Ride the Lightning

Four Simple Steps to Cybersecurity: Courtesy of SANS

October 8, 2019

The October issue of the SANS "Ouch" newsletter highlights four simple steps to staying safe. Well worth reviewing for those who want advice in plain English. Hat tip to Dave Ries.

1. You are best defense – no technology can fully protect you. Attackers have learned that the easiest way to get what they want is to target you rather than your computer or other devices. If they want your password, credit card, or control of your computer, they'll attempt to trick you into giving it to them, often by creating a sense of urgency. For example, they might call you pretending to be Microsoft tech support and claim that your computer is infected, when they are just cyber criminals who want you to give them access to your computer. Or perhaps they send you an email warning that your package could not be delivered and pressuring you into clicking a link to confirm your mailing address, when they are tricking you into visiting a malicious website that will hack into your computer. Common sense is the key here.

2. Passphrases: When a site asks you to create a password, create a strong and unique passphrase instead. 14 characters or longer are recommended. IlovetheSeahawks2019! will do just fine. The longer your passphrase is, the stronger. A unique passphrase means using a different one for each device or online account. This way, if one passphrase is compromised, your other accounts and devices are still safe. Because no one can remember all those passwords, you need a password manager, which is a specialized program that securely stores all your passphrases in an encrypted format.

Enable two-factor authentication. It uses your password but also adds a second step, such as entering a code sent to your smartphone or from an app that generates the code for you. This is probably the most important step you can take to protect your online accounts, and it's easy!

3. Updating: Make sure each of your computers, mobile devices, programs, and apps is running the latest version of its software. Cyber attackers are constantly looking for new vulnerabilities in the software your devices use. When they discover vulnerabilities, they use special programs to exploit them and hack into the devices you are using. Meanwhile, the companies that created the software for these devices are hard at work fixing the vulnerabilities by releasing updates. By ensuring your computers and mobile devices install these updates promptly, you make it much harder for someone to hack you. Enable automatic updating whenever possible. This rule applies to almost any technology connected to a network, including internet-connected TVs, baby monitors, security cameras, home routers, gaming consoles and even your car.

4. Backups and recovery: If you get hacked (and there is no absolute protection), often the only way to restore all of your data is from backup. Make regular backups of any important information and verify periodically that you can restore your data from them. Most operating systems and mobile devices support automatic backups, either to external drives or to the cloud.

How hard is that? Not so hard, but people fail to follow these simple steps all the time. Time to get cracking and harden your defenses!

Sharon D. Nelson, Esq., President, Sensei Enterprises, Inc.
3975 University Drive, Suite 225|Fairfax, VA 22030
Email: Phone: 703-359-0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com
https://twitter.com/sharonnelsonesq
https://www.linkedin.com/in/sharondnelson
https://amazon.com/author/sharonnelson