The concern over cyber security has steadily increased for the last few decades, and with recent news stories of hospitals and universities being forced to pay tens of thousands of dollars in ransom for their data, the headlines have brought the very real threat of a cyberattack into the forefront of public consciousness.
There are many ways to increase your defenses against such an attack on your network, and we’ve previously covered ways to do so by hardening your IT infrastructure. But while technological defenses are essential, they are ultimately only as strong as end user behavior allows them to be. Working with the human element can often be overlooked in IT. But it is critical that support engineers and systems administrators keep in mind that it’s always people using those systems. In the end, no matter how secure the technological environment, people and their habits are going to be a potential avenue of cyber-attacks.
Keeping the person in mind when addressing security is critical, and to that end, the following list provides some simple advice that can help anybody create more secure computer use habits.
1. Do be suspicious of any email attachments you are not explicitly expecting.
Email attachments are a very common avenue of infection, particularly with ransomware. Most people know this, but one of the reasons they remain so successful is that email can often be spoofed to appear as though it’s coming from someone inside the company (this can be even more dangerous in larger organizations where not everyone knows each other) and attachments are downloaded without a second thought. Therefore, it’s always best to just leave the attachment alone unless it was specifically expected.
2. Do practice good password habits.
Passwords are the bane of many users. Having to come up with something that is secure, unique that is also something that you can remember is challenging. But having a secure password is critical for good security practices, so what can be done? Using a good password manager program, such as KeePass or LastPass, is a very good option. But they require configuration on each machine where they are used and may also require that licensing be purchased for commercial use. If that leaves password managers off the table, then it’s important to remember the three keys to strong passwords: Length, Complexity, and History. Make sure that your password is long (at least 8 characters), complex (it uses a combination of upper and lower case letters, numbers, and special characters like “! or $”), and is changed often. This last element is often overlooked, but no matter how secure the password, the longer it’s active, the weaker it becomes.
3. Do learn to recognize HTTPS sites (SSL) and always look to make sure they are secured.
If you’ve ever been looking at a website like Amazon or Facebook and noticed a little padlock icon on the browser, then you’ve already seen what a secure website looks like. A secure site will always start with HTTPS: instead of HTTP: and depending on which browser is loading the site, will have that padlock symbol to the right or left of the address at the top. Why is it important to check for this little symbol, though? The reason is that without it, there’s no guarantee that the site you’re looking at is the site it claims to be. Many malware distributors will set up sites that masquerade as a legitimate site, but in fact are there simply to place malware on your machine.
Note the lock icon to the left of the url.
4. Don’t trust strangers.
Just like websites, it’s always best to make sure you know who your talking to when it comes to any sort of technical support. Be wary of people (or software programs) that make claims regarding speeding up your PC or cleaning up junk. This can be a very appealing offer as workstations will never seem to run quite fast enough for someone trying to be as productive as they can. But it will always be better to rely on your IT professional to address those types of issues. Make sure you’re only giving access to your machine (and by extension your company’s entire network) to those you know and trust.
5. Don’t be afraid to ask for help.
Lastly, when you do have someone you know and trust, never be afraid to ask questions about anything that doesn’t seem right. Whether you’re not sure about an email attachment, or if you’re on a website that doesn’t look quite like what you were expecting, always be ready to ask. A great IT support team will be happy to answer your questions, because a great IT support team will know that that is the best way to help their users learn how to work more securely.