“Let the eye of vigilance never be closed.” – Thomas Jefferson
Anything that is to become habit requires practice. Practicing vigilance as we transact many aspects of our professional and personal lives via cyber (think the internet, computers, email, applications, mobile devices, etc.) is now an imperative as our world continues to become more cyber-interconnected; the threats from malicious actors that want to scam, steal, disrupt and violate now have a global reach to each of us by way of this cyber landscape. Cyber is the new battlefield—we are now all cyber-soldiers with a responsibility to do what we can as to mitigate risks that can otherwise have profound impacts to the companies with which we are employed, our personal lives and our well-being and safety in society.
As a cybersecurity professional who works for a company (Juniper Networks) that is on the front lines every day seeking to create and advance innovation that reduce complexity, increase security and seek to enable enterprises across the globe with networking & security technology and capabilities, I know firsthand what practicing vigilance means and why it is something WE ALL must do. I live in this world every day as my chosen profession; I am passionate about helping others understand their responsibility in protecting themselves and the companies for which they work.
Throughout human history, there have always been at least one bad apple in the bunch seeking to take advantage of, steal from, con and generally do harm to others as to advance their own goals which often are relating to profiting off others. This is by no means a new phenomenon, but our globally cyber-interconnected world has simply afforded these “bad apples” to execute their dastardly deeds on a global scale and reach.
With geo-political unrest, the war in Ukraine raging, social cleaving and culture wars in the U.S. (and elsewhere), the threat of cyber-borne engagement and impacts to each of us is heightened. We MUST be vigilant!
Many ask me, “What can I reasonably do to protect myself and my company from threats and risks,” to which I do reinforce some basic practices that can help:
- Don’t click on links or open files/attachments you receive via email or text (SMS or chat) unless you verify the sender and the intent. If it’s unexpected or out of the blue…pause and verify. Remember, bad-actor’s seeking to exploit someone often use social engineering tactics to incite curiosity, interest and an emotional response. In other words, they seek to exploit trust that is temporarily granted by the target (you and me) and to use this to their advantage. If you receive a link or other request seeking that you enter and verify your credentials (say to a bank account), validate an Amazon order or shipment, win an amazing price (e.g. Free iPad!!), the list goes on and on. Don’t do it! Pause and take the time to verify for granting any trust, even when you receive something from someone you know (as their account could too have been compromised). The few minutes you spend to verify can save you a lot of money, time and grief. Verify, then trust!
- Keep your PC or Mac and other network-connected devices (printers, Wifi routers, etc.) up-to-date. Enable vendor updates (say Microsoft Windows, Office apps, MacOS, etc.). Change default admin passwords and when updates are available, apply them. Browsers such as Chrome, Firefox, Edge and Safari need frequent updates to mitigate potential vulnerability exploitation and compromise.
- Install, run and maintain anti-virus/anti-malware software on your personal and corporate systems. There are many potential options and solutions—the majority will cover upward of 95% of known “bad stuff” that could otherwise infect and leave your system vulnerable or outright compromised (ransomware).
- Configure backups of your data. For personal PC’s or Mac’s, use a USB storage device to copy any information, files, data (photos, legal or financial documents, etc.) to a separate device. Do this at minimum once a month, more frequently if you are more active on updating files and information that is stored on your local system(s). Ask yourself, “If I don’t have the latest file version with the latest update’s I use to transact something, what will the impact be?” This will help to determine frequency of data backup and risk tolerance if the date is lost or compromised (e.g., ransomware). When possible, disconnect this device after the backup occurs and store in a safe place and/or use online (cloud) based backup solutions or services.
- Remove unused applications from PC’s, Mac or mobile devices. Apps, games and utilities; if you do not use them on a regular basis, remove them. This reduces the potential for vulnerabilities in such apps to be exploited and your system(s) being compromised.
- Do not use the same password across financial, personal and work systems. Credentials (your userid and password = what you know) should always use a different password or better yet, a passphrase (passphrase example is ‘thESunfeel$great0Nmyface!’). Using different passwords and / or passphrases across various accounts (e.g., Bank, personal and work systems) is important! Also, use a password manager (Google to search for options). There are many options to help organize and securely store your credentials.
- Use 2FA and MFA (2-factor or Multi-Factor Authentication) whenever possible and feasible. When paired with your credentials (what you know + what you have and/or ARE – 2FA/MFA), this provides another layer of authentication security that is more difficult for a nefarious actor to compromise. Most financial service (e.g., Online banking), Amazon, Microsoft and others readily support 2FA/MFA. Having a code sent to your mobile device is another form of 2FA, as are fingerprint scanners.
- Pay attention to the web sites you utilize and the information you share. Be mindful and cautious relative to your online use—avoid websites that may have questionable practices or intent relative to the services or products they claim to provide. Use your “Spidey senses” and if something doesn’t look right or feel right it is probably not right and should therefore be avoided. Often simply searching for company or website reputational input is easy and provide insight as to whether the site or company is safe.
I refer to the above recommendations as basic security hygiene. These steps alone will go a long way in protecting your sensitive data/information, credentials, and reduces the potential for a system being compromised. They are proactive steps we can all take to practice vigilance and take some control of our online security posture.
For more information on this topic, refer to our recorded LinkedIn Live: Make a Firewall To Prevent Cybersecurity Breaches
