I often get asked my opinion on what small businesses and individuals can do to protect themselves against cyber attackers. This is the list that I always come back to…
So let’s reveal 5 important things you can do to make yourself much more secure both at home, as well as whilst at work, and beat the bad hackers, crackers and cyber attackers!
1. Always patch and keep up-to-date
Yep – those annoying security patches. Every time you have a Microsoft Windows update, mobile phone / tablet, or Apple device that says “hey I need to update your device!”, it’s usually to fix a known attack that hackers have figured out how to use against you. So keep up to date in order to protect yourself.
Some people think Apple devices are impenetrable to cyber attack – however that’s not the case. They have security weaknesses too, and often need to be updated. So if you’re using Windows or Apple computers – it’s the same thing, update your systems. It’s also the same thing for third-party applications. If you’re using Java, Adobe, PDFs, MS Office, those are all things that you want to keep up to date and that makes it much harder for hackers to break in to your system.
2. Don’t use the same password everywhere:
I know it’s hard, but using the same password everywhere is one of probably the easiest ways that we break in as hackers. So if you re-use the same password across LinkedIn, Dropbox or your cloud based email password – we can easily find your password from breach data on the dark net, and get into your email and reset your passwords for other accounts.
If you think I’m making it up, go check out your personal email addresses on the www.haveibeenpwned.com service, and see if your password are already in the hands of hackers. Identity take-overs are then easy – whereby hackers could take out loans, credit cards, mortgages etc using your identity.
Consider using a password manager across all of your devices, so that you only use long unique passwords, that your password manager remembers rather than you. Enable multi-factor on your password manager too.
3. Use two-factor authentication (aka two-step, 2FA, multi-factor) on everything you use online:
The majority of modern web based email platforms, social sites, banking and finance sites all support the ability for you to enable multi-factor / two factor. So even if your username and passwords are exposed to hackers (believe me it happens) you are still protected by an additional factor. Try and always use application based, rather than SMS.
What you may not know is that most cyber criminals also know how to steal your mobile phone number, so that they receive your SMS multi-factor code instead of you in order to get around SMS based multi-factor solutions. The cyber attacks can port or SIM swap your mobile phone service, hence why where possible – always use application based two factor rather than just SMS e.g. like Microsoft Authenticator or Google Authenticator, Authy etc. Read more about multi-factor and mobile phone porting here.
4. Carefully consider the information you share online
Your personal information is incredibly valuable to hackers so be aware of what info is collected about you and what information you share online.
We as attackers can look at information you share online and craft custom phishing attacks against you. Think of what we could do with info such as your personal or professional interests, what events you are attending, job description & connections…. shared publicly on Facebook / LinkedIn. We can use this info as a method to attack you. Be proactive in managing your privacy by checking the privacy and security settings on your online accounts and apps, watch out for fake profiles and don’t connect with people you don’t actually know in real life.
A very common trick hackers use is to create a customised phishing email. Most hackers these days know how to play on your emotions. Be it curiosity, urgency, whatever it takes to get you to open an email, and click on a malicious link. If you do click on that link, hackers might install a key stroke logger, or a back door into your system, and the network they are connected to.
5. Safeguard your privacy & personal information.
That’s one of the biggest things that attackers can leverage to get access to you and your data. Things like your date of birth, TFN, or your credit card numbers. So as an example, someone shouldn’t be calling you from a banking service and asking you for that type of information. This is a common scam – where they’ll pretend to be your bank / /financial service, your mobile phone service provider, Microsoft, or the ATO.
So whenever you get a call asking for personal information tell them you’ll call them back. Look up the contact number on their website and call back to verify.
That’s it – just 5 simple steps that will help protect yourself and your business.