We can prepare for 2015 by learning from past data infringements or compromises that may have affected us personally or professionally. We need to learn from these incidents in order to prevent their reoccurrence or at least mitigate our risk in the future. Here are some key lessons we should all adopt in order to secure of finances, identity and online activities:
- Keep your systems current with updates and patches. New zero-day attacks have no initial defense but as soon as a countermeasure is made available it should be installed.
- Keep security products (such as firewalls and anti-malware scanners) current. Old safeguards are less reliable than current ones.
- Monitor your purchases made on credit cards, debit cards, ATM cards, as well as those made by check. This should be done at least on a weekly basis. As soon as you notice any suspicious activity, report it to your financial institution immediately.
- Realize that online activity is never completely safe. Consider using a separate credit card for online transactions. Also, use the Electronic Frontier Foundation’s (EFF) browser plug-in, HTTPS Everywhere, to request secure connections.
- Avoid using file sharing services in which the origin of files is unknown or unconfirmed. This will reduce your exposure to malware infections.
- Turn on WPA-2 encryption on your home or office wireless connection. This will minimize your risk of wireless hacks and attacks.
- Delay adopting smart-home technologies or Internet of things (IoT) products, as many of these have been rushed to market with little consideration for security.
- Keep a reliable backup. Be sure to have at least three copies of your data (i.e., the original and two backups), use two different forms of media to store your backups (i.e., hard drive and online), and do not store the backups in the same location.
- Lock your portable devices with a password. Enable on-device storage encryption on your portable devices.
- Review the security settings on your social networks. Set more restrictive values so that minimal information and activity is exposed to the public.
- Review the apps installed on your portable devices. Uninstall or disable any app you do not use. Be cautious about installing new apps and read the security and permissions disclosure when installing apps. Consider disabling the location services on apps when you do not see a specific benefit of having your location tracked or posted.
- Be cautious about the files you download, the attachments you open, and the links you follow. We all need to be a bit more skeptical and aware of the subtle clues to which our actions may involve us in a malicious event.
- As an employee, pay attention to the security policy and job training provided. Taking care to understand the rules and boundaries will help you stay compliant and minimize the risk and exposure to the organization.
Most of these lessons learned are security concepts that we have discussed before and most of us know we should be following them but many do not. We need to learn from the compromise of others and then implement proper safeguards in order to minimize our risk to the same exploits in the future.