As we’re entering 2020, we’re also plotting out our New Year’s resolutions. Instead of suggesting what you should do next year, however, let’s have a look at some cybersecurity mistakes you should avoid for a more secure 2020.
Denying you are a target
You’ve probably already brushed off this possibility with contempt, thinking the chances are slim to none. To quote Dwight from The Office, “False”. When it comes to the internet, you cannot anticipate if a breach will directly affect you. New malware may appear or a service that you use may get hacked and your password can be leaked. All of these are probabilities that you should be aware of, and prevention can go a long way in securing your connected presence.
Clicking on suspicious links
Receiving spam has become a part of everyday life. Sometimes it’s just a harmless ad, but every now and then it can be something more sinister. You might get an email coaxing you to click on a suspicious link to claim a prize you’ve won. Or an offer that sounds too good to pass up might appear in an ad. Whatever the case, if you have even a shred of doubt about it: avoid clicking on it at all costs. The link just may contain malware that may wreak all kinds of havoc on your computer.
Failing to patch
Is your computer nagging you for the umpteenth time to install that pesky update? Perhaps the latest patch for your smartphone’s OS has been released. You’ve probably hit the postpone button more times than you’ve snoozed your alarm. We can’t speak to your sleeping habits, but you should always keep your devices updated to the latest version of software available. It will probably save you from a headache in the long run. The infamous WannaCryptor malware spread due to devices not being patched.
Recycling your passwords
To simplify the arduous task of memorizing scores of passwords, some people resort to recycling. This means that they reuse the same password or passphrase, perhaps varying a character or two or by adding upon it. This practice should be avoided. If the bad actors figure out one of your passwords, password reuse allows them to guess the rest of your passwords.
Not using 2FA
Two-factor authentication (2FA), also known as multifactor authentication (MFA), is a simple way to add an extra layer of security to your accounts. The most common 2FA method used by popular online services is a text message with an authentication code sent to your phone. It is one of the most basic methods but use at least this one if you have no other option. If bad actors are missing one piece of the puzzle, they cannot get in until they overcome that hurdle, which might make them look for an easier challenge elsewhere.
Ignoring your router setup
When it comes to home interconnectivity, the router is the heart of your home. All your devices with an internet connection are linked to it, be it your smart TV, smartphone, personal computer or laptop. For convenience’s sake, a lot of people just go through the bare necessities when installing it or keep the default settings pre-configured by your ISP. You should always take steps to secure your router, so you can browse the internet safely.
Using unsecured public Wi-Fi
Most places like cafes, restaurants, and even shops offer complimentary Wi-Fi connections, which is a welcome alternative to using up your precious data plan. As convenient as such free connections might be, you should be careful what you connect to. An unsecured public Wi-Fi can lead to your private data being stolen or your device being hacked.
Besides using a Virtual Private Network (VPN) to connect to your work’s servers, there are other security reasons to use one in private. You can use VPNs to access your home network remotely or to limit your ISP from seeing what you are doing, or to browse safely on public Wi-Fi. Depending on what you want to do, there are various types of VPNs you can choose from to protect your communication.
Skimping on security software
The internet is a useful tool, no doubt, but to paraphrase G.R.R. Martin, it can be dark and full of terrors. Granted, this leans towards hyperbole, but you should always use reputable security software to protect your data. Clicking on the wrong link might lead to malicious code making its way to your computer. Security software provides multiple layers that can stop these threats in their tracks. Prevention is the mother of security; athletes in contact sports use mouthguards as a preventive measure because fixing their teeth is more expensive than protecting them. The same goes for your data.
Underestimating backup and encryption
If, due to some unforeseen circumstances, your computer kicks the can, having a backup comes in handy. Always back up your sensitive data and things you have been working on recently; thus, if something does happen, you can continue unhindered by the unfortunate loss of your device. The same goes for encryption. Never underestimate the value of having your data encrypted: if you get hacked, the bad actor will have a tough time getting to your data; if your device gets stolen, you have an extra layer of security in place before you remotely wipe it.
You’d think that locking your phone would be a no-brainer, but contrary to popular belief, not all people secure their smartphones with an authentication measure. According to a report by the Pew Research Center, almost a third of Americans don’t use any kind of screen lock. You should always securely lock your device, period. And by locking your device, we don’t mean half-hearted measures like an L pattern or a 1234 PIN. Optimally, use a combination of a biometric feature if possible (fingerprint or face recognition) and a password.
Using the official store
As enticing as the prospect of rooting or jailbreaking your device might sound, most manufacturers advise against it. Not without good reason: it opens your device to unnecessary risks. It also sometimes adds an unofficial app store, which isn’t as strictly monitored as official stores. Apps aren’t curated on such alternative stores, nor do they go through an approval process, which means you could download an overtly malicious app that may wreak havoc on your device. You have probably surmised that it’s best to stick to official stores to minimize the risks.
Granting apps permissions
Apps request a variety of permissions so they can work appropriately. You usually just scroll over them absentmindedly and tap accept. As convenient as that might be, you should always peruse the permission list requested by an application. If you accept them all you may be granting bad actors access to sensitive data or allowing them to scam you out of money, or even to spy on you. After all, does a flashlight app really need access to your microphone or camera?
Using security software
Most people underestimate the value of using security software to protect their smartphones, which is surprising, to say the least. The reasoning behind it may be that they still consider it to be a phone more than a pocket personal computer. Regardless of the reason, we have seen time and again that smartphones are susceptible to breaches and attacks the same way computers are. Therefore, reputable security software can spare you from a headache in the future.
Expanding on the previous tip, the better security software providers offer the nuclear option of remotely wiping your device if it is lost or stolen. As radical as the idea may sound, it is a good option to have if you store sensitive data you don’t want anyone to see. Alternatively, you may be able to set up your device to wipe itself if authentication fails a certain number of times.
Encryption, backup, and patching
One rule all of us should always follow is to back up our data. In the event you become a victim of a malicious attack that may corrupt or lock your files, at least you’ll have a backup you can use for recovery. Encryption is also a critical step you should not underestimate. Encrypting the files on your smartphone will give the bad actors a run for their money, making it harder for them to realize their malicious intent. To lower the chance of any of the mentioned things happening, you should always install the latest official updates on your device since they often contain security patches that help keep you protected.
Safe disposal of the device
You might want to pass along your device or even sell it, but that entails several steps you have to go through so that you dispose of it safely. Depending on the device, that might include anything from encrypting the drive before wiping it to logging out of all the services you use. Whatever the case, don’t underestimate the critical importance of conducting the process thoroughly so that your privacy remains intact.
Dodgy calls and phishing texts
Phishing scams take all kinds of forms and although email is the most popular conduit, by far it is not the only one. Scammers have been known to send out text messages that contain infected links that can contain all types of malware. Recently, bad actors have been engaging in more sinister attempts. You may receive calls from international numbers from countries you have never had any interaction with. By calling the number back you can be charged exorbitant prices, so if that ever happens think long and hard before calling back.
It can’t happen to me
Hopefully, you’ll never have to deal with the fallout of a security breach or of your accounts being hacked. But admitting that the possibility is always there can help you in the long run. Being prepared is by no means a bad thing. From securing your device, to having backups at the ready, or having the option to remotely wipe your device, you can reduce the damage to a minimum. If nothing happens great; if something does, you’re ready to face it head-on.
That sums up our list of 20 cybersecurity tips for 2020. We hope that these tips will help you in having a better, safer year with less to worry about and more to look forward to.
written by Amer Owaida, ESET We Live Security