The month of October was National Cybersecurity Awareness Month, and we ran a series of blogs about cybersecurity with the aim of helping you secure your customers and yourselves. Well, November 30 is National Computer Security Day, and I can’t think of a better time to remind us all how important it is to secure our own digital life, since many of us will be doing holiday shopping and personal business from our computers at home.
National Computer Security Day was first introduced in November 1988. Back then, the internet was in its early stages, and its users and connected computers numbered in the thousands. Government, universities, and labs were the primary users, and it was a way to exchange knowledge and information. Who could have imagined how it would become woven into everything we do!
That year and month also happens to be the time we marked the first widely known virus (or actually a worm), which sparked a whole new set of concerns for protecting this new network. A lot has changed since then.
Where we are now
Just about every device we use is connected to the internet in some shape or form today. From our laptops to our phones, cameras, watches, industrial equipment, and even cars, everything is now connected in 2020. In fact, it’s estimated that some 20 billion devices are connected to the internet. Unfortunately that means a lot of opportunities for bad actors to distribute and leverage viruses, worms, and ransomware for their gain. So how else have things changed since the first National Computer Security Day?
- There’s an app for that: most services and products can be accessed online from many of the devices you own, meaning protecting account information and credentials has become more important than ever in today’s world.
- All types of devices live in our homes and work, and they’re all connected
- We’re working from home, using a mix of company-issued and personal devices to get our work done, and accounts and credentials are “cross-pollenating” between devices
- Threat actors have become craftier (and bolder) than ever, creating new techniques to bypass existing protections and creating more complex attacks to gain access to data
- All our data lives somewhere out there, in multiple places, and there is a good chance that your favorite go-to password is included in one of the many breaches that have occurred over the years
This means the basic measures we took even just a few years ago to protect the endpoint are not enough anymore. It takes understanding the threats that are out there, where your account information might have been breached or stolen, and what the right habits are that keep you protected. These are also part of the “must haves” of a good security plan, both for you, your customers, your families, and your business. Here are some steps you can take to ensure you are secure today:
Of course, just about every article that talks about computer security starts with the usual suspects, which are still the right foundation:
- Install and run endpoint protection on your systems
- Make sure to keep your programs and operating systems up-to-date—these updates contain security fixes for recent threats
- Use a VPN when accessing unknown Wi-Fi networks to keep your browsing data secure
- Take extra care when clicking on links in emails to make sure you know the email is valid and the site you’re visiting is legitimate
This is just the beginning state now, since threats continue to increase in severity and complexity. It’s a great start, but here are a few other things you should do and knowledge you should share with your customers and family members:
Since National Computer Security Day was created, there have been many groups and organizations devoted to protecting digital infrastructure and keeping you and your family safe. Even the Department of Homeland Security in the U.S. created its own division dedicated to protecting businesses and individuals from cybercrime and other threats. Here are just a few organizations that can help you stay up to speed on the type of threats that are out there:
- Cybersecurity and Infrastructure Security Agency (CISA): created by the U.S. government to keep you updated on security threats. Visit their website to see recent cybercrime activity and sign up for their alerts at the bottom of the page
- National Cybersecurity Alliance (NCSA): provides a mix of information and tips for families and businesses to keep you aware of the risks and give you advice you can use to be more secure
- GetSafeOnline.org: focused more on family and home protection, with a section on talking to children about being safe
Periodically check to see if your accounts have been involved in a breach
Since accounts and credentials are one of the main ways bad actors gain access to systems and data, it may be that the password you were using for your social account was involved in a breach. Knowing this will allow you to ensure you no longer use that password and can change them where applicable. HaveIBeenPwned is a free service that will search breach records. Go to haveibeenpwned.com/ and do a search for your email address. You may be surprised to find out that your email address was involved in several breaches where your password was exposed, prompting you to change your passwords and perhaps embrace tighter security on your accounts.
Learn the best practices for protecting your accounts
Making sure you’re using unique, hard-to-guess passwords and using a password manager are a great start. And enabling multi-factor authentication is one of the most important. Even if someone can guess or steal your password through a phishing attack or other means, the second layer of protection will prevent them from successfully accessing the account. Here are a few resources you can use:
- This site, www.getsafeonline.org/shopping-banking/passwords/, offers advice on personal accounts and creating safe password habits.
- PCMag.com has a great article that even shows you how to set up multi-factor authentication on many common personal services. Share it with your family and help them set up this additional security.
- Take some time to look up the right steps to take if you think an account has been hacked. Nearly every site or service has a help section where they tell you exactly what to do to get their assistance if you feel an account has been taken over. Knowing where to find this information in advance is helpful, since you may be in a panicked state.
Share the knowledge
Since you’re here on the SolarWinds blog reading this, it’s likely some of this is core knowledge and common sense for you as someone in a technical field. But it likely is not for the rest of the family. As the holidays approach, take a few minutes to share some of this knowledge with those you love. This can help all of us stay one step ahead of the bad actors and the threats they represent in our digital lives.
Stay safe out there!
Gill Langston is head security nerd for SolarWinds MSP. You can follow Gill on Twitter at @cybersec_nerd