The invasion of Ukraine has left the world even more wary of further provocation by Russia. Not only do neighboring countries need to worry about what will happen when their borders face a threat of invasion, but the world has gone on high alert for large-scale cyber attacks, and our personal cybersecurity has never been more at risk.
While many of our workplaces have protocols and procedures to follow to prevent cyberattacks or mitigate damages during one, most of us don’t have these protections in our personal lives. Our workplaces require password managers, VPNs, and many other protections, whereas our personal accounts are protected by the same password we created in 6th grade for our AIM accounts.
Many people nowadays don’t believe they need secure passwords or other protections because large attacks don’t affect them, but that’s wishful thinking.
Large-scale cyber attacks are large because they use millions of small systems like yours and mine to do the actual work. Anything that touches the internet is a potential drone to be added to their army.
So how can you harden your personal cybersecurity defenses and prevent your accounts from falling victim to a cyber attack or becoming part of one?
Update your passwords
The first item we have to secure your personal cybersecurity is probably the easiest. Update your passwords! If you’ve been using the same password for more than a year or two, the password is no longer safe to use. TSP Support Engineer David Connelly makes it a habit to update his password every year on his birthday. While not the most fun birthday tradition, making it a habit to update your password yearly is a big step to preventing your accounts from being compromised.
With updating your passwords, it’s crucial to ensure you’re not using the same password for every account. Each account you have should have its own unique password. That doesn’t mean just adding a “1” to the end of your favorite password or a different symbol. Each password should have a combination of lowercase and uppercase letters, numbers, and symbols and be at least ten characters long.
Not sure how to remember dozens of unique passwords that fit these criteria? A password manager like 1Password or LastPass stores all of your passwords in one place and even creates unique passwords, so you don’t reuse passwords.
Stat to know: 81% of security breaches are due to weak or stolen passwords - LastPass
Enable MFA wherever possible
While it may be annoying to check our texts or the Google Authenticator app every time we log in to our accounts, using Multi-Factor Authentication (MFA) is one of the easiest ways to keep our logins secure and personal cybersecurity protected. MFA authentication is based on bringing in one of three types of additional information to the login process: things you know (a password or PIN), things you have (a key fob or smartphone app), or things you are (fingerprint or voice recognition). While most logins will use either a one-time PIN code texted to us or an app like Google Authenticator, these methods vastly strengthen your account security. If you’ve installed 1Password as we recommended above, it also has a feature built in that will auto-fill your MFA code so you don’t need to bother with another app or a text every time you log in!
If your login process for a particular account doesn’t use MFA by default, check your account settings and enable MFA. Most popular services offer this option, even if it’s not automatically enabled when creating your account.
Stat to know: A 2019 report from Microsoft concluded that MFA blocks 99.9% of automated attacks - Microsoft
Check to see where you’re logged in
This tip is one of the easiest things you can do to protect your accounts, but many people don’t realize it exists. You can see which devices are currently logged in on most of your accounts, especially streaming services like Netflix and Hulu and social media accounts. This not only shows you where and when each device last used your credentials, but it also gives you the option to log out of each one individually or force a password to be entered on the next login. This feature is handy for those that may have upgraded their iPhone and forgot to log out on their old device or frequent travelers who might use their Netflix account on their hotel television.
Invest in basic protection
Our work computers are often built out with a whole stack of protection software from Cisco Umbrella to Sophos monitoring. This “swiss cheese” approach to protection by layering your defenses (learn more about how we do this with Jamf) works great for protecting our work machines, but is often impractical and unaffordable to deploy on our personal devices. Even if you’re using Apple products (the common myth that Apple products aren’t prone to viruses and attacks is quite dated), you should invest in some defense for your device. While we steer clear of recommending specific products for your personal devices, this article from PCMag outlines some of the more consumer-friendly options for your personal cybersecurity.
Beyond just antivirus, using a VPN is never a bad idea when using your computer away from your home network. Check out our article on Staying safe while on public WiFi to learn more!
Back-up your data
Despite all the best protections in the world and following the safest practices, sometimes a data breach is inevitable. Whether the hackers utilize a day zero flaw in software or a trusted company you give your personal information to falls victim to a breach, there’s no guaranteed way to prevent a cyber attack. Given this, the best way to ensure you’re back up and running quickly after one is by maintaining accurate and up-to-date backups of your data and information. Even iCloud only goes so far for your personal cybersecurity.
By investing in a third-party backup solution like Backblaze or Carbonite, you can ensure your data is safely stored and easily deployed to restore your devices. These solutions store your data in a secure data center with much higher security protocols than you or likely even your work computer has. The data is also encrypted before being transmitted, and each user gets a private encryption key, ensuring that even if someone else gets their hands on your data, only you can unlock your files. Most plans on consumer backups start around $7-$10 per month, a worthwhile investment to keep your data secure and your information backed up.
With data backup, I rely on the 3-2-1 method. Always have three copies of your data, on two different forms of media, one of which is stored off-site. - Jason Ross, Senior Engineer
Check for compromised accounts
Our final tip is to check if any of your accounts have already been compromised. Often, hackers gain access to our information to sell to third parties and we’re not even aware. By the time we realize this, our information has already been sold a few times, and it’s impossible to contain the breach. At TSP, we often utilize ‘have i been pwned’ to see emails or phone numbers that have been compromised. What’s great about this tool is that it not only tells you if you’ve been part of a data breach, but it tells you which data breach (or breaches!) you’ve been a part of and what information was compromised in each. If your email shows up as “Pwned” it’s probably a good idea to get yourself a new email address, or at the very least, update your password!
The final word
While the looming threat of a large-scale cyber attack has us all worried about if and when we might fall victim, these tips are important to follow any time. Since the pandemic began, the FBI has reported a 300% increase in reported cybercrimes, and this number will only continue to grow. As hackers continue to deploy phishing scams, ransomware, and more, they are casting a wide net to try and entangle anyone they can, not just the mega-wealthy or influential people. Following these tips, you can at least minimize your risk and mitigate the damage should you be targeted.
At Tech Superpowers, we’ve been helping organizations better prepare for data breaches and develop action plans surrounding cyber attacks for decades. From employee cybersecurity trainings to development of WISPs (Written Information Security Program) to give organizations a playbook for cybersecurity, we’re here to help. Contact us today to learn more about how we can better help your business, and its cybersecurity.