Tis the Season for Cyber Theft
It’s that time of year again when e commerce activity peaks to help subsidize the Santa wish lists for all the good little boys and girls. Along with that activity comes the opportunity for malicious activity. To help keep security on the forefront of everyone’s mind, I’ve decided to make a short list of things we should all be doing as a minimum to keep safe in the cyber world.
- I’m not a fan of frequent password changes, as I think it can sometime create more problems with forgotten passwords or bad security practices (such as writing passwords down on sticky notes) than it’s worth. I will recommend though, that you keep up with the news and change your password if you are alerted to a breach. Case in point, Yahoo announced earlier this month that a billion (with a “B”) accounts were hacked in addition to the hacks brought to light earlier this year. If you have a Yahoo account, I’d definitely suggest changing that password.
- Speaking of passwords, start thinking outside the box and use easy to remember phrases with special characters instead of a single complex word. Another great practice is to use different passwords for each website. This can become a hassle to remember so I’d recommend a password manager if you take this route. Pwsafe and LastPass are two that I’ve used in the past.
- Keep all your digital assets patched! This is arguably the best defense to common exploits and viruses. When you get the popups from Windows or installed applications asking you if you would like to install the latest version, don’t put it on a hold for the perfect time. Hint, there is no perfect time. Patch, patch, patch.
- For corporate assets you will likely be provided some kind of end point security. For your home devices, it’s typically up to you to maintain the security. There are plenty of good free products as well as paid anti-virus/antimalware suites. I would suggest that you do your own research here as I feel which product is best can be somewhat of a toss-up.
- The holiday season has a way of changing our browsing habits. When looking online for that obscure gift that no box store is likely to carry, be wary of landing on less-than-legit websites. If you do end up at one of these sites, be sure not to click on any of the popups. I’d suggest closing the browser vs. trying to back your way out to avoid the redirect loop that can sometimes happen. You can install mywot browser add-on which helps identify good vs. malicious web pages from crowd sourced data.
- Be extra vigilant when entering credit card information. At a minimum be sure any webpage that requests your personal or financial data is encrypted. Look for https: instead of http: and the lock favicon. This isn’t a foolproof plan to ensuring encryption but it’s certainly a step in the right direction. A little common sense goes a long way here. If a website seems shady in any sense, don’t test your luck. Identity theft is no joke and isn’t something you should take lightly.
- Lastly, email seems to be an ever increasing target for the bad guys. Payloads are typically sent via embedded links or attachments. If you weren’t expecting an email from the sender be very skeptical of links or attachments. For links, hover your mouse over all links before clicking to investigate where the url will send you once clicked. Again, common sense goes a long way here. Don’t click it or open the attachment if your gut says ‘something isn’t right.’
With that being said, I hope everyone had a Merry Christmas, Happy holidays, and has a great, safe New Year!
Jeremy has built his career around protecting assets in the most critical IT sectors.