Hackers are constantly evolving the way they operate, which means cyber attacks are getting more and more difficult to identify and prevent.
At the same time, more and more of us are accessing sensitive personal and financial information across a number of devices, often storing passwords and even banking details for greater convenience and quicker access.
The trouble is, the more devices we store data on, the greater the chances of being hacked. Data breaches are common and increasing, even on seemingly secure platforms. Here are 10 steps you can take to keep your data as secure as possible.
10 tips to help keep your data safe
1. Secure your WiFi network
Securing your WiFi network and WiFi access points/routers is crucial to keep your data secure. If your network is not secure, it is easy for people to access it and steal data from your devices. It is equally as easy for bad actors to hijack your connection to conduct crime.
To ensure preliminary security, change the default password (it might be publicly known) for the administrator account that allows access to device configuration, to a strong password that follows security protocols. Similarly, change the default password and username for WiFi network. Remember that your WiFi username is often publicly visible, so avoid using personal details.
2. Disable Bluetooth and WiFi in public
Bluetooth and WiFi settings can be exploited if not disabled when not in use. Even with access restrictions and password protection in place, cyber criminals can hack into your device via Bluetooth to gain access to data such as emails, text messages, pictures, and videos. Do not perform online shopping, banking, or other tasks that involve sensitive data when on public WiFi or in a public place.
3. Configure privacy settings
Often, default device privacy and browser settings are not configured to the user’s advantage. To make devices more secure, customize advanced device privacy and browser settings. Block auto cookie and location tracking. Disable auto-download and auto-run of Flash.
4. Use random passphrases
According to the FBI, ‘Instead of using a short, complex password that is hard to remember, consider using a longer passphrase’. A random set of letters, numbers and characters can be daunting to remember, and lead to users storing their passwords unencrypted or even writing them down. Instead, use random words and phrases in combination with standard password protocols. Words are easily remembered by the human brain, as opposed to a meaningless string of letters. Eg: tH3sky1sc!e@rT0day (the sky is clear today). It is important that the words/phrases are random, at least 15 characters long, and not related to your personal information in any way. Use unique passphrases for every account and device.
Despite this trick, remembering multiple passphrases can be difficult. So safely store them in a password manager.
5. Keep social media private
One place that we often flaunt our information is on social media. We share our birth dates, photos, interests, and hobbies, and even holiday locations. Social engineers may carry out targeted attacks by extracting such information about an individual from their digital footprint.
Identifying spam profiles is relatively easy due to their questionable usernames but keep a check on every profile you add as a connection on social media platforms. Cybercriminals may impersonate the profile of someone you know, to gain direct access to your information. Ensure that your online interactions do not reveal sensitive information about you. In addition to following standard password protocols for all your online accounts, enable two-factor authentication for added security. And regularly check if unknown devices are logged into your accounts.
6. Protect your Personal Identifiable Information (PII)
Personally Identifiable Information (PII) such as phone number, birth date, and bank account details can be used to identify, locate, or contact an individual. Refrain from posting such information on publicly visible platforms, storing it unencrypted, or physically noting it down. Although unadvisable, at times we store PII such as passport details on our devices. Password-protect your devices and lock them when not in use. Be cautious of emails or phone calls that ask for sensitive information, even if they appear from a legitimate source.
7. Don’t save information
Websites and browsers allow you to save sensitive data such as passwords and credit card information for future use, but do not save it. Store your passwords in a password manager, and sensitive information in encrypted files. For additional security of your finances, closely monitor your financial transactions to flag payments that have not been made by you and to react quickly.
8. Avoid unknown sites
According to Forbes, ‘Google has registered 2,145,013 phishing sites as of Jan 17, 2021.’ Cyber criminals create thousands of fake sites, often spoofs of a legitimate site, to spread malware, carry out spam campaigns and phishing attacks. Check security protocols, certifications, and a secure payment gateway on websites.
Unknown websites might be a gateway to drive-by download attacks that aim to install malicious code on a victim’s computer, via unintentional or auto-downloads. While configuring privacy settings, disable the auto-download function to avoid such attacks. Even while downloading trusted files or software, look out for unwanted add-ons or extensions being installed in the background.
9. Verify before you click
Links, pop-ups, and downloads can contain viruses and malware. Phishing emails are known to use fear-inducing or enticing tactics to manipulate the victim into submitting sensitive information. Make sure to verify the source before clicking on any links.
10. Carefully back-up data
Having a data back-up is advisable in case your files are damaged or inaccessible due to a cyber-attack. However, make sure you control where your data is uploaded and stored, and who has access to it. Devices such as smartphones might back-up your data on remote servers by default. To avoid sensitive data such as photos being accessible to people with the wrong intent, disable auto back-ups.
Report any Suspicious Activity
If you notice anything suspicious, report to your cyber security team instantly, so that immediate action can be taken to mitigate the cyber threat. Reach out to our forensics team for 24/7 support.
