While it may be fairly easy to point out people who have the ability to gain physical access to our devices, it’s much more difficult to identify those who can gain remote access to them. As long as your device is connected to the internet, there is risk of a remote attacker gaining access to your information. But more importantly, you can develop habits that can significantly reduce your risk of being attacked. Here are some practices we recommend that you and your employees implement:
- Create a strong password. Using a strong, and long, password that is unique to each device and account is crucial. Longer passwords are more secure, but they can be difficult to remember. One of our recommendations for creating a long password is using a “passphrase.” A passphrase is a combination of four or more words grouped together used as a password. This way, it’s long and less likely to be guessed by a hacker.
- Use a password manager. Another thing that can protect your password security is password manager applications. These manage your accounts and passwords, and can identify weak or repeated passwords. Since there are many different applications, you should choose one with an overall positive review. Using one of these can contribute largely to your overall password security.
- Use multi-factor authentication. Multi-factor authentication (MFA) is a secure method of granting access to your accounts or devices. It acts as an extra layer of security by requiring at least two of the following: something you know (password/PIN), something you have (another device), or something you are (fingerprint or facial recognition). Because one of these credentials requires your physical presence, this makes it more difficult for an attacker to compromise your device.
- Security questions. When you’re setting up an account, you will sometimes have to choose and answer security questions based on your personal life. When answering the questions, make sure you are using private information that only you would know. Answers that can be found on the internet or your social media accounts should not be used. Also, try and pick answers that people around you might not even know. Doing so makes it easier for someone to guess your password.
Keep all of your personal electronic device software current.
Manufacturing companies release updates as they discover vulnerabilities in their products. On some devices, you have the option to set up automatic updates which makes it easy on you. But, you may need to manually update some of your other devices depending on what you’re working with. It’s important to note that you should only apply updates from manufacturer websites or built-in application stores. Updates from third party websites and applications are unreliable and may cause an infection in your device.
Be suspicious of unexpected emails.
Phishing emails are one of the most common threats to the average user. These are aimed towards stealing information or money from you, or installing malware on your device. As we’ve mentioned in a previous blog post, there are ways to combat this. Email security training is our recommendation because it develops awareness that helps minimize the dangerous risks associating with phishing.
if you want to learn more about these practices or find out what else you can do to ensure you’re keeping your information secure.
“Each technician demonstrates knowledge, proficiency, and courtesy when troubleshooting.” -Liv Hustvedt
See https://us-cert.cisa.gov/ncas/tips/ST04-003 for more information