Cybersecurity is a shaky topic. Some people are good with risks online. Others have every security software and protocol in place. Some are great about following guidelines at work but completely ignore them at home (or vice versa.) Whatever your views, tendencies, and opinions, there is one fact that we are all faced with – cybersecurity incidents are on the rise and here to stay. As we add more software, apps, and devices, we increase the number of gateways available to hackers to access our data. So what can be done?
Well, a lot – which is part of the confusion and problem, right? Where do you start when there are so many options out there?
Here are a few simple ways to protect yourself and others through healthy cybersecurity behaviors.
This article is not sponsored but does contain affiliate links to tools I fully endorse.
Don’t collect data in the first place. Or only collect what you absolutely need.
There’s a tendency out there to collect every piece of information possible about a person and save it digitally “just in case.” This is particularly pervasive in businesses. You fill out interest forms or cart check-out fields and you’re being asked for your phone number, birthday, and blood type. Keep it restricted to the bare minimum.
One big no-no I see most often is small businesses collecting and saving credit card information. Unless your information storage systems are PCI compliant, leave the payment data and processing to the big dogs. It may not seem like a huge deal or risk, but you’ll be singing another tune of their data gets accessed, used, and you were found at fault.
Use stronger passwords and two-factor authentication.
Cue the eye rolls. We knooow this and yet a recent study found a staggering two-thirds of people use the same password for multiple accounts. All hackers need is one, and they will try that or variations of it on all your accounts to attempt access.
On the note of attempting access, two-factor authentication is a convenient way to intercept unwanted logins. Hot tip: set up a separate email address just for your authentications and recoveries to create a further disconnect between your systems and accounts.
Keep software and apps up to date.
Turn on automatic updates or check your apps once a week to ensure they are the most recent version. Annoying? Sure. Essential? Absolutely. Security protections are frequently being rolled out so if you’re behind a few updates, your accounts could be open to known threats and you won’t have a leg to stand on if something disastrous happens.
Don’t use open or public wifi networks.
Yes, even if they have a paywall or password. Public wifi networks are rife with hacker activity, even at your neighborhood coffee shop. Your best bet is to utilize the personal hotspot on your phone or set up a VPN (virtual private network.)
Lock your devices.
With the ease of biometrics and Face ID, there are actually a few reasons not to lock your devices. Whether out in public or in your personal office, locking your device not only prevents any lurkers from peeking in, it can also put your device in “sleep mode” shutting off unused and unnecessary internet gateways. Also, if your device is stolen when you step away, it’ll be harder for the thief to gain access to your data.
Use encryption services to share sensitive information.
Whether it be your partner, assistant, or service provider, sometimes we need to share sensitive information like passwords, payment cards, or addresses. Traditionally, the recommendation has been to split up the data. “Send the credit card number in one email and the security code via text.” “Send the password separate from the username.” Thankfully, there’s an easier way. Signing up for a reputable encryption service such as LastPass will ease the transfer of information and even enable “sharing without exposing” your data (one of my favorite features of LastPass.)
Delete it when you no longer need it.
Set up a standard for keeping information and regularly audit what you have. Is there a reason to keep specific pieces of information? What is your deletion process? Remember archiving is different from deleting. This is also the best way to reduce the area of impact in the event you have a hacker incident.
For example: As a system consultant, I’m given a plethora of sensitive information when working with clients – primarily account logins. When our engagement is completed, within three days, I go through a thorough sanitization process – deleting their passwords and usernames from my systems, checking my browser’s saved passwords and deleting just in case, and clearing my cache and cookies. If ever my system is compromised, I don’t want to take down everyone else’s ship with me.
How many of these are you currently doing? Honestly.
Now, how many of these are you doing regularly? Set aside time this week to do an audit on your cybersecurity behaviors. What can you do better? My suggestion: start with your passwords.
What would you add to this list? Tell me below.