Human error is the weakest link in cybersecurity. Individuals want to cut corners on devices they use for efficiency, especially ones that are used hundreds of times a day. Although it’s nice to open your phone by clicking one button, or avoid logging into a social media account every time you access it, these practices create security risks. Individually, these shortcuts aren’t extremely harmful to security, but when multiple are used, bigger gaps are created that enable attackers to more easily gain unauthorized access. In a perfect world, none of these gaps would exist. But because of evolutions in technology, it’s important to implement the following strategies based on individual risk tolerance.
1. Utilize Multifactor Authentication to Secure Your Device
The first line of defense on any device is usually a password. Everyone has heard of best practices for passwords (e.g., use more than 8 characters, use an uppercase letter, use a special character, etc.), which used to be all someone needed for frontline security. However, with the advent of computers that can crack more complex passwords and the widespread usage of social engineering, securing devices and accounts requires more than it used to.
Created in the mid-1990s, multifactor authentication (MFA) has been around for almost thirty years and is the new standard for frontline security. MFA utilizes two or more forms of authentication for access to an account or device (i.e., a strong password combined with a randomized SMS pin for every login). Although this technology isn’t new, it’s very secure and demands additional steps for an attacker attempting to compromise a device or account.
This means that an attacker can’t use brute force or phishing to access an account. They must also have access to a phone or another device that is used by the account holder for authentication. Attackers tend to target the most vulnerable devices or people. If a possible intruder sees that MFA is in place, they might be deterred.
2. Plan for Your Device to Be Lost or Stolen
Planning for a worst-case scenario is always smart. If a device is lost or stolen, it’s important to have options. Being able to prevent the loss of a device, recover it, or destroy sensitive information on a device not in your possession is critical to the security of that information. Implementing a redundancy strategy for sensitive data increases the chances that the confidentiality, integrity, and availability of the data will stay intact.
One option is encryption, which must be implemented prior to the device being stolen or lost. It will increase the chance for the data’s integrity staying intact. Even if stolen, an encrypted device can mean challenges for an attacker, considering the tools and computers required to break most encryptions. All devices should be encrypted to prepare for a worst-case scenario.
If a device is lost, step one is location tracking. Enabling location services and installing a location tracking app will provide insight into what the next steps for recovery. If the device responds with its location, physically checking the reported location is a good option. If it isn’t reporting its location, tracking may have been disabled by an attacker and other options should be considered.
A remote wipe should be used as a last resort if device recovery isn’t possible. Make sure that a remote wipe function is set up when configuring a device, just in case. Additionally, implementing regularly scheduled backups will preserve the availability, rather than just the confidentiality, of the data. Ultimately, having a plan for when a device is lost or stolen will determine if your data security.
3. Be Mindful When Connecting to and Using Networks
Networks are everywhere – at the local coffee shop, at home, at work – but not every network is built the same. Some networks don’t have the security features that others do or may even be run by malicious attackers to trick users. Be mindful about what networks you connect to and how you connect to them to prevent your devices from being compromised. A good rule of thumb? Only trust known networks, like a personal or work network, and not unknown networks unless you’re very sure. Even if they might seem secure, it’s hard to know with absolute certainty.
Most modern devices automatically connect to known or open Wi-Fi. This can be efficient, but like taking login security shortcuts, automatically connecting to these networks is dangerous. By connecting to an open network automatically, a user might expose their device to an unsecured network, or a network that has bad actors connected to it as well. It’s much safer to manually connect to a secure password protected network. If device security is a necessity, be sure to only connect to secure networks that are trusted and password protected.
Most networks are connected to the internet, which holds even more potential for threat actors to spy on potential victims. A safe solution that most people use to keep their online identity safe and anonymous is a Virtual Private Network (VPN). A VPN utilizes the ability to jump between multiple servers before connecting to a website. This hides your IP address, which can hold a lot of information, and makes it harder for threat actors to track where you are on the internet. VPNs are a simple way to secure your online browsing and personal devices.
In addition to securing online browsing and personal devices VPNs are also a great way to secure business devices when working remotely. However, managing a VPN for a whole organization can be difficult. NuHarbor’s first choice for businesses that need an easy to integrate security package for remote work is Okta. Their lifecycle management doesn’t just save you time, it saves you money when integrating a VPN or other security application. Talk with a NuHarbor expert to learn more about Okta and how their services can help secure your organization.
4. Prevent and Mitigate the Spread of Malware on Your Devices
Malware is everywhere and constantly evolving. Luckily for the average consumer, so is security. Keeping your software and firmware up to date is a key component in keeping up with this infinite cat and mouse chase. Developers periodically release updates for their devices, and as a user, it’s important to download and install these updates to protect against new malware and exploits. If a threat is known to be very dangerous, a developer may push out a patch. These are arguably the most important to download and install due to the severity of the exploit that warranted a swift response from a developer.
Developers won’t be able to catch every exploit instantly. To protect against malware, users should employ effective counter measures on their devices (e.g., antivirus software). Windows Defender, a built-in antivirus on Windows OS, protects users automatically from malicious looking files. But it’s also a basic antivirus, and with the right knowledge can be bypassed without any alerts. Therefore, researching an antivirus that fits the risk tolerance of a user is an effective way to prevent and mitigate the spread of malware.
Human error is a device’s biggest security risk, thus mitigating the actions that cause this error can lead to substantial results. Researching applications before you download them is a prime mitigation strategy. If an application seems too good to be true, or looks potentially malicious, you should confirm that what you’re downloading is what you intended to download. Email is another place where users should utilize a cautious attitude. Being wary of suspicious emails and only download trusted files.
5. Prepare for Your Device to Be Compromised
Ultimately, preparing for a device to be compromised can result in preservation of critical data integrity and confidentiality. Therefore, use devices and manage the data on them as if they were going to be compromised within the hour. Credentials should never be stored in clear text on notepad-like applications. This makes it easier for an attacker to gain information once in the system, which is never beneficial for the victim.
Similar to how you lock your house when you leave for work, be sure to lock your devices when not in use. Leaving a device with personal data or credentials unlocked, especially in a public setting, can have major consequences. Don’t make a threat actor’s job easier than it could be.
Protecting User Devices
Integrating the techniques and habits described above will increase your cybersecurity maturity and give any user peace of mind that their data is safe. This isn’t to say breaches can’t still occur, especially in higher risk environments where the attack surface is much greater, but these tips will help to prevent hackers from easily accessing your devices. Are you looking for a cybersecurity provider that can protect your organization’s devices? Contact the NuHarbor experts for more information.
Justin (he/him) is the founder and CEO of NuHarbor Security, where he continues to advance modern integrated cybersecurity services. He has over 20 years of cybersecurity experience, much of it earned while leading security efforts for multinational corporations, most recently serving as global CISO at Keurig Green Mountain Coffee. Justin serves multiple local organizations in the public interest, including his board membership at Champlain College.