USA Awards

USA Awards Hub

Stay Secure with USA Awards – Our Top 10 Tips for Basic Cybersecurity.

As the 2024 Cybersecurity Awards are now open and accepting entries, this period highlights the growing importance of digital security in our tech-driven world. These awards recognize the most innovative and effective cybersecurity solutions, emphasizing the need for robust protection against evolving threats. At USA Awards, we wanted to do our bit in helping you stay ahead of these challenges. To support your efforts, we’ve compiled our top 10 essentials for personal cybersecurity, designed to safeguard your digital assets and ensure your online presence remains secure.

1. Enable Multi-Factor Authentication (MFA)

Multi-Factor Authentication (MFA) is a crucial security measure that adds an extra layer of protection by requiring two or more forms of verification before granting access to an account. This significantly reduces the risk of unauthorized access, even if one factor (like your password) is compromised.

In 2019, Twitter’s CEO Jack Dorsey’s account was compromised through a SIM-swapping attack, where attackers tricked the mobile carrier into transferring his phone number to their SIM card. If MFA with an authentication app had been used, the attackers would not have been able to gain access without the second factor.

How to Implement:

  • Set Up: Check the security settings of your online services (email, banking, social media) for options to enable MFA. Look for terms like “Two-Factor Authentication” or “Two-Step Verification.”
  • Choose Methods: Select the MFA methods that suit you best, using an authentication app, or biometric verification (fingerprint or facial recognition). SMS verification is also available, but no longer recommended due to SIM-swapping attacks, like the one mentioned above – Jack Dorsey’s account was hacked despite having SMS authentication as a second factor.
  • Secure Backup: Ensure you have a backup method, such as a secondary phone number or email, in case your primary method is unavailable.

You can get easily and quickly set-up with multi-factor authentication using either Microsoft Authenticator or Google Authenticator. Both apps are available free and offer the same functionality, with time-limited passcodes that change every 30-seconds.

2. Regularly Update Software

Keeping your software up to date is crucial for protecting your devices from vulnerabilities. Cybercriminals often exploit weaknesses in outdated software to gain unauthorized access or spread malware. The WannaCry ransomware attack in 2017 exploited a vulnerability in older versions of Microsoft Windows. Many affected systems had not applied the available patch that could have prevented the infection, highlighting the importance of timely updates.

How to Implement:

  • Automatic Updates: Enable automatic updates for your operating systems, browsers, and applications.
  • Manual Checks: Regularly check for updates if automatic updates are not available. This includes software on your computer, smartphone, and IoT devices.
  • Update Alerts: Subscribe to security alerts from software vendors to stay informed about critical updates and patches.

3. Use Strong, Unique Passwords

Strong passwords are your first line of defense against unauthorized access. They should be complex, unique, and difficult to guess. In 2012, Dropbox experienced a security breach where usernames and passwords of users were stolen and leaked online. The breach was caused by an employee using the same password for both their Dropbox work account and other websites. When one of those other websites was compromised, hackers were able to use the stolen credentials to access Dropbox’s internal network, highlighting the importance of using strong, unique passwords.

How to Implement:

  • Password Guidelines: Create passwords that are at least 12 characters long, including a mix of letters, numbers, and special characters.
  • Avoid Reuse: Never reuse passwords across multiple sites. If one account is compromised, it can lead to a domino effect on other accounts.
  • Password Manager: To make things easier, use a password manager to generate and store complex passwords. This tool can help you maintain strong, unique passwords for all your accounts.

4. Be Wary of Phishing Attacks

Phishing attacks involve fraudulent attempts to obtain sensitive information by pretending to be trustworthy entities. These attacks are often carried out via email, SMS, or malicious websites.

In 2016, the Democratic National Committee (DNC) was targeted by a phishing attack that led to the breach of email accounts belonging to key members of the Hillary Clinton campaign. The attackers used a fake Google login page to capture passwords, illustrating the effectiveness of phishing attacks.

How to Implement:

  • Verify Senders: Always verify the sender’s email address before clicking on links or downloading attachments. Look out for subtle misspellings or unusual domains.
  • Suspicious Links: Hover over links to see the actual URL before clicking. Be cautious of links that don’t match the official website.
  • Report Phishing: Report suspicious emails to your email provider or IT department to help prevent others from falling victim.

Remaining vigilant against this type of attack is largely down to adopting a suspicious approach to unusual emails, or unusual email content. Phishing attacks rely on the user trusting the sender or email content without any due diligence by faking their source, so if you get a weird email from your company CEO asking you to buy some gift cards, perhaps you need to take a closer look before you get out the company credit card.

5. Secure Your Home Network

Securing your home network protects your data and devices from unauthorized access. This involves setting up your router and network devices properly. In 2018, security researchers discovered that many home routers still had default passwords, making them vulnerable to attacks. By securing your home network, you can prevent unauthorized access and potential data breaches.

How to Implement:

  • Change Default Passwords: Change the default login credentials of your router to a strong, unique password.
  • Use WPA3 Encryption: Ensure your Wi-Fi is secured with WPA3 encryption, the latest and most secure Wi-Fi protocol.
  • Guest Network: Set up a separate guest network for visitors to prevent them from accessing your main network.

Not sure where to start with WPA3 Encryption? Check out this explainer article by More Secure Wi-Fi: What Is WPA3, and How to Set it Up on Your Router.

6. Regularly Backup Data

Regular backups protect your data from loss due to hardware failure, cyber-attacks, or other disasters. This ensures you can recover important information when needed. The 2017 ransomware attack on the city of Atlanta crippled municipal operations for days. Having a robust backup system in place could have mitigated the impact and expedited recovery.

This story is also another example of why strong passwords are important – as the virus (SamSam Ransomware) used a brute force attack, attempting to guess weak passwords until a match is found.

How to Implement:

  • Automatic Backups: Use backup software that automatically saves your data to an external hard drive or cloud service at regular intervals.
  • Backup Types: Perform both full backups (complete copies of all data) and incremental backups (only new or changed data).
  • Secure Storage: Encrypt your backups and store them in a secure location, separate from your main devices.

7. Use a VPN

A Virtual Private Network (VPN) encrypts your internet connection, providing a secure and private way to browse the internet, especially on public Wi-Fi networks. In 2018, researchers demonstrated how easy it was to intercept data on public Wi-Fi networks using simple tools. A VPN can prevent such eavesdropping by encrypting your internet traffic.

How to Implement:

  • Choose a Reliable VPN: Select a reputable VPN service that doesn’t log your activity and offers strong encryption.
  • Always On: Configure the VPN to start automatically with your device and remain active whenever you are online.
  • Public Wi-Fi: Always use a VPN when accessing the internet over public Wi-Fi to protect your data from potential eavesdroppers.

8. Monitor Your Accounts

Regular monitoring of your financial and online accounts helps detect suspicious activity early, allowing you to take action before significant damage occurs. In 2014, Target experienced a massive data breach affecting millions of customers. Many victims only discovered fraudulent transactions after reviewing their statements, underscoring the importance of regular account monitoring.

How to Implement:

  • Regular Reviews: Frequently review your bank statements, credit card transactions, and account activity for any unauthorized transactions.
  • Account Alerts: Set up alerts for your accounts to notify you of large transactions, password changes, or login attempts from new devices.
  • Credit Reports: Periodically check your credit reports for any unexpected changes or accounts you did not open.

9. Use Anti-Malware and Anti-Virus Software

Anti-malware and anti-virus software protect your devices from malicious software that can compromise your data and privacy. The NotPetya malware attack in 2017 affected companies worldwide, causing billions in damages. Updated anti-virus software could have detected and mitigated the impact of such malware.

How to Implement:

  • Install Software: Choose reputable anti-malware and anti-virus programs and install them on all your devices.
  • Regular Scans: Schedule regular scans to detect and remove any malicious software.
  • Keep Updated: Ensure your anti-malware and anti-virus software is always up to date with the latest threat definitions.

If you’re using a Windows laptop or PC, you’ll be pleased to know that Microsoft’s built-in Windows Defender software has grown into a secure and capable solution that will help you keep your system secure at no extra cost, or hassle, and has all but killed off the need for third-party antivirus software for Windows PCs.

10. Be Cautious with Public Wi-Fi

Public Wi-Fi networks are often less secure, making it easier for cybercriminals to intercept your data. Taking precautions can help protect your information. In 2015, a security researcher demonstrated how easy it was to hack into devices connected to public Wi-Fi at a major airport. Using a VPN can protect against such threats by encrypting your internet connection.

How to Implement:

  • Limit Sensitive Activities: Avoid conducting sensitive transactions, such as online banking or shopping, over public Wi-Fi.
  • Use a VPN: Always use a VPN when connected to public Wi-Fi to encrypt your data and protect your privacy.
  • Disable Auto-Connect: Turn off the auto-connect feature for Wi-Fi on your devices to prevent them from automatically connecting to unsecured networks.

By following these detailed tips, you can significantly enhance your online security and protect yourself from many common cybersecurity threats. Stay informed and proactive in your cybersecurity practices to maintain a safe and secure online presence, and when our 2024 Cybersecurity Awards close, make sure to check out the winners and finalists and the solutions they can offer to your business. You’ll be able to find them right here on the USA Awards hub.


More Posts