Personal Cybersecurity Best Practices for Associations
Rick Bawcum, CEO, CIMATRI
Any person, company, association, organization, or government body can be a victim of cybercrime. Whether it’s via social media, email phishing with malware, or high-level coordinated efforts, the results are often the same (and disastrous). And as we all continue to work from home, personal cybersecurity and organizational cybersecurity are more important than ever.
Which begs the question, why aren’t you doing more to improve cybersecurity within your association?
Just consider how many websites, cloud services, and platforms you use that still only require a single username and password as the authentication mechanism. It’s like you’re driving a car without seat belts or anti-lock brakes (sure, you can do it, but it’s not the smartest move, especially when such safety features are widely available).
The internet is riddled with malicious links, trojans, and viruses, not to mention the cloud or all the different platforms your association uses every day. Data breaches are frequent, and users are more vulnerable than ever before, despite the hours of training many organizations encourage.
One click can cost thousands of dollars. As such, users need actionable personal cybersecurity to-do’s that help them stay alert and safe online (both in and out of the office).
10 Tips to Improve Individual Cybersecurity within your Association
1. Keep Your Software Up to Date
One of the most important personal cybersecurity tips to mitigate ransomware is patching outdated software. And by that we mean both your operating system and your individual applications.
This removes critical vulnerabilities hackers may use to access your devices.
We recommend:
- Turning on automatic system updates for your device
- Ensuring your desktop web browser uses automatic security updates
- Regularly updating your web browser plugins like Flash, Java, etc.
2. Anti-Virus & Firewall Protection
Anti-virus (AV) protection software is the most prevalent solution to fight malicious attacks, as it blocks malware and other malicious viruses from entering your device and compromising your data.
But firewalls are also important.
A firewall helps screen out hackers, viruses, and other malicious activity that occurs over the Internet and determines what traffic is allowed to enter your device (similar to AV protection software).
Windows and Mac OS X comes with their respective firewalls, aptly named Windows Firewall and Mac Firewall, but your router should also have a firewall built in to prevent attacks on your network.
Best practice: Use anti-virus software from trusted vendors and only run one AV tool on your device to increase your employee's personal cybersecurity and decrease your overall cyber risk.
3. Strong Passwords & Password Management Tools
While you’ve probably heard that strong passwords are critical to personal cybersecurity, the truth is passwords are actually the first line of defense to keep hackers out of your data.
According to the National Institute of Standards and Technology’s (NIST) 2017 new password policy framework, you should consider:
- Dropping the crazy mixture of upper case letters, symbols, and numbers to instead, opt for something more user-friendly with at least eight characters.
- Never using the same password twice.
- Ensuring passwords have one lowercase letter, one uppercase letter, one number, and four symbols (but not “&”, “%”, “#”, or “@”).
- Choosing something easy to remember, so you never leave a password hint out in the open or make it publicly available for hackers to see.
- Resetting your password once per year as a general refresh.
- Using a password management tool or password account vault.
4. Two-Factor or Multi-Factor Authentication
Two-factor and multi-factor authentication are services that add additional layers of personal cybersecurity to the standard password method of online identification.
Without two-factor authentication, you normally enter a username and password. But, with two-factor, you are prompted to enter one additional authentication method such as a Personal Identification Code, another password, or fingerprint.
With multi-factor authentication, you are prompted to enter more than two additional authentication methods after entering your username and password. This allows you to add additional levels of cybersecurity.
Best practice: Never use SMS delivery for two-factor authentication, as malware can be used to attack mobile phone networks and can compromise data during the process.
5. Learn about Phishing Scams and Be Suspicious
90% of ransomware attacks originate from phishing attempts.
In a phishing scheme attempt, the attacker poses as someone to trick the recipient into divulging credentials, clicking a malicious link, or opening an attachment that infects the user’s system with malware, trojan, or zero-day vulnerability exploit.
Best practices:
- Don’t open emails from people you don’t know.
- Know which links are safe and which are not. If you’re unsure, hover over a link to discover where it directs.
- Be suspicious of the emails sent to you, in general – look and see where it came from and if there are grammatical errors.
- Remember: Malicious links can come from friends who have been infected too. So, be extra careful!
6. Protect Your Personal Identifiable Information (PII)
Personal Identifiable Information (PII) is any form of information that could be used by a cybercriminal to identify or locate an individual (i.e. name, address, phone number, data of birth, Social Security Number, IP address, location details, or any other physical or digital identity data).
In the new “always-on” world of social media, you should be very cautious about the information you include online. Only share the very minimum.
Best practice: To increase your personal cybersecurity (both in and out of the office) review your privacy settings across all your social media accounts.
7. Secure Your Mobile Devices
According to McAfee Labs, your mobile device is a target to more than 1.5 million new incidents of mobile malware. Here are some quick tips for mobile device security:
- Create a difficult mobile passcode
- Only install apps from trusted sources
- Keep your device updated
- Avoid sending PII or sensitive information over text message or email
- Leverage Find my iPhone or the Android Device Manager to prevent loss or theft
- Perform regular mobile backups
8. Backup Your Data Regularly
Regularly backing up your data is an overlooked step in personal online security.
Top IT and security managers follow a simple rule called the “3-2-1 backup”. Which basically means you keep three copies of data on two different types of media (i.e. local and external hard drives) and one copy in an off-site location (i.e. cloud storage).
But if you still become a victim of ransomware or malware, the best way to restore your data is to erase your systems entirely and restore with a recently performed backup.
9. Always use a VPN
Never use a public Wi-Fi without implementing a Virtual Private Network (VPN).
By using a VPN, the traffic between your device and the server is encrypted, meaning it’s much more difficult for a cybercriminal to obtain access to your data on your device.
Best practice: Use your cell network if you don’t have a VPN handy.
10. Review Your Online Accounts & Credit Reports Regularly
Consumers must take the time to safeguard their online accounts and monitor their credit reports.
Currently, a credit freeze is the most effective way for you to protect your personal credit information from cyber criminals, as it allows you to lock your credit until you are able to input a personal identification number (PIN).
The Wrap Up
Hacking, phishing, and malware incidents are becoming the number one cause of security breaches today. But what’s even more troubling is that these hacking attempts are often the result of human error.
Education and awareness are critically important in the fight against cybercriminal activity and preventing personal cybersecurity breaches.
Looking to sort out next steps needed to shore up your security posture as a whole? Learn more about CIMATRI’s cybersecurity prioritization report here.
Related Posts
