Security Best Practices

8 Essential Cybersecurity Tips to Stay Safe Online

In today’s increasingly digital world, safeguarding your online information is critical. From social media accounts to financial data, we expose sensitive, personal information on the internet. By adopting a few key cybersecurity habits, you can significantly increase the odds to keep your data safe.

  • Use Strong, Unique Passwords: Ditch predictable passwords. Use a combination of uppercase and lowercase letters, numbers, and symbols to create strong passwords. Avoid using the same password for multiple accounts.
  • Enable Two-Factor Authentication: Two-factor authentication (2FA) requires a second verification step beyond your password, (often your phone), significantly reducing the risk of unauthorized access.
  • Stay Vigilant Against Phishing Attacks: Be aware of suspicious emails, messages, or websites. Phishing attempts lure users into clicking malicious links or attachments that steal personal information. If something seems off, it probably is – avoid clicking and delete the email.
  • Keep Anti-Virus Software Up-to-Date: Anti-virus software is your digital shield, constantly evolving to combat emerging threats. Regularly updating your anti-virus ensures it has the latest defenses to protect you from the newest malware and cyberattacks.
  • Apply Operating System and Application Patches Regularly: Software updates (patches) often address critical security vulnerabilities that malicious actors exploit. Don’t postpone these updates! Set your system to update and restart automatically to streamline the process.
  • Encrypt Sensitive Data: Encryption scrambles your data, rendering it unreadable in the event of a security breach. Encrypting sensitive information like financial documents or personal records adds an extra layer of protection. Bitlocker, (Windows), and FileVault, (Mac), are free built-in tools that can encrypt your hard drive(s).
  • Secure Public Wi-Fi Connections with a VPN: Public Wi-Fi networks are breeding grounds for cyberattacks. Use a Virtual Private Network (VPN) to encrypt your internet traffic and safeguard your data.
  • Simplify Password Management with a Password Manager: Remembering complex, unique passwords can be a challenge. Password managers help you generate, store, and manage strong passwords for all your online accounts, simplifying security without sacrificing strength.

By incorporating these simple yet effective cybersecurity, you will significantly reduce the risk of falling victim to cyberattacks.

    We Were Hacked!

    Verizon’s Data Breach Investigations Report

    Verizon’s Security Report: Key Takeaways and Your Steps to Stay Safe

    Here’s a breakdown of Verizon’s Data Breach Investigation Report with actionable advice:

    • People are the Weakest link. Most breaches involve human error. Secure your systems based on your needs.
    • Top Attack Methods: Credential theft (use 2-factor authentication!) Phishing emails (don’t click, don’t reply, and don’t share information) Unpatched vulnerabilities (update software regularly)
    • Browsers as Backdoors: Use Privacy Badger and uBlock Origin browser extensions. Clear your cache often.
    • Phishing Emails are effective; Many people fall for them. Be suspicious, verify senders, and delete unknown emails.
    • Lost Devices are common. 80% of mobile devices are lost, not stolen. Secure your devices!
    • Small businesses are targeted: Don’t underestimate your data’s value. Don’t rely on weak security practices.

    For a deeper dive, download the free Verizon report!

    Just Delete It

    The FBI, Microsoft, and Google Will Never Call Or eMail You

    A one-page computer security refresher from the FBI.

    https://www.fbi.gov/how-we-can-help-you/safety-resources/scams-and-safety/on-the-internet

    Of particular interest is the note in the lower right:

    Note: The FBI does not send mass emails to private citizens about cyber scams. If you received an email that claims to be from the FBI Director or other top official, it is most likely a scam.

    Replace FBI in that note with ‘Apple’, ‘Dell’, ‘Microsoft’, ‘Google’, etc., and it still holds true. Those companies will never contact you directly via email, browser pop-up, phone, text, carrier pigeon, etc., regarding a security issue. If you think they are contacting you directly with a legitimate communication, they aren’t. Please delete the email, don’t take the phone call, and dismiss the browser popup.

    IT Axioms

    Things I’ve learned in 30 years of IT

    axioms
    • User convenience wins over IT security
    • Security and compliance are not the same
    • Security and privacy are not the same
    • Authentication and authorization are not the same
    • Trust and verification are not the same
    • If you have ‘nothing to hide’, you have everything to lose
    • Build a 10 foot security wall and users buy a 12 foot ladder
    • A backup is as good as the last tested restore
    • To understand how a decision is made, follow the money
    • Don’t confuse activity with productivity
    • If a user says something isn’t important…it is
    • A missing $50 cable can delay a $1M project…details matter
    • Complex projects take 2x the time of the estimate
    • Technical debt is easy to add and difficult to remove
    • A software sprint is anything but
    • MDM solutions don’t find 10% of your devices
    • Customers don’t pay for documentation
    • If every user is special…no one is
    • If everything is urgent…nothing is
    • Important and urgent are not synonyms
    • An end user problem is not my emergency
    • This will only take a minute…won’t
    • Anyone claiming 100% compliance…won’t pass an audit
    • If you can’t measure it…you probably don’t understand it
    • Complex IT system fail gradually…then suddenly
    • Managing people is convincing you my emergency is yours
    • Work-Life balance does not apply at end of quarter
    • If you have a quota…the number is the number
    • No good deed goes unpunished
    • A manager who is ‘here to help’…isn’t
    • A feature and a bug are all about perspective
    • Your initial project estimate is a client’s final price
    • In a training class of smart IT people…sit next to the quiet one
    • Junior IT people…mouth shut and ears open
    • Smart IT people sit in the back of the room
    • Open source is free…unless you’re the maintainer