We live in an increasingly connected world.
Everyone has a phone with capabilities better than most computers available a few years ago, remote work is becoming more prevalent, most employees are equipped with professional laptops, and even our coffee makers are connected to the internet.
In this context, the attack surface, meaning the number of entry points for cybercriminals to explore, is vast. It becomes necessary to quickly adopt safer behaviors for users.
The objective of this article is to present a few simple measures and best practices to establish a solid and more secure foundation.
Adopting these best practices makes an attack more difficult.
Unlike our recommendations for cybersecurity practices in the workplace, this article is intended for both end users and IT services in businesses that may need to provide their employees with good instructions and behaviors.
The goal is not to create an impenetrable system but to present you with simple and effective actions.
Enable automatic updates
Over time, new security vulnerabilities are detected, and new attacks are developed by attackers.
In this cat-and-mouse game, developers release patches and security fixes that are made available through updates.
Enabling automatic updates allows you to benefit from these fixes as soon as they are released and quickly secure recently discovered vulnerabilities.
Also, remember to update your applications and enable the option for automatic updates when prompted.
Install and enable a firewall and antivirus
To put it simply, a firewall regulates network connections and determines which ones can occur (to or from the computer).
Most modern operating systems include a simple firewall that allows you to block incoming connections.
- Enable the firewall on Windows
- Enable the firewall on macOS
- For Linux, a commonly used solution is IPTable. There's also ufw (Uncomplicated Firewall) for a more user-friendly interface.
An antivirus program analyzes the activity of other programs on your computer. It compares these programs with a reference database of malware and alerts you in case of detection.
It is not a fail-safe solution, as new unknown viruses that are not listed in these antivirus databases emerge every day. However, it will protect you from the most well-known ones.
Remember to enable automatic updates for your antivirus so that it regularly updates its recognition database.
- For Windows, Avira Antivirus is a good free option.
- For macOS, Malwarebytes Antimalware and BitDefender are popular choices.
- Although viruses are less common on Linux, ClamAV is a good option.
Enable disk encryption
Phones and laptops are often moved around. If you lose or have your equipment stolen, having an encrypted hard drive limits access to your data by the person who recovers it.
Indeed, if the data were stored in plain text, it would be enough to extract the hard drive, where the data is stored, and connect it to another computer to read the data.
Data encryption is offered by default on modern systems (update your system if it's not the case):
- FileVault on macOS
- BitLocker on Windows
- For Linux, configure dm-crypt if your system is not installed on an encrypted partition
- On phones, check the version of your OS (Android >=6 and iOS >= 8); these systems encrypt their storage by default.
Disable automatic login and enable automatic locking
Require a password when opening your computer. There is no point in encrypting the content of your hard drive if someone can simply access it by opening the computer.
Similarly, enable automatic locking.
The right reflex is to lock your computer as soon as you step away from the keyboard, but in case you forget or an unexpected event occurs, you will be glad that your computer locks after a period of time, preventing anyone from using your equipment without your consent.
Use a password manager
This section alone deserves one or more articles. In the interest of efficiency, let's get to the essentials.
Using a password manager allows you to:
- Remember only one "master" password to access all other passwords
- Generate different random passwords for each site and application that requires them
- "Remember" all your credentials
The hardest part is making it a habit, but once you do, you will have much better resilience if your credentials are compromised.
Indeed, a common security breach is having your credentials hacked—by inadvertently giving them away or through the hacking of a site where you have an account—and having those credentials be valid on other sites.
From a successful hacking, the attacker can then access many other accounts that you have. Having complex, unique, and random passwords for each site and application helps to avoid this phenomenon.
I recommend Bitwarden, which offers a free option, is open source, and works on all major operating systems and browsers.
Use multi-factor authentication (MFA / 2-FA)
The phone is often used as a peripheral in multi-factor authentication.
Many services offer the option of multi-factor authentication, asking you, in addition to your username and password, to enter a code received by SMS or displayed in a previously configured app.
This option allows you to create additional layers of security.
In case your password is compromised, the attacker cannot simply log in on your behalf. They would be missing an authentication factor, such as your mobile phone or the app that generates a temporary code.
Implement a backup and restoration strategy
A backup drive can be part of your backup strategy.
A "strategy" sounds fancy, so let's simplify it: regularly back up your data and know how to restore it in case of loss.
A good way to back up is what's called the "3-2-1" rule:
- Have 3 copies of your data
- 2 copies on different local media
- 1 copy in another geographical location
A simple method for most of us is to use cloud solutions to back up our data: Dropbox and Google Drive are good options.
In case of issues (theft, loss, data or equipment destruction), you can simply log in to these cloud services to access your documents.
Pay attention to security considerations and access rules for these services: use complex passwords and multi-factor authentication.
Be cautious with file transfers
File transfer can pose a risk in your computer tool usage.
Indeed, even if your files are well protected on your computer, what happens when you need to send a copy of them to a contact?
The three most common mistakes are:
- Not encrypting/protecting the content before transfer: anyone with access to the file can read it
- Not deleting the files or revoking access rights once the transfer is completed
- Providing access through a public link instead of granting access to predefined users or email addresses: anyone with the link can access the files (or worse, find them through search engines)
Best practices to address these mistakes are:
- Always encrypt files before sending them via transfer platforms
- If possible, set an end date for file sharing, set a reminder if automatic termination is not possible
- Provide named and specific access whenever possible
For better personal cybersecurity
These steps and best practices will allow you to start with a solid foundation.
Despite these foundations, remember that there is no patch for human error: you can be manipulated and perform actions that compromise your system, potentially your network, and infect your company.
The key is a certain level of computer literacy: you don't have to become a hacker or a network engineer, but you need to have enough knowledge of the risks you are exposed to in order to automatically adopt good security reflexes.
Contact us to learn more about our training and cybersecurity awareness solutions. We'd be happy to discuss how to better protect you and educate your teams to actively defend your company.