With so many recent high profile corporate data breaches, the topic of cyber security has never been more important. Shara Evans, popular global futurist speaker and cyber attack expert shares some invaluable tips to keep you and your business more secure from cyber threats.
Security: Install basic IT security on computing devices such as anti-virus, malware checkers, ransomware checkers, VPN, firewall/s (though not possible to setup on everything that connects to the net like perhaps your TV or fridge).
Passwords: Use different passwords for every website and app. Make them long and complex – upper + lower case letters, numbers, special characters + save your passwords in an encrypted password vault.
Log ins: Be sure to change device default login details (username and password)!
Authentication: use multi-factor authentication whenever possible (ex: logging into a secure bank portal that requires that you to provide an authentication code that’s sent to you via text or email or requires a SecureID token number) – if you suspect a portal has been compromised, change your password on that portal right away!
Email addresses: use multiple email addresses. If you own a domain, it’s easy to set up an email alias (“forwarder”) that names a specific site or type of activity. If compromised you can then disable an email alias address without impacting everything that you do. And, it will help you to identify the source of the leak. You can also use different email addresses from free providers, but you’ll need to check multiple email accounts.
Credit report: check your credit reports for signs of fraudulent activity – or wrong info.
ID Protection: sign up for a credit / ID protection plan and put in place credit report bans if you have reason to suspect that your ID is compromised.
Hyperlinks: NEVER click on text or email hyperlinks that you don’t absolutely know are legit. Lots of people get in trouble this way. Check a compressed link by copying it and entering it into the SEARCH BAR (not top of web search page) on DuckDuckGo or other privacy-oriented search engines to see what shows up. If it’s malware, you may see a notice. At the very least, check if the source domain seems suspicious, in which case don’t click it! Look out for little details, such as slight website domain mis-spelling.
Website portals: when uploading any sensitive info to a website portal check for the lock icon (https) – this means that your data is encrypted “in transit” when its uploaded to the website. Note: This has no connection to the data storage practices of the company involved. Company cyber security practices vary widely.
Inbound phone calls: if someone phones you saying they’re from Company X – NEVER give out any info to them, unless you know them and are already expecting a call from a specific phone number or person. Another huge scam vector.
Birth details: NEVER publish your birthdate online! If you have it on social media DELETE it now. Unless you are doing an official financial transaction, there are very few good reasons for any party to know your real birthdate, much less store it.
Data backup protocols: regularly backup data to multiple external hard drives and encrypted cloud services. Disconnect the backup drive, so it is “air gapped” form network access. The latest ransomware threats are targeting backup drives.
Keep your software up-to-date: Test new software on backup devices first. Sometimes software updates can cause issues or conflict with other essential software, especially if some of your devices are a few years old. It takes more time, but ensures that your workflow isn’t impacted. (Note: Many cyber experts recommend setting your devices to automatic updates.)
Public Wi-Fi: avoid public Wi-Fi unless you know it’s secure (you’ll need a password to connect for the first time), and you understand and agree with the WiFi owner’s privacy policy. Be aware that many “free” networks harvest your data for internal use or for sale.
Scam activity: report all scams to authorities: https://www.cyber.gov.au/