5 Simple Steps to Take to Improve Your Cyber Security in 2019

Was improving your cyber security one of your resolutions for 2019?

We are now a few weeks into 2019, with enough time having passed since January 1 for most of us to have failed to maintain at least one of our New Year Resolutions. However, one resolution you should definitely keep is to improve your cyber security in 2019.

The sheer amount of information, sometimes conflicting information, out there about how to improve your cyber security can sometimes seem overwhelming, but don’t let an excess of information discourage you from trying to improve your infosec in 2019. Taking just some simple steps can help you improve your cyber security this year.

1. Turn on two-factor authentication

This is definitely not the first time that we have dispensed this advice. Two-factor authentication (2FA) applies a second layer of security to your online accounts. It usually involves having to enter something you know (such as your password) along with something you have, such as a code that is sent to you by text message or generated by a token. Using 2FA means that even if a hacker steals your password, they won’t automatically have access to your accounts.

Most online banking accounts have had 2FA security enabled for a long time, but other online accounts have caught up now with most email providers (such as Gmail) and social media accounts (such as Instagram and Facebook) also now giving users the option of setting up 2FA on their account. If an online account gives you the option to set up 2FA you should definitely take it.

While 2FA can improve your online security, the use of SMS to send authentication codes has come under scrutiny in the last few years, with numerous researchers demonstrating that it is possible to intercept text messages, allowing hackers to get into accounts even if a user does have 2FA enabled. For this reason, using an authentication token or app, such as Symantec VIP, which cannot be intercepted in the same way as SMS messages, is a better idea.

2. Restrict apps’ permissions

Nearly everyone has a smartphone now, and on most people’s smartphones are a proliferation of apps, allowing people to share the minutiae of their day with the world, check the weather, and watch movies, among many other things.

However, when downloading and installing apps on your phone you should always check what permissions these apps are looking for, and only give the app permissions that allow it to run properly, and no more. Research by Symantec last year found that 89 percent of Android apps requested “risky permissions”; these are permissions where the app requests data involving the user’s private information, or that could potentially affect the user’s stored data or the operation of other apps. It would include things like the ability to track location, access the camera or the ability to record audio. Obviously a photo-sharing app requires access to your camera to work, but when apps with no reason request this kind of permission it would be considered “risky”.

For example, in the research conducted by Symantec last year, a torch app sought permission to access the user’s contacts, send SMS messages, and access the camera and microphone. Ensure you know the permissions all your apps have, and ensure they are as restricted as possible.

3. Start using a password manager

Seriously, stop reusing your passwords and start using a password manager. There have been multiple mega data breaches in recent years — with Yahoo and LinkedIn probably the most significant — meaning that if you use the same password for all your online accounts it is probably available on the web somewhere.

Cyber criminals can use this leaked data to carry out credential stuffing attacks. In credential stuffing attacks, attackers use lists of leaked user names and passwords to try and gain access to online accounts by using large-scale automated login requests directed at specific entities. If you use the same email and password for multiple online accounts, cyber criminals may be able to gain access to many of your online accounts in such an attack — yet another reason to ensure 2FA is switched on.

A password manager can store passwords for all your accounts and means you only have to remember one password — but you can use a different password for each individual account.

4. Check your social media settings

Social engineering scams remain a mainstay on the cyber security landscape. Social engineering scams don’t require special malware or clever tactics, they rely on the scammers ability to convince a victim to do something for them — normally, send them money. BEC scams and “grandparent scams” are just two examples of scams that rely on social engineering tactics. Making it easier now than ever for cyber criminals to carry out these scams is how much information people put out there about themselves online. To make life a bit harder for scammers, keep your social media set to private, and don’t give out lots of personal information (like how many kids you have, or your grandpa’s name etc) to strangers on the internet. The less cyber scammers know about you, the harder it will be for them to convince you they’re legitimate — don’t make their job easier for them.

5. Protect your devices

All your devices (including your cellphone, tablet and computer) should be protected with a good security package to detect malware and other cyber threats and keep your data safe.

Check out the Security Response blog and follow Threat Intel on Twitter to keep up-to-date with the latest happenings in the world of threat intelligence and cyber security.

Like this story? Recommend it by hitting the heart button so others on Medium see it, and follow Threat Intel on Medium for more great content.