With National Cyber Security Awareness Month kicking off this month with the goal of raising awareness about cybersecurity and increasing the resiliency of the nation in the event of a cyber-incident, we’d like to share a series of tips aligned with each of the various focus areas of the campaign.
For this first week, we’ll cover tips for online safety for consumers. In subsequent weeks, we’ll be looking at topics such as secure development of IT products, critical infrastructure and the Internet of Things, cybersecurity for small and medium-sized businesses and entrepreneurs, and cybercrime and law enforcement.
As I mentioned in a recent blog for Computerworld, 5 cybersecurity tips for consumers: Lessons learned in the enterprise, with so many of our everyday consumer business processes such as finance, healthcare now online, they’ve become de-facto mission-critical computing processes. We need them constantly accessible, available and secure.
While the Consumerization of IT has brought many consumer technologies such as cloud, mobile and social computing to the world of business , cybersecurity is actually trending in the other direction. We’re starting to see cybersecurity innovations in the business world start to find their way into consumer devices. A good example is the use of biometrics for authentication in the smartphone arena as well as the increasing availability of two-factor authentication on many sites.
It’s therefore time for us as consumers to start treating our digital assets as a business would, not only with the latest security technologies such as biometrics, but with more robust practices and policies as well. This means understanding your exposure (i.e. the breadth of your digital footprint out there on the Internet), prioritizing your most sensitive accounts and assets, raising the protection levels for those assets according to their sensitivity, and being more disciplined with regard to backups and business continuity/disaster recovery (BC/DR) plans in the event of a breach.
Here are five tips to help you get started:
1 – Take inventory of your digital footprint
With your digital information scattered everywhere over the course of a lifetime, it’s important to think about what valuable information you have where. For example, how many web sites are storing your credit card information? How many have up-to-date card numbers and expiration dates? Where do you have important documents, files and videos across the web? You can start by making a list and noting the types of sensitive data associated with each site. If there are sites you no longer use, you might want to consider deleting your account profiles.
2 – Prioritize your most sensitive accounts
Once you’ve taken inventory and done some housekeeping, you can then prioritize your most sensitive accounts and elevate the security levels in those areas to the highest levels available. You can prioritize your accounts by the sensitivity of the data such as personal financial information, health records and so on. An easy scheme might be a classification of “low,” “medium” and “high” for the levels of data sensitivity associated with each site. To make the classification, think about how much of an issue it would be if that particular account got hacked and someone had access to this information and could alter the data, make fraudulent charges, or even steal your identity.
3 – Set the strongest possible access control and authentication for these priority accounts
Go through these priority accounts one by one and elevate your security and privacy settings. This means setting stronger passwords, changing your security questions, moving to higher levels of authentication where available, and higher privacy settings. You’ll also want to change your passwords more frequently for these accounts. Be sure to think about your mobile device and applications as well as your PC or laptop when elevating your security and privacy settings. The DHS’ Stop.Think.Connect campaign has some good recommendations for mobile security in their toolkit which is tailored for different audiences.
4 – Keep up to date with security patches, use caution when providing information online, and back up your data regularly
It’s important to keep your operating system, browser and other critical software up to date with the latest security patches to minimize threats from viruses and malware, and also limit the amount of personal information you post online. Watch out for retail sites that hide monthly subscriptions in their fine print, so you don’t sign up for more than you bargained for. In addition, you’ll want to back up your data on a regular basis either via an online service and/or offline to an external storage device. Scheduling this backup automatically can help to ensure a regular cadence.
5 – Have your personal “BC/DR” plan ready to go ahead of time
Keep an eye on your bank accounts and other online accounts and services to watch out for suspicious activity. If you discover a problem with one of your accounts, it’s important to pay close attention to your other accounts as well. Just like a business’ BC/DR plan, your personal plan should help you continue your “operations” in the event of an adverse physical event, or if your accounts get compromised via cyber theft. Your plan should help you continue to operate “business as usual” and recover your access. Keep a list of important numbers to call in the event of identity theft and a list of your credit card numbers in case they’re stolen.
Cybersecurity is everyone’s responsibility
In our latest Unisys Security Index, we found that credit and debit card fraud topped Americans’ security concerns in 2014, against the recent backdrop of major retail and banking security breaches. We also found that 60 percent of US respondents said a security breach involving their personal or credit card data would make them less likely to do business at a bank or store they commonly use.
With the rising number of successful attacks against high-profile targets, it’s now not a question of if you’ll get hacked, but when. Cybersecurity is everyone’s responsibility – including consumers, retailers, financial institutions, and government. As I discussed in a prior blog, the nature of the cybersecurity threat is evolving, but many attacks are also successful due to simple lapses in applying common security controls. Businesses can do more to implement robust security practices, and so can consumers.
The DHS’s Stop.Think.Connect campaign has some good general tips regarding safer online habits as follows:
There’s no magic fix, of course. But the more you know, and the more safeguards you apply, the better.
Author’s Note: Portions of this blog first appeared in Computerworld in my blog entitled “5 cybersecurity tips for consumers: Lessons learned in the enterprise”.
U.S. National Cyber Security Awareness Month Blog Series:
Week 1: 5 Tips for Consumers for Online Safety