Personal Cybersecurity Best Practices for Associations

Any person, company, association, organization, or government body can be a victim of cybercrime. Whether it’s via social media, email phishing with malware, or high-level coordinated efforts, the results are often the same (and disastrous). And as we all continue to work from home, personal cybersecurity and organizational cybersecurity are more important than ever. 

Which begs the question, why aren’t you doing more to improve cybersecurity within your association? 

Just consider how many websites, cloud services, and platforms you use that still only require a single username and password as the authentication mechanism. It’s like you’re driving a car without seat belts or anti-lock brakes (sure, you can do it, but it’s not the smartest move, especially when such safety features are widely available). 

The internet is riddled with malicious links, trojans, and viruses, not to mention the cloud or all the different platforms your association uses every day. Data breaches are frequent, and users are more vulnerable than ever before, despite the hours of training many organizations encourage. 

A single click can cost thousands of dollars. As such, users need actionable personal cybersecurity to-do’s that help them stay alert and safe online (both in and out of the office). 

10 Tips to Improve Individual Cybersecurity within your Association

1. Keep Your Software Up to Date

One of the most important personal cybersecurity tips to mitigate ransomware is patching outdated software. And by that, we mean both your operating system and your individual applications. 

This removes critical vulnerabilities hackers may use to access your devices. 

We recommend:

• Turning on automatic system updates for your device
• Ensuring your desktop web browser uses automatic security updates
• Regularly updating your web browser plugins like Flash, Java, etc.

2. Anti-Virus & Firewall Protection

Anti-virus (AV) software and firewalls are two effective tools to fight malicious attacks.

AV software keeps known viruses and other damaging code from infecting your devices by identifying the attacking code and preventing it from entering the device.

Firewalls control what enters your device by scanning the Internet for potential threats and denying access to your device. Windows and Mac OS X both have resident firewalls, but you should also install a firewall on your router.

Best practice: Use anti-virus software from trusted vendors and only run one AV tool on your device to increase your employee’s personal cybersecurity and decrease your overall cyber risk.

3. Strong Passwords & Password Management Tools

Strong passwords are essential to keeping your personal devices secure, but they are also essential to keeping bad actors from accessing your data. What you know about creating strong passwords, however, may need updating.

The National Institute of Standards and Technology issued an update in 2017. According to NIST guidelines, you should:

• Use user-friendly passwords with at least eight characters instead of trying to combine random symbols, numbers, and uppercase letters.

• Create a new password for each site. Don’t reuse passwords.

• Use one lowercase letter, one uppercase letter, one number, and four symbols in each password. Do not use “&”, “%”, “#”, or “@”.

• Make your passwords easy to remember. Don’t make a list of passwords or hints, and don’t make any password list available to the public where hackers may find it.

• Change your passwords at least once a year.

• Use a password tool or vault to manage your passwords.

4. Two-Factor or Multi-Factor Authentication

To increase your personal cybersecurity, you can use a two-factor or multi-factor authentication service in addition to a standard password.

With two-factor security, you enter your password, but are then prompted to enter an extra authentication method. These methods could be a personal identification code, another password, or a fingerprint.

If you use a multi-factor security method,  you will be asked for two or more authentication methods after you enter your password. The more levels you have, the greater your security.

Best practice: Don’t send the extra authentication codes to your phone via SMS. Hackers can access mobile phone networks, potentially compromising your information.

5. What You Need to Know About Phishing Scams - Be Suspicious

About 90% of ransomware attacks originate from phishing attempts.

Phishing attacks often look benign. They look like a legitimate email, attachment, or link. Because the “bait” looks real, the hacker tricks the user into divulging log-in credentials or other personal information. By clicking on malicious links or opening an attachment, the user can allow the hacker to infect the system with a variety of malware.

Best practices:

• Don’t open emails from people you don’t know. If you’re not sure it’s real, hover over the name of the person or company sending the email. The address will tell you whether or not you can trust it.

• Emails are always what they seem to be. Check for grammatical and spelling errors. Be sure of the sender before you click on any link.

• Friends aren’t always infection-free, so be careful that your “trusted sender” hasn’t been infected, too.

 6. Protect Your Personal Identifiable Information (PII)

Hackers can use information that identifies you, specifically, to identify or locate you. Known as Personal Identifiable Information (PII), it could include: name, address, phone number, date of birth, Social Security Number, IP address, location details, or any other physical or digital identity data. This type of data can be sold to bad actors for a variety of purposes -- none of them positive for you.

Use of social media can increase your vulnerability online. Be careful about the details you share. Only share the very minimum.

Best practice: To increase your personal cybersecurity (both in and out of the office) review your privacy settings across all your social media accounts.

7. Secure Your Mobile Devices 

McAfee Labs reported that your mobile phone was a target for more than 1.5 million new threats in the first quarter of 2017. Incidents have only risen since then.

We recommend that you::

• Create a complex mobile passcode

• Install apps only from trusted sources

• Update your device regularly

• Avoid sending texts or emails containing personal identifiable information or other information like financial or health details

• Turn on Find my iPhone or the Android Device Manager

• Backup your mobile device regularly

8. Regular Backups are Critical

Regularly backing up your data is an often overlooked step in personal online security.

Your goal is to ensure a clean backup in the event of a breach or data failure, so one backup is not enough. Top IT and security managers recommend at least three backups on both internal and external hard drives, in addition to one copy stored off-site (most often cloud storage).

With those backups in place, you can erase your system and restore a clean copy if your system is breached. You won’t have to pay ransomware demands to restore your system.

9. Always use a VPN

Using a public Wi-Fi is convenient, but it’s dangerous. So when you do, be sure to use a virtual private network (VPN), as well.

A VPN encrypts information as it travels between your device and the server. Encryption makes it harder for criminals to access your passwords or data.

Best practice: Use your mobile phone as a hotspot if a VPN is not available.

10. Review Your Online Accounts & Credit Reports Regularly

Consumers must take the time to safeguard their online accounts and monitor their credit reports. To protect your credit information, all three credit reporting companies allow customers to freeze their credit. This prohibits anyone from accessing a credit report or financial information unless they input a personal identification number.

The Wrap Up

Hacking, phishing, and malware incidents are becoming the number one cause of security breaches today. But what’s even more troubling is that these hacking attempts are often the result of human error. 

Education and awareness are critically important in the fight against cybercriminal activity and preventing personal cybersecurity breaches.

Looking to sort out the next steps needed to shore up your security posture as a whole? Get started with our Ultimate Guide to Cybersecurity for Association.