For as long as there have been computers and networks there have been security issues to go along with them. As technology evolves, attackers develop new exploits and techniques and the threat landscape shifts. Companies and IT departments have to continuously adjust and adapt to guard against infections and compromise—and there is a lot that we as individuals can learn from our employers to do a better job of protecting our own devices and data.
So, in honor of National Cybersecurity Awareness Month in the US, this October we are sharing insights about security issues that affect our everyday lives. To kick off the series, here are three key points about the corporate approach to cybersecurity that you can apply to your own devices.
1. No target is too small
Many individuals make the mistake of assuming they don’t need to be concerned about security because they’re not targets. They think they don’t have any important data, or that they don’t have enough money for any would-be attacker to bother.
While there are certainly some targets with the potential for a lucrative payday, that isn’t necessarily the goal of most attacks. In fact, most attacks circulating on the Internet are automated—or bots—that simply seek out vulnerable connections to exploit. The bot doesn’t know who you are, or what you’re worth, and it doesn’t care.
Any compromised system has some value. The attacker may be able to skim enough information from hacking your PC or mobile device to steal your identity, or capture your credentials for things like bank and credit card accounts or social media. If nothing else, a successful compromise can enable the attacker to use your PC or device as part of a botnet to launch denial-of-service attacks, distribute spam, or wage further attacks against other systems.
You’re not too small or insignificant to be a target
The bottom line is that you’re not too small or insignificant to be a target, and you owe it to yourself—and everyone else you’re sharing the Internet with—to try and prevent yourself from being hacked.
2. Become a moving target
Everyone knows they’re supposed to use different passwords for different applications, sites, and services—and that those passwords should be changed relatively frequently. Companies implement and enforce password change policies to force users to follow this standard security practice.
We know that most people don’t actually do this for their personal accounts, though. How do we know? Well, for one thing, every time there is a major data breach, we learn that the most used passwords are still things like “123456” or “password” no matter how many years security experts have begged people to stop using those. We also find that when attackers successfully breach a site like LinkedIn or Yahoo, there is an associated increase in compromise of other sites and services because once the hackers have your username and password for one site there’s a good chance they can get into the rest of your accounts as well.
You can almost assume that your credentials will be compromised at some point
You should do your best to use different usernames and passwords across different sites and services. More importantly, though, you should periodically change your passwords. It makes you a moving target. You can almost assume that your credentials will be compromised at some point, but hopefully by the time attackers crack your password you’ve already changed it so you’re still safe.
3. Don’t let your guard down
Corporate cybersecurity relies on a combination of being both comprehensive and persistent. You can’t be secure by protecting only some of your devices and data, nor can you be secure if you only protect yourself some of the time.
You should have anti-malware or security software of some sort on your PCs and mobile devices. Security software won’t catch everything, though, so it’s also important that you remain vigilant and apply common sense. Don’t click on links or open attachments from unknown sources, or from known sources if the circumstances seem questionable. A little dose of skepticism goes a long way when it comes to avoiding attacks and exploits.
Remain vigilant and apply common sense
One more bonus tip. Back up your data. Ransomware is an insidious and growing threat. If you’re hit with ransomware, the attack will encrypt all of your data and the only way you’ll be able to regain access to it is if you pay the ransom demand...or restore your data from a recent backup. If you have copies of your data backed up on external drives or stored in the cloud somewhere, you won’t need to pay the ransom. You can just restore your unencrypted data from your backup and go on as if nothing happened.
Corporations have regulations to abide by, and generally more to protect than your average individual. They also tend to have teams of IT and security professionals to manage it all. Even though you’re not a corporation and you may not be an IT professional, you can still employ these basic principles to be more secure and protect your own devices and data.