With the recent data breach at the US-based background check company National Public Data, the Technology Advancement Center wants to remind people and companies to remember to practice Cyber Security Hygiene. Because of breaches like this one, enroll or sign up for services that monitor your identity, credit score, bank accounts, credit cards, SSN, email accounts (Experion, Norton Life Lock, Aura, IDShield etc.). The following list contains best practices and advice for maintaining Cyber Hygiene.
Use Strong, Unique Passwords: At least 12 characters, complex and using a mix of letters, numbers, and special characters. Do not reuse passwords between your various accounts. Password managers are your friends and should be used to store passwords encrypted and securely.
Watch out for Phishing Scams: Do not click on suspicious links or attachments in messages or email.
Enable Multi-Factor Authentication: Require at least one other form of authentication in addition to password.
Use a Firewall: Enable both software and hardware firewalls to control and block unauthorized access.
Install Anti-Virus, Anti-Malware and Anti-Ransomware software: To detect and remove malicious programs.
Do Regular Software Updates: Keep applications, operating systems, and security software up to date.
Create a Local User Account: Do not stay logged in and do not use it as the administrator account.
Secure Wireless Networks: Enable WPA3 encryption and use strong, unique password, set up guest networks. Segment your networks to separate uses. (SmartTV, gaming, work, IoT)
Encrypt Backup Data at Rest: Files should be backed up to other storage to protect against data loss. Encrypt data in storage for protection.
Disable File Sharing or Peer-to-Peer Apps: Turn off Apple AirPlay and Windows share when you are not using them.
Turn off AI tools: Turn off or limit voice-based assistants (Siri, Alexa, etc.) and the newer Microsoft Co-Pilot and Apple Intelligence as they collect information about you.
Limit Personal Data Sharing: Be cautious of the data you share online and check your social media privacy settings.
Practice Safe Browsing: Use a secure, updated web browser with ad blockers and do not download software from untrusted sources. Always use HTTPS.
Secure Your Mobile Device: Use strong passwords, encryption, biometric locks. Install apps from trusted sources.
Location Services: Turn off or limit location services for increased privacy when not using them.
Free Mobile Apps: Avoid free apps that could capture and resell your device and account identifiers to data brokers.
Caution with Public Wi-Fi: Do not access sensitive or banking information. Use a VPN (Virtual Private Network)
Attachments and Microsoft Office/365 Documents: For every document or file – verify the source, sender and relevance of the Subject: line and filename/filetype. Verify really means to carefully examine the characters, fonts, spelling and structure of these ‘strings’. Be suspicious of any use of LeetSpeak and unusually long or complex filenames. If the risks seem to be low enough, try to render (‘preview’) first before downloading. When opening an Office365 document – do NOT automatically click on the Enable Editing button until it is assured that the document is not malicious. Remember too that image files can also be weaponized and malicious. It is safest to use settings that require an additional step from the user to display images (inline).
Flippers: Be vigilant in public spaces for any approach by a stranger – trying to scan (near field RF) your work ID badge, access keycard, and even RFID smart cards in your purse/wallet. Flippers are small hand-held devices capable of scanning and dumping keycard data using near-field RF technology. (See Flipper Zero – Wikipedia).
Educate Yourself and Others: Keep up to date on the latest Cyber Security best practices. Stay informed on the latest threats and information. Share Cyber Security knowledge with others.
Written by Greg Wessel
Chief Technology Officer, Technology Advancement Center (TAC)