Healthy habits for good cybersecurity
A few helpful cybersecurity resolutions to take into the new year. Happy holidays!
In a similar fashion to everyone getting the flu now and again, the risk of catching a cyberattack is a common one. Both a sophisticated social engineering attack or grammatically-lacking email phishing scam can cause real damage. No one who communicates over the Internet is immune.
Like proper hand washing and getting a flu shot, good habits can lower your risk of inadvertently allowing cybergerms to spread. Since the new year is an inspiring time for beginning new habits, I offer a few suggestions for ways to help protect yourself and those around you.
Recognizing a delivery method for cyberattack is getting more difficult. Messages with malicious links do not always come from strangers. They may appear to be routine communications, or seem to originate from someone you know or work with. Attacks use subtle but deeply-engrained cognitive biases to override your common sense. Your natural response ensures you click.
Thankfully, there’s a simple low-tech habit you can use to deter these attacks: before you act, follow-up.
You may get an email from a friend that needs help, or from your boss who’s about to get on a plane. It could be as enticing and mysterious as a direct message from an acquaintance who sends a link asking, “Lol. Is this you?” It takes presence of mind to override the panic these attacks prey on, but the deterrent itself is quick and straightforward. Send a text message, pick up the phone and call, or walk down the hall, and ask, “Did you send me this?”
If the message is genuine, there’s no harm in a few extra minutes to double check. If it’s not, you’ll immediately alert the originating party that they may be compromised, and you may have deterred a cyberattack!
When individuals in a neighborhood get the flu shot, others in that neighborhood are safer for it. Encryption is similarly beneficial. Encourage your friends, coworkers, and Aunt Matilda to switch to an app like Signal. By doing so, you’ll reduce everyone’s exposure to more exploitable messaging systems.
This doesn’t mean that you must stop using other methods of communication entirely. Instead, think of it as a hierarchy. Use Signal for important messages that should be trusted, like requests for money or making travel arrangements. Use all other methods of messaging, like SMS or social sites, only for “unimportant” communications. Now, if requests or links that seem important come to you through your unimportant methods, you’ll be all the more likely to second-guess them.
You wouldn’t brush your teeth with a toothbrush you found on the sidewalk. Why would you plug in a USB device if you don’t know where it’s been?! While we might ascribe putting a random found USB drive in your computer to a clever exploitation of natural human curiosity, we’re no sooner likely to suspect using a public phone-charging station or a USB cable we bought ourselves. Even seemingly-innocuous USB peripherals or rechargeable devices can be a risk.
Unlike email and some file-sharing services that scan and filter files before they reach your computer, plugging in via USB is as direct and unprotected as connection gets. Once this connection is made, the user doesn’t need to do anything else for a whole host of bad things to happen. Through USB connections, problems like malware and ransomware can easily infect your computer or phone.
There’s no need to swear off the convenience of USB connectivity, or to avoid these devices altogether. Instead of engaging in questionable USB behavior, don’t cheap out on USB devices and cables. If it’s going to get plugged into your computer, ensure you’re being extra cautious. Buy it from the manufacturer (like the Apple Store) or from a reputable company or reseller with supply chain control. When juicing up USB-rechargeables, don’t plug them into your computer. Use a wall charger with a USB port instead.
Keeping your devices healthy and happy is a matter of practicing good habits. Like battling the flu, good habits can help protect yourself and those around you. Incorporate some conscientious cybersecurity practices in your new year resolutions - or start them right away.
Have a safe and happy holiday!