Contributed by Brad Snyder & Floria Siu
One of Red Ventures’ core values is “getting better every day.” In keeping with this, the Red Ventures security team led the company through various activities as we participated in the Cybersecurity and Infrastructure Security Agency’s (CISA) annual Cybersecurity Awareness Month. The theme of this year’s event was “Do your part. Be CyberSmart.”
The overriding idea behind cybersecurity is that everyone is responsible for keeping themselves and their personal data secure. Your personal email, social media accounts, personal computer, and mobile devices are only ever a single click or URL visit away from attack and compromise.
As we roll into the holidays and many people travel to visit with friends and family, the tips and tricks for remaining cybersmart are more relevant than ever. Here are a few of the things we emphasized during the past month that you can use during this holiday season and beyond to be CyberSmart.
Between the holidays and with everyone being sequestered in their homes due to the pandemic, we are all eager to get out and visit family, friends, and exotic locales. But before you post your travel plans or anything else to social media, consider the following:
- Who can see your social media posts? Keep in mind that there is no real privacy in social media. Even if you share only with friends, your friends can always take a screen capture and share with those outside of your permissions.
- The Internet does not forget. Anything you post now can be retrieved in the future. Do you want your post to be available forever?
- Keep travel plans secret until you return. Just like you might stop your mail or use timers to turn on lights in your home while you’re away, you don’t want to announce to bad guys that your home is actually empty at the moment.
A good rule of thumb is to periodically check your privacy settings on social media and confirm they’re set to a level you’re comfortable with. And – even though they’re long – we highly recommend checking the terms and conditions and privacy settings when signing up for accounts or installing new apps.
Apple users should take care when using the Airdrop feature. Have you heard the stories of people on airplanes Airdropping files to their fellow travellers’ phones? In one case, several passengers accepted an unrecognized Airdrop request and – after realizing the files were threatening in nature – caused the entire plane to evacuate! YIKES!
As with phishy emails containing attachments and links, you should never accept Airdropped files from a person or device you don’t recognize. In fact, it’s good practice to turn off the ability to receive Airdropped files when not in use. When you do use this feature, enable it to work only with contacts.
If it’s free and convenient for you, it’s free and convenient for hackers too. Hackers can use unsecured networks to capture data or distribute malware to your device. Anyone can set up a Wi-Fi network with a popular hotspot name. Consider how safe-sounding “Starbucks WiFi” or “PumpkinSpice” might sound if you are sitting inside a Starbucks.
Because you never know how secure the Wi-Fi is, you should not enable your device to connect to these public Wi-Fi networks automatically. And even if you choose to connect manually, consider the fact that those Wi-Fi networks might not be configured very securely. It’s a better practice to use your mobile phone data or your phone as a hotspot for another device.
If you must use a public Wi-Fi network, connect to a VPN immediately after connecting. The VPN protects your data and your privacy by transmitting data through an encrypted virtual tunnel. It also helps to hide your location from the site you are browsing. VPNs are available for most mobile devices. A quick search of your favorite app store will reveal several options. It’s worth a few bucks a month to invest in one.
Multi-factor authentication (MFA) is a means of authentication that requires two or more steps to verify your identity when logging in to online accounts. A common MFA or 2FA (two-factor authentication, MFA’s popular cousin) configuration requires a user name, password, and another means (often a texted code that you receive when you attempt to log in). The idea behind this is that only you have your phone and will be the one to receive the text message with the code. If the code isn’t entered correctly (or in the allotted time) neither you (nor anyone else) can log into your account, even with your other credentials.
If any of your personal accounts offer MFA or 2FA, set it up – most account-providing platforms have it these days. To learn more about MFA or 2FA, check out this documentation from Google, Facebook, and Apple ID, and look for it on all your favorite account platforms.
Hackers have never really grown tired of social engineering. Phishing through email remains a big problem, but hackers are always branching out. For example, have you heard of smishing (SMS+phishing)? It’s all the rage these days. It’s the same as phishing, only the messages are sent via text message instead of email.
How about vishing (voice+phishing)? We’re all familiar with the incessant calls from folks trying to encourage us to extend our car warranties. But the person on the other end of the phone doesn’t actually care about your vehicle’s longevity! They’re typically a hacker trying to get you to tell him or her your personal information so they can then exploit that data.
As with any social engineering scam, your best defense is to remain skeptical of offers that come to you unsolicited or from phone numbers or email addresses that you do not recognize. But also consider the following points when interacting with such communications:
- Never click on any links in unrecognized/unsolicited emails or text messages.
- Watch for misspelled words and poor grammar. No marketing organization worth its salt would allow sloppily-formatted materials be sent in their name.
- Be wary of emails, texts, and phone calls purporting to be from the government. In the US, the government communicates primarily through the postal service. If you get such a call, hang up and call the agency directly.
- Do not offer any information about yourself to someone you do not know or cannot verify through another means. If you get a text message from your “dentist” with a link to confirm your appointment, it’s not a bad idea to call your dentist directly to confirm that the message is legitimate.
Back up your files to the cloud
Have you ever forgotten to save a file before you closed it or had the program crash, resulting in a loss of your work? If you know how frustrating that is, imagine how you’d feel if someone stole your laptop or phone with all of your files. Or, what if your device was infected with malware or ransomware? If you back up your files to a cloud-based system, your important files and memorable pictures are retrievable. (And if you choose a cloud location, remember to turn on MFA!)
With all this talk of cybersecurity, it’s easy to forget that the physical security of your personal devices is also an important piece of the puzzle. Computers, phones, tablets, and other gadgets are popular targets for thieves. Always remember to secure your items.
- Thieves often work in teams: One person to distract you and the other taking action. Remain aware of your surroundings.
- Safeguard your belongings. Don’t leave them unattended.
- Lock your devices when not in use.
Do your part. Be CyberSmart!
We hope that these tips encourage you to make cybersecurity part of your daily routine. The tips and tricks listed here are just the beginning to having a healthy cybersecurity posture – cyber criminals are always finding new ways to get at your data, so it’s important to stay educated and up to date on the latest cybersecurity best practices!.
And remember, not everyone is up to speed with many of these tips. So, while you visit your friends and family over the holidays, make sure to pass on some of these points, so that they can also be CyberSmart.