Summer is upon us – a time for family, fun and travel. Whether you’re going around the block or around the world, odds are you’re taking your work laptop (just in case). And of course, you’re taking your smartphone. Maybe you’ll want to check email on your phone using the hotel’s public WiFi. Maybe the kids want to play an online game on that laptop.
If you haven’t exercised good cybersecurity hygiene, though, you could be opening yourself up to all kinds of fun-zapping connectivity catastrophe – and not only for yourself but for others as well.
Here is the harsh reality: If you haven’t taken the time to secure your connected devices, you are part of the cybersecurity problem. Malware like WannaCry spreads rapidly because it operates using a software vulnerability that cybercriminals know most organizations and individuals haven’t bothered to patch. The Mirai botnet used roughly 100,000 unsecured connected devices like security cameras to overwhelm service provider Dyn, resulting in an outage that took a significant number of the nation’s websites offline.
Think of cyber attacks as viruses or bacteria. Before people understood what caused illness, personal hygiene was very different. Surgeons didn’t wash their hands before operating; nor did cooks before preparing a meal. Disease spread quickly from person to person. As medical science began to understand the role of microscopic organisms in illness, as well as how basic hygiene could thwart them, washing more regularly caught on. Disease didn’t spread as easily.
In short, WannaCry and Mirai are possible because people aren’t practicing good technology hygiene.
A quick word about mobile: Malware is most widely distributed across desktops and laptops, but cybercriminals haven’t forgotten about mobile – and neither should you. Consumers are used to thinking of cybersecurity in terms of protecting their computers but tend to neglect the powerful computer in their hand. But smartphones have security vulnerabilities as well; make sure to apply the recommendations below to them.
Be Your Own Security Team
There are no legal requirements that the connected devices you buy be protected from cybercriminals. That means the onus is on us as consumers to protect whatever connected assets we own. We all need to become responsible net citizens.
Below are four components of cybersecurity that you can take control of to greatly increase the likelihood of keeping your data and devices safe.
1. Practice Good WiFi Hygiene
Public WiFi is fraught with peril. Your online communications can be intercepted in a number of ways. A man-in-the-middle attack is one of them. In this scenario, someone at the public location—a coffee shop, for instance—broadcasts his device as “Free Coffeshop WiFi.” When you connect, he connects you to the internet through his device and then captures all the traffic moving between you and your online shopping site. He then has your payment details, address, login credentials and so on.
To avoid interception of your sensitive data, always use a secure, trusted virtual private network (VPN) provider on any open WiFi network. If you are going to be online in public places frequently, there are a number of low-cost or no-cost services that will ensure that your connection is always protected. A rule of thumb for the security-minded is to not connect to any free WiFi network that is not known to you – for instance, at a café in a city you’re visiting. (Free WiFi at your hotel, though, where you are a paying guest, has a far greater likelihood of being safe to use.) Alternately, you can use a mobile hot spot from an internet service provider; most smartphones can be used as a hot spot as well.
Another best practice is to make sure that your connection is secure or encrypted any time you are online in a public location or are making a financial or private transaction. Look at the URL bar of your browser and make sure that the address starts with https:// rather than http://, which means that the transactions are protected using SSL encryption. Having SSL enabled is important, but encryption only works on secure communications while in transit. So, if you are connected to a rogue WiFi access point, your data may still be exposed. If you do decide to connect to a free WiFi network, make sure it is one known to you.
Bonus tip: Make sure you disable the automatic WiFi connections feature on your device. Otherwise, if you connect to a malicious access point, your device may remember it and auto-connect to it when it’s available again.
2. Create Stronger Passwords
The primary reason it’s so easy to hack people’s accounts is that they generally use the same password across accounts. So, for the millionth time, stop doing that. In today’s rapid-fire, always-on world, it can feel overwhelming to have to keep track of 50 different, unique and strong passwords, but it doesn’t have to be. There are services like LastPass that help manage all your passwords. All you need to keep track of is a single master password. This technology will also automatically create strong random passwords for each application you need to access and store them in an encrypted format. Building on security through single passwords is the two-factor authentication approach, which the next point addresses.
3. Use Two-Factor Authentication
More and more applications are requiring two or more factors to authenticate their users. Don’t fight it; embrace it. You make think “What a pain” when asked to supply a second proof of identity, but it’s nothing compared to the pain of ransomware or identity theft. Yes, it takes a few more seconds to wait for a security code to appear on your smartphone and then enter that code, but the short wait time keeps you, your online accounts and your personal data safer. Security is a feature, not a bug.
4. Find the Viruses and Malware
Install antivirus and anti-malware software, keep it updated and run it regularly. Do your homework first, though. There are actually products pretending to be security tools that are disguised malware – a clever and ironic trap. Because no software is 100 percent effective, set up a regular schedule—once a month should suffice—where you use a second or third security solution to scan your device or network. (Many solutions provide a free online version or let you run a free demo for a period of time.) Most anti-malware software comes with a firewall; make sure you enable this added protection.
Plan Ahead, Stay Sharp
Don’t let the bad guys ruin your summer fun. Remember than you are in charge of your own cybersecurity; no one else is going to do it for you. Take the necessary steps before you leave for vacation and remain diligent throughout your trip. Using good sense and good hygiene gives you a much better chance of avoiding digital disaster.
About the author:
Anthony Giandomenico is an experienced Information Security Executive, Evangelist, Entrepreneur and Mentor with over 20 years of experience. In his current position at Fortinet he is focused on delivering knowledge, tools and methodologies to properly demonstrate advanced threat concept and defense strategy using a practical approach to security. Anthony works closely with FortiGuard Labs and Fortinet System Engineering to respond to advanced threats as they break – and proactively plan beforehand.