October 2, 2017

6 Areas to Think About for Staying Safe Online

Carl Leonard Principal Security Analyst

October is National Cybersecurity Awareness Month. This is a great opportunity each year to take a look at your online practices around personal data, password management, and overall awareness. Raising your own awareness of cyber threats can help prevent you from becoming a compromised end-user. No one is perfect, and mistakes will still happen, but it’s up to all of us to do our best to safeguard data – for ourselves, our employers, and anyone whose information we interact with. Read on to review some areas to think about – and concrete actions you can take to protect yourself.

1. Don't be phooled by phishing scams

Traditional phishing methods have changed. Attackers have moved on from hosting suspicious looking spoofed bank websites. Banking Trojans can be silently installed on your machine after browsing to infected websites or opening suspicious documents attached to emails so it is wise to take heed of warnings from your bank and monitor your accounts closely.

Social engineering is a technique used by attackers to influence your behaviour. They can better do this when they know a lot about you. These days it’s common practice to have personal information about yourself available on the Internet. LinkedIn, for example, has 500 million users. Chances are you’re one of them, and your work history and education are viewable to anyone who cares to research you. Millions of people have public-facing Instagram accounts that provide even more insight into someone’s family life, favourite places to visit, and hobbies. It’s important to understand that when you make this kind of information publicly available, you also make yourself vulnerable to social engineering. If an email or direct message from a friend feels “off,” proceed with caution, especially if they’re trying to get you to click on a strange link or share personal or financial information.

Action Plan:

  • Review your social media privacy settings
  • Trust your gut – if a message feels “off” it could be a spear phishing attempt
  • Pay close attention to the link – many malicious websites are off by a single letter or by the top-level domain (for example, .net instead of .com)

2. Lock down your devices

Protect your cell phone, tablet, and computer. Your cell phone, in particular, is a powerful computer that is easily compromised or lost; more importantly your cell phone is the route into your private life and business dealings. Take advantage of the screen lock and passcode options on your devices, and use only trusted apps. Always update to the most recent operating system, and keep your software updated as well, as these frequently contain security upgrades. Consider implementing GPS tracking (either via apps/OS or a tracker) on your mobile devices, and learn how to remotely disable your device in the event of loss or theft. Finally, if you frequently use your laptop in a public setting, be sure to install a screen guard to prevent in-person spying.

Action Plan:

  • Upgrade to the latest operating system and software versions offered on your phone, tablet, and PC
  • Learn how to remotely disable your devices
  • Install a screen guard on your laptop

3. Get real about password management

When passwords are reused, attackers who obtain your username and password from one data breach can easily use that to access many more aspects of your online life. A password vault is a great way to avoid reusing passwords across services. By using a vault, which syncs across devices, you can create much stronger safeguards against would-be attackers. Additionally, use Two Factor Authentication (2FA) where possible. Most popular with online banking, but now seen on a variety of social media platforms and elsewhere, 2FA helps prevent unauthorised access to your accounts as an attacker will not have that second piece of information required to login. It is also worthwhile setting up the facility for One Time Passcodes (OTP) if available, especially for approving financial transactions when online banking. Consider password protecting important documents and certainly perform regular backups for peace of mind in the case of a ransomware attack or hardware failure.

Action Plan

  • Use a password vault
  • Use 2FA whenever it is available
  • Perform regular backups – to a hard drive or to the cloud

4. Stay on top of leaks and breaches, and be mindful of who has your PII

Take heed of data breach notifications that you hear of in the press and from your breached provider. Understand what was leaked and assess the risk to yourself. If you are concerned about financial impact ask your bank to set up alerts on your account and credit records.

Data aggregators such as credit reporting agencies and government departments continue to be hacked. Email providers are being attacked or suffer data loss. Attackers have a treasure trove of stolen personally identifiable information (PII) at their fingerprints; some of which you cannot change such as your Social Security Number or National Identification number. Be aware that if this type of information gets in the hands of attackers it could lead to identity theft so protect your PII as best as you can.

Action Plan

  • Make a list of those organizations who have your PII
  • Stay on top of the news whenever there is a breach
  • Set up alerts on your account and credit reports

5. Protect yourself at home AND at work

Remember that you’re responsible for more than just your personal data. Think about the ways you interact with sensitive data at work – and be sure to follow the data handling policies that have been set up within your business. Treat work-related data with as much care as you would your own. Most businesses have policies in place around data handling as well as response plans for breaches. Take the time to review those policies so you are prepared for how to respond if you identify an issue or see a dreaded ransomware demand message. Your employer will thank you for being their eyes and ears given today’s threat landscape.

Action Plan

  • Treat work data as sensitively – if not more so – as your own personal data
  • Review your business’s data handling and breach response policies
  • Speak up if you have any concerns or questions about data handling at work

6. We're all in this together - don't be afraid to ask for help

Reach out for help – whether to a computer-literate family member if at home or your employer’s IT team. Take care of your data, take care of your employer’s data and adjust your behaviour to suit the current cyber security landscape. Stay Safe Online, the organization behind National Cybersecurity Awareness Month, is a great place to start if you’re looking for resources.

Action Plan

  • Review the Stay Safe Online safety tips – and share them with a friend or family member
  • Set up a quarterly calendar reminder to review all of your online privacy and security practices
  • Trust your inner voice – if an email or message feels off, pay attention to that feeling and proceed with caution!

Carl Leonard

Principal Security Analyst

Carl Leonard is a Principal Security Analyst within Forcepoint X-Labs. He is responsible for enhancing threat protection and threat monitoring technologies at Forcepoint, in collaboration with the company’s global Labs teams. Focusing on protecting companies against the latest cyberattacks that...

Read more articles by Carl Leonard

About Forcepoint

Forcepoint is the leading user and data protection cybersecurity company, entrusted to safeguard organizations while driving digital transformation and growth. Our solutions adapt in real-time to how people interact with data, providing secure access while enabling employees to create value.