When I started my career over 20 years ago, I was issued a corporate laptop with a phone-line dial-up modem and a beeper. For years, the computer was the only device I connected to the corporate network. The computer was provisioned to me complete with corporate standard software and all of the necessary security controls built in. The software was kept up to date by my IT department and the only things I had to do were keep the device physically safe from thieves and avoid losing it. Fast forward to today and things look much different. With the emergence of BYOD (Bring Your Own Device), more personal machines are connecting to the private networks of organizations without the oversight of IT. The presence of these devices increase the risk of exploitation from the outside. Chief Information Security Officers (CISOs), who are responsible for securing enterprise networks, face challenges with this new paradigm. The days of relying on the IT department to handle everyone’s cybersecurity needs are gone. It has become imperative for all of us to take a more active role in maintaining the right cybersecurity measures for ourselves. By paying attention and doing work to set things up properly, you can keep yourself and your livelihood safe. After all, like a chain with several links, your corporate security is only as strong as its weakest link. Do you want to be the weak link?
Taking the right steps will always be a balancing act of adopting safeguards on one hand without taking on unnecessary practices that become inconvenient or impractical (too expensive). The security precautions you take with your personal technology could be very different than those of your friends or colleagues. Citizen Labs from the University of Toronto offers a free, comprehensive, and easy-to-use Security Planner. It allows users to provide information unique to their situation – technologies they use as well as areas where they feel exposed. After the information is submitted, the planner provides tailored advice and supporting information.
I recently took a fresh look at my personal cybersecurity posture. I spent numerous hours online researching leading practices and implementing changes to protect myself (and by extension, Privoro). My intent with this mobile security blog series is to provide a comprehensive, step-by-step guide with actionable tasks conveyed over three posts. Due to the breadth of this topic, I have broken the content into several parts which will be released every couple of weeks. This post is the first part of a three-part series and focuses on increasing awareness and protecting your devices (such as laptops, tablets and smartphones).
Educate yourself regarding threats
Establishing an understanding of some of the key components of cybersecurity is a good place to start enhancing your personal security. Here is a list of items to consider to get you started. Follow the links below to learn more:
By learning more about exploits, you will be better prepared to handle them when you are affected.
Keep software up to date…
Make sure you are using the latest version of software for your devices – operating system, programs/applications and even drivers (for Windows users). As nefarious actors discover new vulnerabilities, tech companies rush to “patch” those vulnerabilities with software updates. By delaying the installation of updates, you are unwittingly providing hackers more time to take advantage of you so install updates as soon as they are available.
Utilize protective software for computers…
Contrary to popular belief, Apple Mac OS users are vulnerable to viruses and malware just like PCs (and the threat is increasing). Identify the right program for you from this list of anti-virus programs for Mac OS (list includes free options towards the bottom of the page). The anti-virus program I currently use is our corporate standard at Privoro. Previously, I used the free version of Sophos which I like and happily recommend.
If you are a Microsoft Windows user, you can select from this list of Windows anti-virus programs. Both lists above contain real-time anti-virus programs. For Windows users, on-demand anti-virus programs can also be used to scan files to identify malware for removal.
Keep in mind, installing more than one real-time anti-virus program on your machine can cause system conflicts. So if you are trying different versions prior to making a commitment, remember to remove existing anti-virus programs from your machine prior to installing a new one.
Keep track of your devices…
An often-overlooked aspect of cybersecurity is the loss of physical hardware (think: losing your phone or having your iPad stolen). For most people, the odds of having a device lost or stolen is much higher than being targeted by what people think of when they consider a typical hacker (some guy in a hoodie typing away in a basement, somewhere in the world). While leaving your phone somewhere you have been like a cab, airplane or even your local grocery store can be a scary situation, there are methods to help reunite you with your phone.
Recent model iPhones encrypt the entire hard drive when in “locked mode”. If you happen to have an iPhone, make sure you have enabled the passcode functionality. That way, even if a bad actor gets ahold of your phone, they would be unable to access your data on the phone. Make sure you enable the phone’s location identification service (“find my iPhone” for Apple users) if you have yet to or as soon as you get a new phone. Although, once your phone falls into the wrong hands, it typically gets turned off immediately. This limits the rightful user’s ability to remotely find, lock or delete data from the phone.
Part 1: Close
If you follow the steps above, you will be taking a big step towards increasing your security posture and protecting yourself. In Part 2, I will cover the steps necessary to secure yourself online.