Translate

7 Security Tips to Keep You and Your Information Protected

By Garrett Babinchak | InfoView Systems Inc. | 12/5/2018
 

Let’s take a moment to talk about security and privacy!

.......

No? Just me, then?

Yeah, that sounds about right. It's not on anyone’s must-talk-about list, that’s for sure. But it is a topic that requires more awareness.

Currently, to most, security is treated as an expectation, when in reality it is usually an afterthought, at best. Just like you expect your tap water to be safe to drink, you are expecting the picture you took of your grandkids or the password to your banking app to be secure on the devices you use. However, info security is still in its infancy, with very limited regulations requiring companies to keep your data safe. This is because there is no profit in security, if a company can get away without the added cost and complexity, then they will. It will be done to the minimum requirements, by the lowest bidder, on a best effort basis.

For CEOs and executive, their jobs are to secure contracts and bring in revenue. They pass opportunities onto sales teams whose job it is to pull in that money and the unfortunate truth is that security disrupts this. For instance, when an email gets blocked from a client, to the CEO or sales team the money the company spent on security is now costing them profits/deals and on top of that, they have to pay someone to fix it! Even if the email was blocked because it contained a malicious payload from a hacked email account, it’s still problematic that communication and potential sale was disrupted.

Small companies usually don’t have the funds available to protect data and large enterprises are usually so spread out they lose control or don’t implement required security due to the massive price tag. So they fumble around hoping nothing happens until something does and then they implement the bare minimum while using fancy words like "cutting edge cybersecurity"or "leading security innovation" to restore your trust.

Most of the “security engineers” today are far from that and that is why it is ultimately up to you to protect your data, know how it’s being used and vet who to trust. This, however, is not easy and is why most choose to ignore it because it’s a lot easier to ignore a sinking ship when you haven’t touched the water yet.

Due to this trend, security is something no one talks about unless some big breach is uncovered, like with Equifax. Even large breaches like with Target get a reaction of “aw man, now my bank is going to send me a new debit card and I have to activate it, UGH.”

We’ve all been there, however, it’s not so much the event, but the complacency everyone has about it that is the problem, you need to be proactive and hold those who do not take your privacy and security seriously accountable.

So what can you do? Well, we have complied a small list of basic security tips to keep you and your information safe. Most of it is simply being mindful about what you do and who you give out information to. Of course, you can always hire someone that actually knows about security like InfoView Systems, but there is a lot you can do on your own to stay safe. If you run a business -- no matter how small -- you absolutely need to invest at least a little into cybersecurity and into someone who knows about it. Just one ransomware attack taking out a QuickBooks database can bankrupt a business.

Security Tips

1. Use strong passwords.

  • Length is really what matters here. You can write out a sentence like “Thispasswordissostrong!” and that is great. Adding complexity enhances the entropy, but the major factor in a password is length.
  • Always use different passwords for your accounts, never reuse the same password. This is extremely important for your high-profile accounts, such as your primary email (where password resets are sent) and financial accounts. If one account gets compromised, it’s no big deal.
  • Always password protect your devices including your log-in for your computer or a pin for your cellphone, as this not only protects the device from local snooping eyes, it also prevents hackers from easily gaining access to your devices.
  • In addition to strong passwords, always use 2FA (two-factor authentication) or MFA (multi-factor authentication) when available. This makes it exponentially harder for someone to break into your accounts.
  • You can use biometrics -- such as fingerprint, speech and facial recognition -- as an added layer of security in the same way.
  • Change your passwords at least once per year. Changing your password frequently keeps you protected from breaches (as not every company discloses them) and kicks anyone out if your account was already compromised. Just make sure the recovery email is set to one you own and that it is not compromised!

2. Only use trusted devices and networks.

  • Always be mindful of where and what you are using to access your accounts. Make sure the device you are using isn’t compromised and assume any public device is.
  • Avoid saving passwords or selecting “keep me signed in” options, and only use known personally owned devices to access your high-profile accounts. If you want the convenience of saved passwords, use programs designed to keep your password data encrypted and protected with a master password.
  • Never use unencrypted public Wi-Fi networks to log into your accounts. If you want to use a public Wi-Fi network, invest in an encrypted virtual private network (VPN) to safely tunnel all of your data from snooping eyes.

3. Keep your devices up-to-date and use security software.

  • Developers are always patching their software to fix security holes, but it’s up to you to actually update and take advantage of them.
  • Invest into security software for all of your devices (a lot are free!). Even cellphones have antivirus software. Use one!
  • Most devices can encrypt themselves to help keep your information safe and private. You can look into various methods for this and how to keep backups. Just don’t lose your decryption key!

4. Keep track of your online accounts and limit the information you share.

  • Shut down accounts that you no longer use and only give the bare minimum to use these accounts.
  • Opt out of any advertisements or data collection unless you specifically want it.
  • You can use fake information or a separate spam email account for non-essential accounts.
  • When purchasing online, make sure that the site you are buying from is trusted, correct, and is using proper SSL/TLS (HTTPS) encryption. You can see this from the green padlock in the URL. Never transfer personal data of any kind over an unencrypted connection.
  • Buy things with a credit card or third-party service, such as PayPal, or a temporary number offered by credit card companies. This prevents your real information from being sent over the internet and offers a buffer from malicious attacks. It is also much easier to dispute a credit card transaction than a bank account transfer, should there be mischief.
  • Take advantage of any and all security features offered by your accounts (bank, email, etc) and look for any special offers or opt in/out services that can help you. A lot of companies offer additional services at no cost as long as you are aware and sign up for them.
  • Limit the amount of information you share over any social platform. Remember any information you post online is there forever! Even when you don’t actually post anything, your keystrokes can be captured! Facebook is known to send your keystrokes to their servers even if you haven’t submitted your post yet!

5. Make sure your devices and networks are safe.

  • Run virus scans on your owned devices and remove unknown programs.
  • A lot of apps listen to your voice and will send what it captures out for targeting advertisements and data collection. You can always view which apps have permission to your microphone/camera/etc., and you can deny these permissions.
  • Make sure your network has basic security features such as a firewall. Yes, even your home network! Network segmentation can help a lot with this, especially with the abundance of IoT (Internet of Things) devices today causing security nightmares.
  • Always make sure you are connected to the correct URL. Hackers like to set up fake websites that look identical or are setup as a common mistyped URL to fool you. Double- or triple-check you are on the correct site before you enter any user data.
  • Make sure you have good spam filtering on your email and never trust email as a good source of information. If you really owe the IRS $10,000, you will get official letters from them, calls, and you will be able to verify with them. They won’t simply send you an email.
  • Don’t fall for spam calls. Assume any call is bogus unless proven otherwise.
  • Never run a program or open an email from someone you do not know or trust. Even if you do know them, if they never normally send you a file be wary and call them for verification.

6. Use the latest security measures.

  • Use the chip reader instead of a swipe card reader with credit cards. Use a strong pin code.
  • Make sure to sign your cards and ask for photo ID verification.
  • Disable Apple pay, Google pay, Samsung pay, Bluetooth, Wi-Fi and GPS on your mobile devices when not using them to prevent data loss or theft.
  • Use RFID blocking wallets for your credit cards/ID to prevent them from being scanned in your pocket.
  • Make sure to keep your passwords and pin codes safe from spying eyes!
  • Pay in cash at sketchy businesses or places that have really old infrastructure. Chances are your data is not being kept or transferred safely. Always get a receipt.

7. Frequently check your accounts.

  • Make sure your accounts are in good standing and nothing looks fishy.
  • Check your credit scores frequently and freeze your accounts when not in use!

These are some basic guidelines to follow to help keep you and your information protected. We understand some of these tips are easier to implement than others. That’s why security professional exist and we are here to help you!

Garrett Babinchak is the network engineer at Infoview Systems, Inc. In this role, Garrett oversees security and connectivity for Infoview's clients across Metro Detroit.

 

Foundation Members