As recent data breaches at major retailers demonstrate, security is an issue for us all. As small business owners and social innovators, we are in a unique position to help safeguard stakeholders’ data while keeping our own organizations safe from the growing array of cyber-threats. Perry Chaffee, VP of Strategy at Impact Hub-based cybersecurity company WWPass, and a 10-year Air Force logistics veteran, shares his proven tips for staying safe on the web:
When we get on the information superhighway, too many of us are blissfully unaware of the hazards that come with seemingly universal internet connectivity. All of us are responsible for protecting ourselves, but how?
When we get on the actual highway there are plenty of things we’re aware we should and shouldn’t do while riding in a vehicle as drivers or passengers. When we get online, many potentially dangerous actions often seem harmless or even routine. Maybe that’s because using a computer, tablet or phone often seems less dangerous than using a car, but consider this: though you need a license to drive on the highway, we receive little training before getting on the information superhighway.
Indeed, using the information superhighway can be even more dangerous, and it’s important that the general public begin to recognize that and take action. Here’s where we can start:
1) Self-education & Situational Awareness
Know about phishing scams and spoofing (when a malicious site is disguised as a trusted one).
In a recent article on LinkedIn, 19 Security Experts shared their top 3 tips and tricks for anyone to avoid some of those hazards. Many of them were repeated from one expert to the next. Over half of these experts included advice like “create very strong & complex passwords change them often, and never, ever reuse a password on another site or account.”
According to the 2016 Verizon Report, over 63% of data breaches were the result of compromised credentials. Almost two-thirds of them were based on passwords –and usernames. That part is critical, and almost everyone is overlooking it! Use different usernames for different kinds of accounts. Don’t use the same usernames for banking, shopping, or social media.
Does your weather app really need access to your camera, photos and microphone? Think about that for a second. Do you even know what apps on your phone have access to those things? Do you know what those apps do with that data? How do you know they’re not saving photos you took last night to blackmail you next year? It might sound paranoid, but how do you know they’re not spying on you?
Moreover, do you really understand what you’re giving up when you click that “Login with Facebook” button? As soon as you use this feature on site XYZ, you’ve basically agreed to give Facebook all your private information from site XYZ. Is that a good idea?
Demand privacy with all your votes! Demand it at the ballot box! Demand it with your wallet! Demand it when you decide which apps to download and which services to use! You’re the only one who cares about your privacy. If you don’t protect it, no one else will. You may not think you’ve got anything to hide, but millions of victims of identity theft had similar opinions.
5) Single-Sign-On (SSO)
That “Login with Facebook” button –and other equivalents like Google, Twitter, LinkedIn, and SalesForce all provide the capability of signing onto all your accounts by signing on to just one account.
That’s a very convenient thing for a hacker to be able to do. Before people started using those methods to login, hackers could potentially need to steal or crack multiple passwords to get access to all your accounts. By using the wrong SSO provider, you’ve done them a favor I’m confident they’ll return in kind. Using a password manager is better than using popular social media sites for SSO.
6) Two-Factor Authentication (2FA) or Multi-Factor Authentication (MFA)
Websites that only require a username and password are only using one factor –and that’s not secure. Adding additional factors can improve security if done correctly. Use strong 2FA and/or MFA everywhere possible. If you’re using a website or service that doesn’t have MFA, take a minute to contact them and recommend that they start using one. Organizations often adapt what they’re doing based on user feedback, but they’ll never know what you don’t tell them.
7) Software Updates
Sure, you might need to restart your computer or put your phone down for a few minutes, but if you put off important updates long enough, a hacker might create plenty of other problems for you. Check for software updates regularly and install them as soon as possible after they’re available. Those updates often patch critical vulnerabilities so the longer you wait, the longer you’re at risk.
8) What you don’t know will hack you…
Most people, if they found a piece of candy on the street, wouldn’t pick it up and eat it. That’s pretty gross and possibly dangerous. But you’d be amazed how many people are happy to plug an unknown thumb drive or CD into their computer. Trust me, doing that is an excellent way to have a very bad day. Same with some of these other common practices:
-Connecting to Wi-Fi when you aren’t absolutely certain who is providing it.
-Download the photos & attachments from emails when you don’t know and trust the sender.
-Clicking a link your bank sent you and giving your credentials to a spoof site. If your bank sent you a link, don’t click on it. Open your browser, go to their website manually, and login to navigate to whatever it is they want you to see. If your bank calls you to notify you of identity theft, tell them you’ll call them right back, then go to their website, look up their help desk number and call it.
9) Mitigate Offline Risks
Each year direct mailing companies turn whole forests into junk mail to fill recycle bins and trash cans around the world. Dumpster diving is a form of social engineering, but if you move and don’t update your address, the person who shows up behind you might not need to go to that extreme. Update your address with USPS, your banks, employers, healthcare providers, and any other important accounts every time you move. Sign up for electronic delivery everywhere possible.
10) Drive only one vehicle at a time
Phones killed ~3,179 Americans and injured ~431,000 more in 2014. Phones are dangerous. To put that in perspective, guns injured and killed a combined total 35,626 Americans during that same time. Guns are obviously deadly, but phones are deadly too.
Put your phone down when you’re driving.