11 Cyber Defense Tips to Stay Secure at Work and Home
Cybersecurity is inextricably tied to the technology it protects. Just as technology continues to grow in variety, quantity, and presence in all of our lives, so too does cybersecurity and our personal responsibility for it.
You might be wondering how you can best act on this responsibility. The answer? Strengthen your cyber defense at home and at work. Provided below are 11 steps that you can use to get started.
1. Set Cyber Defense Priorities
What are your cyber defense goals? Have you identified which devices and data you want to protect? What level of security do they need? By considering these and similar types of questions, you can start to formulate a cybersecurity roadmap that makes sense for you.
2. Think Before You Click
Hover over a link to reveal the destination URL. If it looks different from the hyperlinked text, don’t click on it. It could be an attempt to trick you into visiting a phishing landing page. To protect yourself against phishing attacks, search instead for your intended website or enter the URL directly into your browser’s navigation bar.
3. Don't Get Phished
Speaking of phishing, if you receive a suspicious email at work, don’t open or click on it. Instead, follow up with your IT and/or security department.
How can you tell a suspicious email from a legitimate one? The former will often use a sense of urgency, including a sale, an emergency, or a negative consequence such as an account closure, to motivate you to click on a link or open an email attachment. Don't fall for it. If you come across this type of email, just stop, breathe, and forward it to your IT and/or your security department. If you receive this type of email on your personal device, delete the email and consider blocking the domain.
Check out our short guide to phishing to learn more.
4. Go Beyond the Password
Cyber threat actors (CTAs) can easily crack passwords like "password," "admin," or "123456." The same goes for dictionary-based passwords, or combinations made up of words that you can find in a dictionary.
Instead of a simple password, try using a passphrase that sometimes substitutes numbers and symbols for letters. This unique approach can help you remember long strings for added security. As an example, consider the weak password “cheese” compared to the complex passphrases “1l0v3(h33s3” (modified from "Ilovecheese") or “m0r3(h33s3pl3@s3” (modified from "morecheeseplease").
To properly secure your devices and data, protect your laptop, smartphone, and any other device you use with a secure passphrase such as the examples above. You can also consider using biometric passcodes if your device supports this option, or you can use a PIN or matric passcode for authentication.
If you end up creating an alphanumeric passphrase with symbols, make sure you use unique combinations for each of your accounts. Remember that you can also generate passphrases using a password manager. The benefit there is that you can have the password manager remember each of your passwords so you don't have to. All you need to do is to protect access to your password manager with a strong passphrase and with multi-factor authentication (MFA).
Check out our Password Policy Guide to learn more.
5. If It Matters, Use MFA
To implement multi-factor authentication (MFA), you need to protect your account with authentication mechanisms from at least two of the following categories.
- Something you know: A passphrase or swipe pattern
- Something you are: Biometrics, fingerprint scanning
- Something you have: An authentication app on your phone or an ID badge
Use a minimum of two-factor authentication (2FA) on any important accounts or computers where sensitive data is handled. That way, even if a CTA gains access to your username and password, they won't be able to access your account without the other factor(s).
6. Keep It Fresh
Always install the latest updates for your operating system, browser, and any applications installed on your device. CTAs try to use known vulnerabilities to access your devices and/or other devices that are connected to the same network. Don’t let yourself (or your organization) become an easy target.
7. Reflect, then Connect
Before you connect to an unfamiliar and/or public Wi-Fi network, think about the risks of doing so. What data might you share over the connection? To minimize the risk of data exposure, use a virtual private network (VPN). A VPN acts as a secure tunnel over the internet by creating an encrypted, private web connection. With a VPN, you can rest assured that your personal or work-related data is secure.
8. Shop Smart, Shop Secure
Shopping online is a modern, everyday convenience. Protect sensitive banking data by only shopping on sites you trust. Never save your card information where it could be stolen and used later. Also, make sure to monitor your payment card records for unfamiliar charges. If you come across anything suspicious, reach out to the payment card issuer to dispute the charge and request a new payment card.
9. Avoid Configuration Confusion
Configuration sounds like a big responsibility – and it's an important part of your security program. But it really comes down to the settings for a particular program or machine. Securely configure your computer, printer, smartphone, and other web-connected devices in your home and your office.
10. Don't Be the Bully
When online, remember to be thoughtful and to use polite language. Sharing someone’s private personal information online, also known as "doxxing," is never okay and may get you in legal trouble.
11. Charge with Caution
Don’t plug your mobile devices into any outlet you find. Whether it’s a work or personal device, you could risk becoming the victim of juicejacking, a type of attack where CTAs compromise public USB charging stations to infect unsuspecting users with malware or data theft. If you’re worried about running out of battery, bring a back-up power bank or charge your device using your own charging cable and a wall outlet.
Want even more tips to stay safe at home and at work?
