By James F. Mackey III, CISSP
Among other observances, October is National Cybersecurity Awareness month. This is the 18th year several agencies have worked to make sure everyone has the information they need to be safe online. In my work as a cybersecurity engineer, I see threats firsthand. For individual residents, there are five main areas to be aware of.
If you keep these in mind, you will help keep yourself safe when online.
1. Software updates: Turn on automatic updates on your phone and computers; this will help ensure you have the latest security updates and patches. Additionally, ensure you keep software on your computer updated. Updates are often issued to close security holes as well as provide new features.
2. Use antivirus: For your home PC, Windows Defender is a great choice and comes standard with all Windows machines. There is no need to purchase additional antivirus software, as there is little value to the average end user, and more often than not the aftermarket AV software will conflict with Defender and cause more problems that it provides in value.
3. Data maintenance: This step involves backing up and encrypting your data and photos and regularly deleting files and programs you no longer need. It is a good practice to delete unused files and software regularly. Similar to spring cleaning for your home, getting rid of all the extra junk on your computer will help with performance and minimize the amount of data you need to back up.
The second part of data maintenance is backing up your data, either to a cloud service such as OneDrive or to a local external hard drive. You will be glad you did if you are ever the target of malware that requires you to reimage your system and start from scratch. Finally, many devices today support encryption, and if available, you should have it enabled so that if your device is lost or stolen, no one can read your files without a password.
4. Access control with passwords, password managers and MFA: When possible, use multi-factor authentication, or MFA, where in addition to a password you use a second method, like being sent a six-digit code by text message, to prove you are who you say you are. Many important applications and websites, such as banking and medical services, now offer MFA. If MFA is not an option on the sites you use a lot, use strong passwords and a password manager. A good password manager, such as LastPass, will allow you to remember just one very strong password. The manager will then generate and save multiple complex passwords for you. This way, you never have to compromise security by either using a weak password or reusing a password across multiple accounts.
Also, everyone should make an account on https://haveibeenpwned.com to be notified if their username and passwords are ever disclosed during a breach.
Speaking of passwords, always change the default password when you bring home new “smart” or networked devices, like wireless cameras, virtual assistants, routers and wireless access points. Smart devices are everywhere nowadays, and while they can make life easier, they can also be targets for attackers.
5. Be on guard for phishing: Phishing emails and social media messages are rampant these days. You may recall a few months ago, when Tewksbury was flooded with scam phone calls. Criminals also use email and texts to impersonate companies such as Amazon, telling you your account is suspended and you need to log in to reenable, or impersonating people on Facebook messenger. Both of these methods are intended to get you to click a link or provide information the attacker will use against you. If you read a message or email, always ask yourself the following:
– Do I know this person?
-Am I expecting an email or message?
-Do the name and/or email match?
-Does this sound like something the person would say?
Finally, always reach out to a company or person directly by typing the web address into your browser — never click on a link sent in a suspicious email. If Amazon tells you that your account is suspended, go directly to Amazon.com on your own and see if there are any notifications. NEVER CLICK THE LINK!
James F. Mackey III, CISSP, is Senior Security Architect for Smith and Nephew, a U.S. Army veteran and Tewksbury’s newest Select Board member.