October is Cyber Security Month, so we sat down with Gallagher Security’s, Governance Risk and Compliance Lead, Sam Dowse, to discuss the steps we should be taking to keep ourselves cyber safe.
When we tapped Sam on the shoulder about scheduling this interview, we said, “It will only take half an hour,” to which he replied, “Book two”. He wasn’t joking.
In his words, “It’s crucial to remember the importance of staying vigilant against cyber threats. In today’s digital age, our personal and professional lives are increasingly intertwined with technology, making cyber hygiene in daily life more important than ever.”
In this blog we discuss Sam’s top five cyber hygiene tips that, if adopted correctly, will significantly decrease the likelihood and severity of cyber-attacks.
Understanding cyber hygiene and why it’s important
Our online presence has become an integral part of daily life, from managing finances to socializing with friends to accessing sensitive work information, the internet is a gateway to a vast array of personal and professional activities. However, with increased connectivity comes the heightened risk of cyber threats.
When you hear the words cyber-attack, you’d be forgiven if you were instantly hit with a feeling of dread. While many of us may not understand the full extent of how destructive a cyber-attack can be, we can all take steps to bolster our security and mitigate the effects should we find ourselves the victims of an attack.
With cyber-attacks showing no signs of slowing down, already in 2024, there have been over 9,000 publicly disclosed global security incidents resulting in an estimated 35 billion breached records, significantly up from the estimated 8 billion breached records in 2023 (IT Governance, 2024), there has never been a better time to take stock of your cyber hygiene efforts.
By incorporating these tips into your routine, you can ensure that cyber hygiene in daily life becomes a habit, protecting your personal and professional information from cyber threats.
Tip #1: Ditch your birthday and pet’s name – Fortify your passwords:
When you think about your passwords, ask yourself the following?
- Is that password longer than 12 digits?
- Does it contain uppercase, lowercase, symbols, and numbers?
- Is that password unique – hasn’t been used on any other account?
- Has it been changed in the last 6 months?
If you answered no to even two of these questions, you should update your passwords.
One of the most fundamental aspects of cyber hygiene is the use of strong and unique passwords. Using long, complex, unique passwords for each account makes it harder for attackers to gain unauthorized access. By incorporating a mix of letters, numbers, and special characters, or using a lengthy phrase, you strengthen your defense against unauthorized access.
It’s important to remember that the fallout from a password breach can be significant, leading to identity theft, financial loss, data theft, privacy invasion, and reputational damage. Attackers can also misuse your credentials to access sensitive information, make unauthorized transactions, and launch further attacks.
The Australian Cyber Security Centre (ACSC) has released a series of short videos that explain the importance of passwords.
Tip #2: When less isn’t more - Multifactor Authentication:
You’ve likely heard the term dual authentication, or multifactor authentication (MFA). This is a way of adding an extra layer of verification, such as a text message code, fingerprint scan, or authentication app as an added layer of security beyond a password, and it’s a critical step in providing additional security, even if passwords are compromised.
By requiring additional verification methods, MFA significantly reduces the risk of unauthorized access, making it much harder for attackers to compromise your accounts, even if they have your password.
Without MFA, it is easier for hackers to gain access to your accounts through methods like phishing, brute force attacks, or keylogging. This can lead to data breaches, identity theft, and financial loss.
Tip #3: What’s under the hood is important – the importance of regular software updates:
In the same way we service our vehicles to keep them running smoothly and safely, the same applies to software updates across our devices.
Keeping software, operating systems and browsers up to date is another vital aspect of cyber hygiene, it ensures that you have the latest security patches protecting against known vulnerabilities and is crucial for maintaining security and performance.
Software updates often include patches for security vulnerabilities, bug fixes, and improvements that enhance the overall functionality of your device. By keeping your system up to date, you protect your data, ensuring any known vulnerabilities are not exploited on your device.
Outdated systems are more vulnerable to cyberattacks, such as malware and ransomware, which can lead to data breaches, financial loss, and reputational damage.
Tip #4: Don’t take the bait – how to spot a Phish:
Have you ever received an email and something about the sender’s address, the look or tone of the email seemed off? Have you won a competition you don’t remember entering? You may have caught a Phish, but this one’s not a keeper.
Learning how to recognize phishing attempts through unsolicited messages or emails can prevent attackers from tricking you into revealing sensitive information and handing over the password you so diligently made complex and difficult to crack.
Being aware of phishing emails is crucial, however sometimes difficult, as they can often appear to be from legitimate sources. Before you know it, they have tricked you into clicking malicious links or providing sensitive data.
By staying vigilant and learning to identify these deceptive messages, it helps you recognize and avoid scams designed to steal your personal information and corporate/customer data.
Falling for a phishing scam can lead to unauthorized access to your accounts, corporate data breaches, and the installation of malware on your devices.
Tip #5: Why freebies are a no-go zone: Avoiding Public or Free Wi-Fi:
Though we all like a freebie, public Wi-Fi is one we should avoid. Public networks are often unsecured, making it easier for hackers to intercept your data.
Using free or unsecured Wi-Fi with corporate devices is risky business because these networks are often not encrypted, meaning hackers can monitor your online activities, steal sensitive information, and even inject malware into your device.
Attackers can make light work of accessing hotel Wi-Fi with common or easily guessed passwords, connect to unprotected free airport Wi-Fi, or even create fake Wi-Fi hotspots, and once they are on the same Wi-Fi network as your device, their ability to compromise your information significantly increases.
The answer? Hot spotting off your phone provides a much safer connection. Mobile hotspots are typically private and encrypted, reducing the risk of unauthorized access. By using your phone’s data connection, you can ensure a more secure and reliable internet connection, especially when working remotely or traveling. This helps protect your corporate data and maintain the integrity of your work.
If using Wi-Fi is a last resort, ensure the corporate VPN is used. A VPN encrypts your internet traffic, making it much harder for attackers to intercept and access your data. This is especially important on unsecured networks, as it provides an additional layer of security.
Layer up – stay cybersafe
So, what’s the connection between cybersecurity and Swiss cheese?
The Swiss Cheese Model in cybersecurity illustrates how multiple layers of defense work together to protect against threats. Each layer, like a slice of Swiss cheese, has its own vulnerabilities (holes), but when combined, they create a robust defense system.
This model emphasizes that no single security measure is foolproof; instead, a combination of technical controls (like strong passwords, MFA and Firewalls), procedural controls (such as regular updates and access controls), and human controls (like user training and awareness programs) collectively minimize the risk of a security breach. By overlapping these defenses, the likelihood of a threat penetrating all layers is significantly reduced.
These steps should form the basis of any good cyber hygiene best practice approach, and when adopted correctly and revisited frequently, will go a long way to significantly decreasing the likelihood and severity of a cyberattack against you or your organization.