Con Watch: Eight Essential Tips for Cybersecurity

Steve Weisman is a lawyer, college professor, author, and one of the country’s leading experts in cybersecurity, identity theft, and scams. See Steve’s other Con Watch articles.

With so much of our lives tied to activities in cyberspace, particularly during the present coronavirus pandemic, the need for proper cybersecurity is essential to protect ourselves from serious threats presented by hackers and other cybercriminals. By taking some basic steps you can dramatically enhance your cybersecurity. Here are eight tips that are easy to follow.

1. Install good security software on all of your electronic devices such as your computer and your phone. It is also very important to download and install the latest updates and patches to all of your software programs — including your security software — as soon as they become available. The massive Equifax data breach of 2017 in which 148 million people had their personal information compromised was due to Equifax failing to install an update of its Apache software. Hackers broke into Equifax by exploiting a vulnerability for which a security update had been issued months earlier.
2. Don’t click on links or download attachments unless you have absolutely confirmed that they are legitimate. The vast majority of cyberattacks come through malware delivered in phishing or more specifically targeted spear phishing emails and text messages, and even the most up-to-date security software is always at least 30 days behind, so you can’t trust your security software to protect you from the latest threats.
3. Use a unique strong password for each of your online accounts. It is important to have unique passwords for all of your accounts. If you use the same password for all of your accounts and your password from one account is stolen by a cybercriminal, all of your online accounts are in jeopardy. Using a password manager is a good, simple way to create and store strong passwords for all of your accounts.
4. Create a nonsensical answer to your security questions. When you set up online accounts, you are generally asked to set up a security question, such as “What is your mother’s maiden name?” If you forget your password, you can answer your security question to get access to your account. Unfortunately, it is often a simple matter for a hacker to get the answer to your security question and thereby get access to your account. The simple solution is to provide a nonsensical answer to your security question. For instance, the answer to the security question as to your mother’s maiden name could be “firetruck.” It is so silly, you will remember it and no cybercriminal will ever be able to guess it.
5. Use dual factor authentication whenever possible. Remember Murphy’s Law: “Anything that can go wrong will go wrong.” As much as you protect the privacy and security of the usernames and passwords for your accounts, you can expect that either through a data breach or some other cyberattack, your information can fall into the hands of cybercriminals. This was the situation when Jennifer Lawrence fell for a spear phishing attack and turned over the username and password for her iCloud account that contained nude photos of her. If she had used dual factor authentication for her iCloud account, the cybercriminals would not have been able to access her account even with her user name and password.
6. Make a copy of your data daily. One of the most common types of malware is ransomware. When you unwittingly download it to your computer, it encrypts all of your data. Cybercriminals then threaten to destroy your data unless you pay a ransom. The best way to protect yourself from this threat is to copy all of your data daily in both the cloud and a portable hard drive.
7. Protect your router. Your router is a networking device that allows your computer, phone, and other internet-enabled devices in your home to connect to the internet at the same time. Unfortunately, unless proper security precautions are taken, your router can put you in danger of being hacked, either making you a victim of identity theft or by hijacking your computer to spread malware to other computers. If your router is compromised, the security of all of your devices that use the router is in jeopardy. When you install your router, it is important to change the default password to prevent hackers from easily gaining access to your computer and the information contained therein. It is also important to update your router with the latest security updates. While some routers automatically do this, many older routers do not. If you do not use a router that automatically updates, download the latest security updates to your router whenever they become available and check the manufacturer’s website regularly to find the latest security patches and updates.
8. Use social media responsibly. Posting too much personal information can enable a cybercriminal to leverage that information to create spear phishing emails to lure you into clicking on infected links. Limit the amount of personal information you post and do not accept every friend invitation you receive. Finally, social media accounts are often hacked and a message that you receive from one of your “friends” may actually be from a cybercriminal who hacked your friend’s account. Always be wary of messages from your friends that ask you to click on links or provide you with some opportunity that may actually be a scam.

Remember, cybersecurity is not a goal, but is a constant process.

Featured image: Michael Traitov / Shutterstock