Please consider implementing all of these action items to help secure both your personal and professional accounts, and help minimize your vulnerability to cyber attacks. This list is only a brief introduction to steps you can take to secure yourself:
1) Turn on Two Factor Authentication
Two factor authentication is a log-in process that requires the user to use two types of credentials; something you know (such as a password), something you have (such as a cell phone), or something you are (such as your fingerprint). The most common two factor authentication is a password and an additional code sent to a separate device. It is most often triggered when you use a new device or are at an unusual location. Two factor authentication will stop fraudulent attempts to guess your password or brute force attacks on your log-in. These services also notify you to check your accounts and change your passwords if there are unsuccessful authentications.
2) Change Your Passwords and Consider Using a Password Generator and Keeper Service
Changing passwords is a hassle, but it is one of the easiest and most effective ways to limit your vulnerability. Every day you have the same password, or use the same one for multiple accounts, the likelihood increases your accounts are already compromised. Just because you can still access your account, doesn't mean a hacker is not monitoring your activity. By changing your password on a regular basis, and using an online password generator and keeper service, you are resetting the work of hackers. The benefits of a generator and keeper service are that strong passwords are created and you do not have to remember each unique one. LastPass and 1Password are widely-used services for both generating and storing passwords, but be sure to look for independent reviews of any security apps before downloading.
3) Don't Click on Phishing Emails
Phishing is the use of an e-mail, usually made to look official or from a trusted friend that asks you to open an attachment or click a link, resulting in a virus being downloaded to your device. These e-mails use social engineering, the practice of manipulating people using personal information or relationships, to trick the recipient into giving more information or access to the sender. Common examples are e-mails trying to look like shipment notifications and asking you to click to track the package, or an e-mail from a widely used software or hardware company trying to get you to register a product or device. Your first reaction to any suspicious or unexpected email should be to first delete it, and then call the sender on a number you find independently to verify the authenticity and ask for them to resend the message if it was legitimate. For more routine messages between your friend, family, or co-workers that requires a link or an attachment utilize a secret keyword (e.g. "Sutter" or "Colusa") that will be harder for a hacker to replicate in fraudulent e-mail.
4) Update Your Software
Every day, tech companies have thousands of security technicians making sure our devices and programs are secure by patching vulnerabilities. In the past a string of vulnerabilities allowed hackers to access iPhones and read texts, e-mails, record calls, track your location, and even turn on the camera and microphone. Apple quickly provided an update but that work goes to waste if, like many average users, you never download it. Whenever your device prompts you to update, take the time to do so. Some devices allow you to enable a setting to automatically update your software overnight when you device is charging and not in use.
5) Use Encrypted Communication
Many forms of electronic communication are at risk of interception during transmission. If written communication is required, using services like iMessage (Apple's blue text messages), Viber, Signal, or another end-to-end encryption service will limit your messages' exposure during transmission. But, it is always safer to call rather than send written electronic communication when dealing with sensitive information. The use of secure apps is especially important to share with co-workers, friends, and family because messages are only as secure as the weakest recipient.
6) Turning off Location Services
While some applications do require location services to function, many applications' default settings go beyond what they need and track your location continuously. This increases your vulnerability as your location data is then on dozens of servers hosted by different companies around the world. Location data itself is personally sensitive and can cause harm if in the wrong hands, but it is also used to inform social engineering efforts and can help hackers target you when you are away from home, or on vacation. Turning off location services is most important for devices themselves but should also be considered for social media accounts including Twitter and Instagram that store and can post your location for the public to see.
7) Don't Use Public WiFi
It is common for hackers to set up fraudulent open WiFi networks like "Airport WiFi" to lure victims. Connecting your device to these public WiFi services gives hackers access to your information, including the information you send and receive. Make sure that your device's settings do not automatically connect to unknown WiFi networks (for iPhones turn off "Ask to Join Networks"). If using WiFi in public is unavoidable, research VPN (Virtual Private Networks) services that can help mask your identity.
Questions? Please reach out to Asm. Jacqui Irwin, Chair of the Assembly Select Committee on Cybersecurity and the Co-Chair of the NCSL Cybersecurity Task Force.
Staff: Brandon Bjerke (916) 319-2042
You can learn more at the U.S. Dept. of Homeland Security's Computer Emergency Readiness Team. We need to work together to make smart choices with our technology.