October is a scary month, but not because of the Halloween ghouls and ghosts. October is Cyber Security Awareness Month, and now, more than ever, is a good time to take stock of all the passwords and security measures you have in place.
As recent as the beginning of this month, Yahoo announced that all 3-billion user accounts were impacted by the 2013 security breach. Prior to that, Equifax has 15.2 Million UK records exposed and 145.5 million US records. And then again on October 16, researchers provided evidence that WIFI using WPA2 security is now easily hackable – which affects computers, laptops, cell phones, tablets, routers and WIFI access points.
The fact is this: You will always face a potential data breach.
The point is this: You can, and should, do everything in your power to minimize your risk.
Here are four security points to consider:
- Use different passwords for any websites you login to, especially banking and financial services.
- Ensure your passwords are strong. Ideally, they should be longer than 14 characters and contain uppercase, lowercase, numbers and symbols. Try out http://passwordsgenerator.net/plus/ to generate a strong password.
- Enable multifactor authentication when offered. This will mean you’ll need more than one method of authentication – typically a text message or mobile/tablet app confirmation of the login.
- Conduct regular backups of your data, photos, documents, etc. Using a storage solution like Time Machine or online with Dropbox is a good option, but what if your account is compromised by a server hack and your data stolen or worse, deleted? I suggest you keep your backups on external hard drives and at an off-site location. If that’s not an option, at least ensure the hard drives are locked up.
- Encrypt USB keys and external hard drives. There’s plenty of software out there that can do it. For example, Windows 7, 8 and 10 comes with encryption software called BitLocker for USB and external storage.
- Make sure your computer operating system, firewall, antivirus and malware applications are updated and perform regular scans.
- Email, text messages and phone calls:
- Avoid unknown email attachments. When an email comes in with an attachment, check to make sure the email address — not just the name — are from a legitimate source. Some hackers who gain access to an email account, will start sending out emails to the entire contact list.
- Recently there’s been a rash of text phishing scams, indicating that the CRA is after you for unpaid taxes. This is a scam from cyber-criminals trying to get you to provide personal or financial details that they can then use to open bank accounts, take out credit cards, etc. Verify the number by finding the phone number for the bank or agency on their official websites. Call them and confirm if the message is legitimate. Do not reply to the text message.
- Be wary of phone calls. It’s easy to spoof caller ID and have a number show up as “Private Name” or “Unknown”, so use caution when answering a call from an unknown contact. I recently read an article outlining how the latest phone scam is from someone calling you in a quiet whisper asking “Can you hear me?”. The person on the other end says “yes”, then the call is terminated. This “yes” is then used against the person to make it appear as if they’ve agreed to a large purchase. At first, I thought this was a hoax article. A week later, a friend of mine swears she received such a call. She hung up immediately, which I told her was the right thing to do.
You might get a headache from thinking about all the different potential vulnerabilities. But once you have started reviewing and implementing critical security measures, it will become a habit you’ll be glad you have.
How do you maintain your digital security?