Navigating Cyber Security Basics

Navigating Cyber Security Basics for Work and the Home Office

Cyber Security has Become a hot Topic – What is it?

Cyber Security is a set of principles and practices designed to safeguard computing assets and online information against threats. These days, you can never be too careful about what information you share whether intentionally or inadvertently. Here are some tips to help prevent intrusions and to safeguard your information.

Top Cyber Security Threats

  • Intrusion – unauthorized individuals trying to gain access to computer systems in order to steal information.
  • Virus, worm, Trojan Horse (Malware), Botnets – programs that infect your machine and carry malicious codes to destroy the data on your machine or allow an intruder to take control over your machine.
  • Spyware – software that sends information from your computer to a third party without your consent.
  • Phishing – the fraudulant practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers or to trick users into downloading malicious software.
  • Social Engineering Attacks – the psychological manipulation of people to perform actions or divulge confidential information.
  • Email spoofing – email spoofing is a technique used in spam and phishing attacks to trick users into thinking a message came from a person or entity they either know or can trust.
  • Ransomware – Ransomware is a form of malware that encrypts a victim’s files. The attacker then demands a ransom from the victim to restore access to the data upon payment.

What Can You Do?

  • Clean screen/clean desk policy – do not leave sensitive documents out on your desk. Do not leave sensitive documents on your desktop of your computer. Do not write your usernames and/or passwords on a sticky note and stick it to your monitor. Use a screen diffuser in an office setting when appropriate.
  • Passwords – use strong passwords and change them often. Do not use the same passwords for all websites. Use a phrase instead of one word. As an example: instead of Spot2021, use SpotIsMyDog2021. Use password vault apps on your phone.
  • Dual authentication – Use 2-factor authentication whenever possible. All major websites such as Facebook, Amazon, Google, etc. offer dual authentication.
  • Attachments – never open attachments from people you do not know or that you were not expecting. This includes Word, Excel, PDF files and Zip files.
  • Workstations – lock your computer when you walk away. To lock your computer, press control-alt-delete at the same time and then hit enter.
  • Physical documents – physically lock up any documents that have sensitive information. Do not write down or save credit card information. Be sure to shred any documents that contain sensitive information such as credit cards statements, etc.
  • Digital files – password protect any documents that have sensitive information such as name, address, date of birth, social security number, driver’s license number, bank account routing numbers, etc. Do not plug in an external USB drive unless you fully trust the contents.

Cyber Security Myths

  • I don’t have anything worth protecting – false. Your data is valuable on the black market.
  • I use security software so I’m protected – false. Security software is reactive to viruses and intrusive software. Prevention is key.
  • Phishing scams are easy to spot – false. Phishing scams are getting better and better at disguising themselves as legitimate businesses. Instead of clicking on links in emails, visit the site directly and login.
  • My friends on social media won’t hurt me – also false. Anyone can steal images and information from someone on social media, friend request you and pretend that they are your friend. Report questionable profiles to the social media platform.
  • Hackers are mysterious, scary figures – false. Hackers could be the teenager next door.
  • I only go to mainstream websites so I don’t need security software – false. Viruses and harmful software exists on all kinds of websites and even within browsers. As long as you are connected to the internet, your computer is vulnerable.
  • I won’t be hacked, I use complex passwords – false. While a strong password is required, every password is hackable. That’s why dual authentication is highly recommended.
  • I will know when something bad gets in my device or computer – false. Most malware and viruses operate in the background so you are not even aware of its existence.
  • Staying compliant with industry regulations is enough to keep business safe – partly true. While current industry regulations are important, they are typically a step behind. Be mindful of what you put out there.
  • In an office setting, IT is solely responsible for cyber security – false. IT maintains the network and systems in order to keep business running. The user is responsible for the safety and security of their workstation.

Key Take-Aways

  • It is ultimately up to you to protect and prevent your data. Limit what you share on social media and websites.
  • Make security a habit. Report suspicious or potential security threats to the IT Department in an office setting or run an anti-malware program regularly at home.
  • If something makes you stop and question it, your intuition is correct. Do not click on suspicious links or give out information.
  • Take the Google challenge and look up your name to see what information is out there about you. At the very least, you can find your birth date, address and relatives online.