6 Cybersecurity Best Practices Everyone Should Know

Avoid Costly Data Breaches With These Cybersecurity Tips

As more and more of our lives migrate online, cybersecurity has become everyone’s business. While you shop, search, and socially network online, you share personal information with databases around the world, each with its security issues.

Breaches in cybersecurity can be devastating both for you and the organizations you belong to. Once your personal information is leaked, it can circulate amongst hackers indefinitely, allowing them to open bank accounts and credit cards in your name and access private records such as your medical information. Recovering from identity theft can be a long and painful process. It is much simpler, cheaper, and easier to take a few steps to protect your identity.

A common misconception is that all “hacking” is high-tech. Bad IT practices cause the majority of security breaches. Studies routinely find that upwards of 90% of cybersecurity breaches were caused by human error. A 2019 report found that “inappropriate IT resource use by employees” is the most common cause of a data breach. The high-profile security breaches at Equifax, Capital One, and the most recent SolarWinds hack were caused by human error.

The power to protect yourself is very much in your hands. By changing a few simple practices, you can avoid the turmoil and loss that a data breach can cause.

As time goes on, the importance of cybersecurity only grows. For personal, professional, and even organization-wide security, investing in cybersecurity awareness education can mean the difference between building and losing the trust of your customers and professional network.

Start improving your security today with these six top cybersecurity tips and tricks.

Tip #1: Use a Passphrase to Create Strong Passwords

Creating strong, memorable passwords is crucial to your cybersecurity. A standard method for cracking passwords involves a program throwing every possible variation at a server, eventually finding the password associated with your account.

An easy defense against this kind of attack is to create longer passwords. More characters mean more possibilities for the program to try. The result is that the password takes longer to crack and is, therefore, more secure.

This classic xkcd comic explains the problem and solution visually. The simplest way to make a long password is to come up with an uncommon phrase that you can remember. Surprising imagery can help the password stick in your mind. Now, simply add a capital letter or random number, whatever the password prompt requires. Just be sure that it is also easy to remember.

For example: Say you like fig newtons. Your phrase can be “fig newtons taste figgy.” As goofy as that sounds, it would take hundreds of years to crack, and it scores a 100% on strength.

You can use tools like OnlineDomainTools to see how strong your password is.

Tip #2: Manage Your Passwords

Now that you have a strong password let’s put it to use.

Once you have created a strong password, the next part of your defense is password management.

Password management allows you to manage user passwords from one centralized location. A sticky note on your desk doesn’t count. Here are a few options for password management systems. Your goal is to make the password management task secure and straightforward for your needs and specific situation.

Option A: Use a Password Management Site

A password management site such as LastPass lets you store all of your passwords in one place to access anywhere with a single password. The master password is stored in only one place: your brain.

LastPass passwords are stored as keys on each site that you register in your password bank. Stored passwords can be accessed via browser extension from the management service you chose. This allows the manager to auto-populate your password on sites automatically. It’s low-fuss, high-quality password security.

Mini Tip: Use this technique with a Secure Password Generator to create random, strong, and unique passwords for every site you use. You will have a unique password for each website but only need to remember one.

Option B: Use a Secure Spreadsheet

Another option is to manage your passwords yourself in a document protected by two-factor authentication. Create a password bank in a spreadsheet, like Google Sheets. Enabling two-factor authentication for Google keeps your list of passwords highly secure and allows you to access it from any device. This two-factor (2FA) or multi-factor authentication (MFA) adds another layer of security by requiring another verification step on top of a password.

Mini Tip: Use the password generator for all the sites except Google, where you use a hard-to-crack “passphrase” password

Option C: Use a USB Security Key

If password management sites or password generators are too much of a hassle for you, a USB key like Google’s Titan Security Key might be the solution. It creates a multi-factor authentication (MFA) login to each site you visit. As discussed above, this kind of authentication is highly secure.

Note: Not all websites let you use these keys.

Mini Tip: Get a backup key. If you lose your key, you might lose access to your accounts.

Tip #3: Resist Phishing Attacks

A phishing attack is when the attacker gets you to take action that reveals your information. Often this comes in the form of an email attachment with malicious software that you download or a link that takes you to a fake website to steal your login credentials.

If you ever click on a link that takes you directly to a login page, make sure and check the URL. It’s essential to understand what to look for in a URL to ensure you are on the right site. Check that the domain name is correct and followed by the top-level domain, followed by the file path. If there are any additions to the original domain name, you are on the wrong page and should close it immediately.

Common warning signs that you might be on a phishing page are misspelled words, old landing pages, and unfamiliar-looking pages. In the image below, you can see that the Twitter website has been forged. Even though twitter.com is the real domain name for Twitter, the actual ending domain is all09.info.

The computer safety best practice is to close everything out, open a new window, and type in the URL of the intended site. Even savvy internet users fall prey to phishing attacks. It never hurts to brush up on your skills. See how resistant you are to phishing with a spotting phishing quiz.

Mini tip: When entering private information, make sure that the URL starts with HTTPS. HTTP stands for Hypertext Transfer Protocol, and the “s” stands for secure. When the “s” is present, that means all communications between your browser and the website are encrypted.

Tip #4: Be Careful on Public Networks

Your data is especially vulnerable when sent over public networks. The information going to and from your device can be easily intercepted by others using the network. Find out more about the risks of public networks in this short video from the FTC.

Sometimes public networks are your only choice, especially while traveling. If you need to log on to a public network, try to avoid visiting high-security websites like your financial accounts.

If you need to use a public network, a VPN can be your best bet.

Tip #5: Use a VPN (Virtual Private Network)

A VPN is a service that lets you access the web privately and safely. It does this by routing your connection through a VPN server that protects your identity and location and encrypts transferred data.

The destination website sees that the information is coming from a VPN and shows the VPN’s location, not the user’s IP address and location. VPNs use encryption protocols and secure tunneling techniques to protect online data transfers. They also involve integrity checks that ensure that no data is lost and that the connection has not been hijacked.

Is it enough to simply browse in incognito mode? The answer is no. Incognito mode does not protect your data across networks. It only hides the browsing information on the computer.

How do you implement a VPN? It’s effortless. There are multiple providers, and just like any business, there are pros and cons for each. This guide can help you find a VPN that’s right for you.

Tip #6: Beware of Malware

A basic rule of security is to ensure that you have an antivirus program installed and up to date. Antivirus software is a program or set of programs designed to prevent, detect, and remove viruses and malicious software like worms, trojans, and adware (also called “malware”).

Similar to phishing, malware can compromise your security. Malware can steal your information, delete your data, hold your information for ransom, track everything you do on your device, and even hijack your webcam — all without your knowledge.

In addition to an antivirus program that detects malware, watch out for these common signs that your device might be infected:

  • Unfamiliar icons displayed on your desktop

  • Frequent computer crashes

  • Internet traffic increases without any user action

  • Popup ads start showing up everywhere.

  • Your browser keeps redirecting you.

  • Ransom demands

  • System tools are disabled.

  • Unsolicited messages and posts start showing up on your social media/email.

  • Files start disappearing

  • Your computer storage fills up without you adding any additional files.

These warning signs can indicate that malware is using your computer to solicit ad money, hijacking your computer’s resources, phishing your information, or even directly requesting ransom money from you to get your data back.

With over 350,000 new malicious programs (malware) detected every day, it is vital to have an up-to-date antivirus program. Antivirus companies are constantly updating software to combat the growing number of malware threats. It is crucial to stay up to date.

What can Cybersecurity do for You?

It is ultimately always easier to prevent a breach of security than to re-secure your essential accounts. Whether you’re using your phone, computer, or work IT, you expose sensitive data to potential hackers. A few preemptive and proactive decisions can improve your data hygiene and make your information harder to crack.

Data breaches can be extremely costly. Since 2013 there are 3,809,448 records stolen from data breaches every day, which works out to 44 records every second of every day. In 2017, nearly 158 million social security numbers were exposed from various breaches.

The global cost of cybercrime has now reached as much as $600 billion. As a result, the need for cybersecurity professionals is skyrocketing. Unfilled cybersecurity jobs worldwide are expected to reach 3.5 million by 2021.

Now is the time to consider starting a career as an IT professional with certifications in cybersecurity. ACI Learning can help you start a career in as swiftly as three months from infrastructure management to entry-level support positions. This includes training, certifications, and employment services to get you ready to start or further an IT career. Learn on your schedule with a world-class team at your back.

With an estimated shortage of 3.5 million cybersecurity positions by 2021, this industry offers unparalleled growth opportunities and exceptional salaries. Are you ready to take your career to the next level?


Cybersecurity
IT Audit
Professional

Reach Out Today to Get Started