A Practical Guide to Digital Safety: Protecting Your Family and Your Business
October is Cybersecurity Awareness Month: a perfect time to step back and assess how we protect our most valuable information. This not only includes protecting sensitive organization data, but also extends to our family, children and elderly parents.
Good cybersecurity hygiene and best practices aren’t just for companies; they are practical habits that you build into your everyday life that can help safeguard your family’s privacy as well as your business’s future. Whether personally or for your companies, we often see cyber criminals utilize the same tactics to exploit individuals and company vulnerabilities.
Our homes and our digital lives are more connected than ever. Many experts estimate that almost 20 billion devices are connected to the internet worldwide; this number will only continue to grow. From smart TVs to thermostats, from appliances to school-issued devices, digital doors are everywhere.
Securing our digital footprint requires a multi-generational approach—one that focuses on yourself, your children and aging parents. This guide offers high-level and practical advice for securing two critical areas of your life: your home and your workplace.
For Yourself: The First Line of Defense
You are the Chief Information Security Officer of your family. Develop a set of good cybersecurity hygiene habits to protect yourself:
Master Your Passwords
Stop reusing passwords. We all have that one password we are endeared to, but we can’t put our digital assets in jeopardy if that one password is compromised. The single best thing you can do is use a password manager.
While there is always risk of using third party tools for your passwords, the benefits can often outweigh the risk. These tools create and store long, unique and complex passwords for every site you use. You only need to remember one master password to access your password vault.
Enable Multi-Factor Authentication (MFA)
I hear you; multi-factor authentication is inconvenient. But MFA adds a crucial second layer of security, like getting a code on your phone after you type your password. Turn it on for every account that offers it, especially email, banking, retirement and social media. MFA is a small inconvenience for a big security gain.
Be Skeptical of Every Email
Phishing scams, which are fraudulent emails designed to trick you and steal your information, are more sophisticated than ever. Cyber criminals are using artificial intelligence technologies to craft phishing emails that often look very legitimate.
Look for red flags: a sense of urgency, grammatical errors, suspicious links and requests for personal information. When in doubt, don’t click. Go directly to the company’s website instead.
For Your Children: Fostering Digital Citizenship
For our kids, the online world they enjoy is just as real as the one we can physically see and touch. When we think about helping to keep our children safe online, our goal isn’t to scare them, but to continually educate them on the risks present.
Start the Conversation Early and Often
Modern technologies connect children to the online world much earlier than we recognize. Tablets, AI, school issued devices and smart TVs are a digital door that our children use to connect with others online. Talk to them, and educate them with age-appropriate lessons about what they’re doing online and their digital footprint. Consider establishing clear rules that adjust as they age around screen time, the apps they can use and the information they can share. An open dialogue is your most effective tool.
Teach the “Grandma Rule”
Remind them that anything they post online (whether it’s a picture, a comment or a video) is permanent and public, whether it appears deleted or not. Additionally, how they interact with websites, individuals and apps creates a digital footprint that is also public and permanent. If they wouldn’t want their grandma to see it, they shouldn’t post it or access it.
Protect Their Identity
Teach them never to share personal information online, such as their full name, school, address or phone number. In a world where being digitally connected 24/7 is the norm, this can be a hard habit to teach.
However, teach them that being digitally connected does not have to mean zero privacy. Many very common apps on our cellular devices unnecessarily collect vast amounts of personal information. Consider sitting down with your child periodically to review the security and privacy settings on their accounts and apps together.
For Your Parents: Defending Against Targeted Scams
The aging and elderly adult population is often a prime target for scammers who exploit their trust. The FBI’s internet crime compliance center (IC3) annually reports alarming numbers that scams against are continuing to rise. Help your parents and elderly relatives by arming them with knowledge.
The “Tech Support” Scam
Remind them that Microsoft, Apple or any other tech company will never call them about issues on their personal computers or devices. These are scams designed to gain access to their devices or sell them meaningless software.
The Simple Rule
Encourage them to be suspicious of any unsolicited phone call, text or email asking for money or personal information. If in doubt, hang up and call a known customer service or support number directly to verify. Using the adage, “When in doubt, call first,” can help avoid a lot of issues.
Additionally, educate them that gift cards are never used as an official means of payment for business, government or personal services.
For Your Business: Safeguarding Critical Assets
Whether you’re a solo entrepreneur or part of a large firm, your business is a target. Regardless of how effective your controls are, eventually your business will be the target of a cyber-criminal. The financial and reputational damage from a single breach can be devastating and long-lasting. Here’s a few best practices on how to build a strong defense.
The Human Firewall: Your Employees
Your employees are your greatest asset and, unfortunately, your biggest security vulnerability. We often say that within cybersecurity we don’t have a technology problem, but a major people problem.
Our employees are well-intentioned people wanting to help and assist. However, we must equip our employees to spot these scams. Reoccurring and simple training on identifying phishing emails and other common scams is the highest-return investment you can make in security. An aware employee who questions a suspicious email is often way more effective than any software.
Control Your Data and Access
Our systems and applications are the primary target for cyber criminals, which often hold large amounts of sensitive and/or confidential information that can be used in an attack or sold on the dark web.
Therefore, we have to ensure that the access to our systems and applications is accurate and reviewed periodically. Employees should only have access to the data and systems they absolutely need to do their jobs. This is called the principle of least privilege, and it helps to limit the potential damage if one of their accounts is ever compromised.
Prepare for the Worst: Backups and Incident Response
It’s no longer a matter of if you’ll face a cyber incident, but when. Given enough time and resources, any organization can be compromised.
Ensuring that you have a solid plan to back up your systems, identify cyber-attacks and respond effectively and efficiently is crucial so that your systems and applications remain operational.
Ensure that backups are captured often and that there is at least one backup copy stored off-site, such as cloud storage or a secure off-site location. Additionally, periodically testing your backups to ensure they are reliable and operational is crucial.
Finally, when a cyber-attack or incident does occur, ensure you have a well-functioning incident response process and policy. This is a crucial step-by-step guide to know how to respond when it matters most.
Learn More about Digital Safety
Practical cybersecurity hygiene isn’t about becoming a technical expert or a needing to know all of the buzzwords. It’s about building smart digital habits and fostering a culture of cyber awareness, both in your conference room but also in your living room.
Use this month as a catalyst to have these important conversations and take these simple, practical steps to protect what matters most.
