This week I am sharing some thoughts about protecting yourself on a more technical level by addressing cybersecurity. Why write about this topic when we have some huge societal issues such as the pandemic and racism that need to be addressed? There are thousands of voices on those topics already, which is a good thing. We need to address all of the challenges caused by this pandemic and prepare for future ones. We need to end racism.
While cybersecurity is not as profoundly ingrained in our society, it is a topic that we too often ignore or take for granted. If you are successfully attacked, it can mess up your life for years. With the dramatic growth of people working at home and otherwise due to the pandemic, cyberattacks have increased dramatically. Bad people are working even harder now to take advantage of you. I hope by helping people to better protect themselves from cyberattacks, it will allow more attention for the big issues mentioned above.
1. Be smart about your passwords. Most people use passwords that are too short or simple, such as your mother’s maiden name, your dog’s name, or your high school. It is easy to find this information out on the web and hack you. A good password follows simple math. The best passwords are longer, have more types of characters (uppercase, lowercase, numbers, symbols), and are random. I made up my own methodology for unique passwords (and no, I am not going to share it!). The problem with this recommendation is keeping track of your passwords since you should never reuse them. Password managers help so check into getting and using one. You just don’t want to forget your master password!
2. Sign up for Two-Factor Authentication. Two-factor authentication is where, in addition to a password (one factor), you also need to enter a unique code (second factor) usually sent to your phone or other device. It is worth the extra protection. Many sites offer it as an option and, quite often, it is only required when you first use a new device for a website so the hassle factor is minimal.
3. Use multiple email accounts. Many people already have some form of this since they will have work email separate from their personal email. I go the next step and have email accounts for my non-commerce vs. commerce personal activities. My theory is that if I get hacked, it may offer some way to compartmentalize the damage. Also, it is easier to flag strange activities if I see something that crosses over this line. For example, it is a red flag when I get an email from a commerce site showing up in my non-commerce account.
4. Working at home presents new and bigger threats. With the COVID crisis, this area has grown dramatically. Your home network is rarely as secure as your work network. You need to be extra careful when doing work at home. Be proactive and make sure you are following any recommendations from your employer and ask for help as needed. Any good employer should be happy to help you be more secure. Also, if you have separate work and personal computers and devices, keep them separate for each role. Remember the old rule about not mixing business and pleasure. Different context, but it makes the right point. Also, you should recognize that there are employers that may be tracking your activities on your work device. It is their computer but it is unsettling to be tracked. This issue could be an article topic by itself.
5. Use a VPN especially when outside home or work. Virtual private networks encrypt and transmit data on the internet in a safe and secure fashion. The networks are organizations that provide this service usually at a low cost. Using a VPN is very important when you are traveling and want to use an unsecured wifi connection. You don’t want to use an unsecured public wifi network without this protection otherwise your risk of getting hacked goes up dramatically.
6. It’s not just your computer, your tablet, or your phone. Most people give some consideration to cybersecurity; but, usually only to their major electronic devices. You can get hacked through any electronic device on your network. You need protection on these other devices and the network itself. This includes everything now from your doorbell and thermostat to your speakers, TV and related devices. I remember a hacking story from years ago about a company that had done a lot on cybersecurity because of the critical nature of what they made. They got hacked when an attack successfully came through a pop machine that was connected on their network for automatic reordering. They had a lot of great protections; but they had left a hole that looked harmless.
7. Learn about the other kind of fishing, the “ph” kind. Spear phishing is a class of cyberattack that we all have to deal with. It is that email that may have a great special offer, it may be warning you that you are in trouble if you don’t respond, it may be from a real friend saying open the cool attachment they have sent you. When you get any of the above, you need to go to red alert on how to handle them. On the first two – the great offer and warning ones, my default is to review the email carefully. If the address is off, there are typos, weird phrasing or any request for personal or financial info, trash it. Sometimes, if I am concerned it could be real and important, I will go search and find the website for the supposed sender on my own and contact them (often by phone), totally apart from the email. For emails from friends or other known parties, if I get an email with just an attachment and no introductory text or a very short phase such as “check it out,” I will separately email them and ask if it is for real. If I don’t know the person well enough, I just delete the email. I may be too hard on this one; but the risk is too high.
8. Unplugging is not just good for meditating. All of the above is a lot to think about and do. Don’t forget the simplest solution: unplug. It is not always possible because of our connected lives. At least give it a try in a couple of situations. First, if you are away from home for an extended period, unplug anything from the network that isn’t critical. You may still want to see who comes to your door or watch your thermostat; but most of the rest don’t need to be connected if you are not there. Second, it is a good idea to occasionally unplug devices. In addition to interrupting any potential hacking that you aren’t aware of; many devices tend to collect a lot of junk over time and this often cleans things up to achieve better performance.
9. Practice good cyber hygiene on an ongoing basis. I am a nerd who loves technology. It has profoundly improved our lives in many ways. Just think about how many of us have been on video calls during this pandemic. But, I also am paranoid about the risks of cyberattacks. I am concerned that just writing this article will increase the attacks on me. Cybersecurity is like having a chronic disease. It will always be with you. It can threaten you at any time and in a huge variety of ways. It is always becoming smarter and better in the ways it can take advantage of you.
Please view the above points as good advice, but not comprehensive. To help you in an ongoing fashion, the National Cyber Security Alliance is a non-profit with great recommendations. I encourage you to visit them at www.staysafeonline.org
The benefits of our connected world outweigh the risks; but we need to be smart about understanding and managing both sides of the story.
Remember, Relentless Positive Action in your life will help you and others. So, I wish you RPA every day!