords he has automated tools to try these usernames and passwords against other websites such as banks, corporate networks, e-commerce sites, email providers, and social media sites. Think for a moment of the damage to be done if you use the same password for your work account and your bank account.
Create good passwords.
Why? Hackers know people create lousy passwords. “12345”, “password”, and “qwerty” are embarrassingly popular, as proven in every single theft of databases of passwords. Use at least eight (8) characters, upper and lower case and special characters. Avoid common words and short phrases, since there are hacker tools that test every permutation of dictionary words. Additionally, consider using a password manager which can help you create stronger, unique passwords and remember them for you.
Don’t open suspicious attachments or links.
Why? Technically there are numerous ways to access a computer illegally, but most of the high-profile computer breaches happen because one employee clicked on one single hyperlink in an email or website; that’s all it takes. You know the feeling when you’re not sure if the email is legit…trust your instincts.
Don’t use free public Wi-Fi.
Why? Free public Wi-Fi is not free. You pay a high price in security and privacy. Imagine your laptop screen is a stadium jumbotron. Every page you visit, every search term you type, every computer you connect to is on virtual display. Potentially, others connecting to the same free Wi-Fi can spy on your communications, access your computer’s data, or misdirect you to malicious websites that infect your computer/corporate network.
Don’t “overshare” on social media.
Why? Whether the watcher it’s a nation-state, cyber protester, or criminal, hackers have done their homework before they strike. If the hackers are targeting your corporation, details about travel, new projects, promotions, or office politics speak volumes on how to attack your organization or you. These details can be used to craft, for example, a phony human resources email with the “pay and promotion” attachment that is laced with malicious software. Moreover, our sharing across social media creates a cumulative personality profile that can be used against us or our organizations. Remember – photos of the new puppy = good. Photographic evidence, locations, and commentary on the Saturday after-game exploits = bad.
In short, the potential for reputational or financial harm to your company or personnel is pretty significant compared to the relatively small amount of effort it takes to mind your cyber behavior. Survey your personal and organizational cyber fitness, and offset a major problem down the road.
Author(s)
W. Michael Susong
Senior Vice President, Global Intelligence
W. Michael Susong is a U.S.-based Senior Vice President of Global Intelligence responsible for carrying out service delivery of Crisis24’s intelligence portfolio, risk intelligence analysis, and...
Learn More