Cybercrime has increased dramatically over the past two years.
We see it in the news all the time: data breaches, social engineering attacks, ransomware, and other attack methods that make our hair stand on end. Victims may feel helpless and not know where to turn or how they could have protected themselves in the first place.
I specialize in information security and wrote this article to teach you how to better protect yourself in the modern online world.
Use a password manager and strong passwords
It can be difficult to track multiple passwords for multiple websites. Some people jot down their credentials in a book on their desk, others keep them in a note or document on their phone. Unfortunately, both methods are highly insecure and pose a security risk to your online identity, as they are easily accessed by a bad actor.
Fortunately, there are several programs like Bitwarden, a free program that hosts the source code for free for developers, security researchers, and the community at large to read. These programs keep track of your passwords, help you generate secure ones, and ensure that you don’t use the same password for two sites.
In the event of a data breach, a company may unwittingly leak your information, such as emails and passwords, to an attacker, who then sells or posts it online for others to use and use. to try.
If you share passwords with multiple sites, they can also access any sites you frequent in addition to the one that was hacked. It is recommended to use several very different passwords, including capital letters, numbers and special symbols (for example: “!”) when creating a password.
Google Chrome also offers this password storage service, but many viruses will target this feature.
Enable Multi-Factor Authentication (MFA)
There is a saying within the information security community: “Convenience is the enemy of security”.
While it can be inconvenient to pick up your phone every time you want to log into a website, it ensures that it’s really you who wants to log into the site.
Unless a thief has both physical access to your phone and your account credentials for the website they’re trying to infiltrate, they won’t be successful.
But there are many types of SMA. SMS (text messaging) is the least secure method of MFA. Instead, try opting for Google Authenticator, available for Android or iOS, or a similar service from a company you trust.
These apps do not store your password themselves, but rather a unique six-digit code to be entered on the website you are trying to access. Not all websites offer this feature yet, but if they do, you can find the setting in your account settings on that website.
Install antivirus software on your computer
Although antivirus software cannot detect 100% of the malware circulating on the Internet, it does a very good job of detecting the majority of it.
There are plenty of choices, and many people have a favorite that they will recommend. Ensuring you have some form of anti-virus technology installed on your computer is crucial, and while it can slow down day-to-day operations from time to time, the benefits of having it far outweigh the cost.
Do not open attachments from unrecognized senders
A common entry point for attackers is sending malicious attachments via email. In my six years in IT and incident response, I’ve seen actors impersonating giveaways and contests), the Canada Revenue Agency, lost friends, and more. Always check the address where the email comes from and think about it before opening it.
Ask yourself, “Did I expect this? If you weren’t expecting a photo from a friend, don’t open it. If you have a “government” notice, first call the official number by searching it on Google. Do not call a number listed in the email. Get to the bottom of things before opening an attachment on your computer. Many Word documents, images, and PDFs can contain malware.
A common question I get asked almost daily is, “How do I know if I’ve been involved in a data breach?”
There is a free online resource, Have I Been Pwned, which allows you to research data breaches in which you are involved via email. No registration is required.
If you’ve been caught in a data breach, change your passwords.
If you have any questions, concerns, or want to learn more, please don’t hesitate to contact me at [email protected].
Adam Johnson is a cybersecurity and IT professional living in Kelowna with extensive experience diagnosing, repairing, maintaining and protecting computer systems in residential and commercial environments.
This article is written by or on behalf of an outsourced columnist and does not necessarily reflect the views of Castanet.