6 easy cybersecurity tips you can implement right now

15 Aug 2019

Image: © kite_rin/Stock.adobe.com

Keeping your data safe in the online world doesn’t necessarily have to be expensive or arduous.

Amid a constant barrage of news regarding breaches and increasingly complex malware, it’s easy to feel like a sitting duck in the online space. As the world becomes more digital, threat actors are becoming even more sophisticated in their modes of attack.

That doesn’t mean, however, that you can’t take extremely straightforward steps to better guard your data and your accounts. Being cybersecure doesn’t need to be costly or labour-intensive. In fact, these personal cybersecurity tips are almost painfully easy.

Keep your software up to date

Software isn’t perfect and often needs to evolve – that’s why software developers will frequently create updates and then roll them out to users. These patches will do anything from resolving vulnerabilities to ironing out annoying bugs.

Yet you may not always patch software for a few different reasons. It could be that you are prompted to update but then forget. You may not want to deal with the inconvenience of having to shut down your app or device, which is often required when an update comes through. You may worry that a patch will bring with it its own host of new bugs or that it may cause your device to lag.

While these concerns are understandable, rest assured that the repercussions of getting hacked will far outweigh any annoyance that comes from having to update. Cybercriminals are aware that users are occasionally sluggish to patch and they will exploit this.

You should make sure all your apps, devices and important browser plug-ins such as Flash and Java always have the latest patch. Most devices and apps have a setting that automatically loads updates as they are released, which you should consider turning on if you find yourself forgetting to update.

Use stronger passwords

Passwords as rudimentary as ‘password1’  or ‘123456’ are still among the most commonly used passwords. You wouldn’t tie a piece of twine to the handle of your front door to keep it secure, so why would you guard your data with an extremely hackable password?

Considering the amount of highly sensitive data you store on your online accounts, such as banking information and health data, leaving your accounts vulnerable can be detrimental.

Here’s a quick idea for creating more secure passwords. Take four random terms such as ‘Kafka’, ‘cauliflower’, ‘hand’ and ‘paracetamol’. Dream up a little story to link the terms, such as ‘Kafka put down the cauliflower in his hand and picked up some paracetamol’. Put the four terms together (KafkaCauliflowerHandParacetamol) and then replace some of the consonants and vowels with numbers and special characters, such as replacing ‘l’ with ‘1’ and ‘a’ with an ‘@’ sign. Now, you have a far more difficult-to-crack password, with a handy technique for remembering it.

Better yet, get a password management service such as LastPass, 1Password or Dashlane. These services will generate and store secure passwords for you and often will automatically log you in whenever you land on relevant web pages.

Read your emails carefully

Some cybersecurity experts say that malware is actually not as popular a method of infection as it once was. If anything, cybercriminals these days are more likely to rely on ‘social engineering’ – in other words, they’ll simply trick users into granting them access.

One of the most common ways to do this is with phishing scams via email, so you must be really careful whenever you are prompted to share personal details or download pdfs, voice recordings, images or files.

If you receive an email that purports to be from your bank, one of your utility carriers or your employer, ask yourself if the request they’re making is something they’d likely petition over email. Look at the email address – is it the bank’s official email, or is it a string of numbers?

The text of an email can be indicative too. If the tone is unnatural or otherwise strikes you as ‘off’, delete the message. When in doubt, look up the official contact details for these organisations and ask them if they are genuinely trying to reach you.

Ask if you’ve been ‘pwned’

Have I Been Pwned is an excellent tool that allows you to input your email and analyse available information about data breaches to see whether your accounts have been affected and, if so, what was accessed.

It’s an extremely simple way to ascertain how exposed your data has been so far. If you have been caught up in a breach, changing your password and not using the password from that account again for any of your other profiles can remedy the situation.

The website even sometimes sends email alerts to let users know when breaches have occurred, meaning that you can stay informed and act quickly when leaks happen.

Re-think what data you give away

Look closely at the kind of information companies want you to give them. When signing up to a service, the entry forms may cast the net widely, but that doesn’t mean you should provide everything they’re asking for. When in doubt, only provide information that is absolutely necessary.

People may have this heightened awareness about their financial information, for example, but they won’t necessarily be as protective with their phone number. Yet if a threat actor has your phone number, they can use a technique called ‘SIM hacking’ to steal your mobile number and then either hold that number at ransom or use it to gain access to your bank account, PayPal and more.

This is just one example of how data you may think is pretty innocuous can be used against you in very sinister ways if it falls into the wrong hands, so don’t just give it away without weighing up the pros and cons first.

Get the right tools

There are a few tools you can get to further beef up your personal cybersecurity practices. Having a good firewall and antivirus software is a great first step that, fortunately, most users already have.

Have you considered getting a two-factor authentication (2FA) key, however? 2FA keys prompt an extra layer of authentication when logging into devices or accounts, such as asking you to give a PIN as well as your password to access your bank account. They are available in both software and hardware form, though some would argue that hardware is more user friendly.

You could also consider getting a privacy screen protector, which means that people can’t see your screen from certain angles.

Eva Short was a journalist at Silicon Republic

editorial@siliconrepublic.com