Data Security Threats
One of your biggest threats is choosing what businesses you want to give your information too. Hackers can breach them and get your information without knowledge or wrong-doing from you. See our Risk topic for more detailed information on managing your Digital Risk.
Outside of your organizations, what else are the biggest data security threats you should be aware of?
Social Engineering & Phishing
A bad actor uses some form of social/human interaction to get your information. This is social engineering. The attacker can look like or come across as anyone and trick you into doing something you shouldn’t by saying they’re a repairman, computer technician, the IRS, a police officer, etc. They could even have identification that says they work for a given company. It could all be fake. These type of attacks happen all the time and are one of the most common ways bad actors can get your information.
Phishing is a very common form of social engineering. Phishing attacks use email or bad web sites to solicit personal or financial information. Bad actors may send email looking to come from a reputable credit card company, financial institution, or computer repair shop that requests you to give up information or let them into your computer. Making the wrong move could result in your information or identity being stolen.
-Be suspicious of unsolicited phone calls, visits, or email messages. This can’t be stressed enough. There are a lot of bad actors trying to exploit you.
-Do not provide personal information to people you don’t know and don’t let them into your computer.
-Don’t click links coming from random emails.
-Don’t put your username or password into sites you don’t know.
-Pay attention to the URL of a web site. Malicious web sites may look identical to a legitimate site, but the URL may be a different domain (ex. .com vs. .net).
-Install and maintain anti-virus software.
Malware, Viruses, Ransomware
You’ve probably heard all of these terms, but what do they mean and how do you avoid something bad happening?
Malware is just an umbrella term that refers to any malicious software that has motive of causing damage. A virus is a type of malware. Ransomware is a different type of malware. No need to get too caught up in the details and the specific differences, but you don’t want any of these on your devices.
-Install anti-virus software
-Be careful with email attachments
-Install updates on your devices
-Avoid questionable websites
-Avoid pirated software
-Backup your devices
Weak Password Practices
See the Password Management post for a deep dive into best practices.
-Create A Strong, Long Passphrase/Password
-Use Encryption
-Use Two-Factor Authentication
-Use Biometric Authentication When Available
-Test Your Passwords
-Don’t Use Common or Well Known Dictionary Words
-Different Passwords for Every Account
-Don’t Neglect your Mobile Phone
-You Don’t Need to Frequently Change Your Passwords
-Don”t Share Your Passwords
-Avoid Storing Passwords Outside of Your Password Manager
-Use Password Managers
IoT Attacks
IoT = Internet of Things. It’s just a quick and easy way to bundle all of the devices that are on the Internet. For example, refrigerators, smart TVs, Amazon Fire Sticks, Apple TVs, washer and dryers that connect to the Internet, the list goes on and on. Almost everything these days connects to the Internet. Because of that, there is a need to keep this in mind to as part of your security and privacy strategy. If a vulnerable refrigerator connects to your network, that could mean a bad actor is able to steal information on your computer. Pretty crazy, but it can come to that.
Out Of Date Software
Outdated software is a bad actors favorite thing. Your company computer is probably updated by your company because they understand the risk of not updating. But if you don’t update your personal device (whether a computer, tablet, phone, IoT device, etc), then bad actors have a way in. It probably isn’t shocking that studies show upwards of 40% of adults don’t update their computers or mobile devices. We promise, updating is worth the little time it takes.
Targeting Children Online
Unfortunately, there are two types of groups targeting your children online, both marketers and hackers. We’ll focus on hackers for this post.
- Personal Information Posted Online
- Fake Gaming Apps
- Social Media Apps
- Photos Parents Post Online
- In-Game and Online Chat
You probably won’t even know if your child’s identity is stolen until they get try to apply for credit either with a loan for college or their first credit card. Freeze your child’s credit. It’s the best prevention they can have until they get a little older. Don’t let your children install software on their devices. Require them to go through you to install so you can validate it isn’t malicious or predatory. Our recommendation would be to avoid social media but we know that isn’t always possible. Be their friends and checkin to ensure nothing bad in going on with their social life online. Lastly, be careful with in-game or online chat. The Internet has done some great things for our ability to communicate, but be advised that there are people in these chats you don’t want your children talking to.,
Physical Device Theft
You can probably imagine that if you leave an expensive device where it’s easy for someone to steal, someone bad might just take you up on that. The best thing you can do do is keep your device in a safe place, like your home. Obviously with laptops, travel, phones, tablets, you have a need to bring your device with you. No problem, it’s encouraged if you need to. Make sure your device is encrypted and you have a strong password or passcode set. There are also things you can do to track your device online. If it comes online and it’s stolen, you’ll know exactly where it is. Some devices come from the manufacturer encrypted by default while others do not. Be sure to check with customer support and ask these questions. They can tell you about encryption by default or even how to enable it. It’s easier than you think.
Using Insecure Website
There are tools to help you with this. URL Filtering is what the security industry calls the solutions to help you from browsing to bad or insecure websites. Maintaining a “List of Bad Websites” on your own would be extremely difficult to maintain. Having a tool will just pop a warning and let you know if the site is malicious. A lot of them let you set up URL filtering policies not only for your device, but also for your children’s devices. If you don’t want them going to gambling sites, for example, you would be able to restrict that. Here are some recommendations for avoiding browsing to insecure or risky websites.
- Use a web filter.
- Don’t guess the address of a website.
- Check the URL for issues.
- Don’t open questionable links.
- If it looks sketchy, it is.
- Run your Internet searches with care.
- Do something for URL filtering.