People often say you can’t truly understand something until it happens to you, which is true in many situations in life. We can’t imagine data security issues impact our lives.
All infrastructure is vulnerable to attack.
There is no magic platform that is completely impenetrable now and in the future. Despite what you may see in advertisements, no vendor, no firewall, no router, no hardware, no operating system, and no software product can block all possible attacks.
This is why information security is a process that begins when a system is being planned, and monitors, evaluates, and corrects security issues throughout the lifetime of the system, and continues until the system is decommissioned and its components securely disposed of.
What are the cybersecurity attacks?
Cybersecurity refers mainly to protecting internet-connected systems, including hardware, software, and data, from cyber attacks. Cyber attacks can result in the following issues:
- Data theft
- Ransomware installation
- Data corruption
I thought you could use a starting point, a guide you can use to do a personal security risk assessment, so you can then take the necessary actions to improve your protection from cyber-attacks.
In order for your data to be secure, it has to check 3 important factors. We want our information to:
- be read by only the right people (Confidentiality)
- only be changed by authorized people or processes (Integrity)
- be available to read and use whenever we want (Availability).
When going through the questions below and answering them honestly (no grades will be given), keep in mind these three principles. This security risk assessment is not a test, but rather a set of questions designed to help you evaluate where you stand in terms of personal information security and what you could improve.
- What type of information do you have stored on your computer (pictures, work documents, applications, passwords, etc.)?
It will be really useful to make a list of the different types of information you have stored:
- Locally, on your computer
- Online, in different apps (cloud-based or not) and on various websites.
Do you have personal emails, work documents, confidential corporate data, photos and videos of your family or personal information, such as banking credentials or passwords?
- Which online services do you use more often?
Think of the online services you use on a daily or weekly basis. You could list:
- Online shopping
- Social networking
- Online banking
- News websites
- Download portals
- Chat applications, etc.
- Define how valuable each asset to you.
You can use three degrees of importance: “low”, “medium” and “high”. Define this value based on the potential cost (financial, reputational or emotional) of an unauthorized person gaining access to that piece of information or service.
- Online banking password – high value
- Playlist stored on your music streaming service – low value.
- How do you keep your sensitive information safe?
Consider the following options (and others that apply to your situation):
I use strong passwords (longer than 8 characters and including symbols and numbers)
I use passwords for both my online accounts and for logging into my laptop/tablet/phone
I use two-step authentication whenever it’s available
I have set strong security questions in the event of a security breach
I have my email accounts connected so I can regain access to my information in the case of a cyber attack
I set up my phone number to receive alerts from important services (such as online banking or email) in the case my accounts should be compromised.
- What kind of security are you using?
Do you have an antivirus solution installed? Do you update it regularly? And, most of all, do you know that antivirus is not enough?
In order to understand why antivirus is not enough, you’ll need to learn about the difference between an antivirus and an anti-spyware product. To put it briefly:
- When you’re already infected, antivirus programs detect if a virus is on your PC and they remove it.
- But what you need is not to get infected in the first place.
- So that’s why you need a tool that can work proactively to detect and block malware.
- Another layer of protection you could use is a firewall and even an encryption application that can ensure that your data won’t be accessed in case your gadgets are stolen.
Before choosing any cybersecurity product, make sure to do some research and learn about what the product offers, check AV testing websites (AV Test, AV Comparatives, Virus Bulletin, PC Mag) and other reviews that compare options, so that you can make the best choice for you.
- What security software are you using against financial and data-stealing malware?
Cyber-attacks directed at collecting financial information and leaking confidential data are increasing in numbers and severity. This is why, in order to conduct online transactions with peace of mind, browse the web securely and keep your private information secure, you’ll need a dedicated product.
In order to get protection against financial malware, the solution you need should:
- include a real-time Internet traffic scanner that scans all incoming network data for malware and blocks any threats it comes across
- be able to provide malware detection and removal of malicious software that has already been installed onto a computer
- have a website security scanner feature that checks the website you want to visit, detects malware and blocks it.
- Are you using a backup solution for your operating system or for your vital information?
Keeping your data backed up is crucial for your cyber security plan. Evaluate your options: would you rather use an external drive or a cloud based solution? Weigh in the pros and cons for each, but be sure to keep the essential information you deem valuable safe.
Backup your data regularly in order not to lose the important progress you’ve made. There’s even a World Backup Day celebration happening on March 31 to help you remember!
- How do you protect your shared documents (e.g. Google Docs) or gadgets (computer, tablet, etc.)?
Do any other people use your gadgets? Have you set up guest accounts for them or do they have access to the administrator account? Do you have kids that use your gadgets (and have you taught them about information security)?
I know these seem like a lot of questions, but the human factor is the most common cause for cyber-attacks because hackers know how to manipulate and trick the vulnerable categories into revealing information or installing malicious software.
Also, keeping a back-up of shared documents and files could save you the trouble of having to do the work all over again if someone should delete or modify those files. When possible, be sure to offer view-only permission and regularly check who has access to confidential information (after a colleague’s departure from the company, after a break-up with a spouse or boyfriend/girlfriend, etc.).
Maintain a vigilant attitude and, to the extent that you can, try to share valuable these what you’ve learnt from this security risk assessment with those around you, especially with the people you shared gadgets or accounts and documents stored in the cloud with.
- How do you manage your passwords?
You’ve probably accumulated plenty of passwords by now, which is what makes it so difficult to manage them. You may be tempted to use the same password more than once and make it easy to remember, but, by all means, NEVER do that!
The safest way to manage your passwords is to use a password manager application, like LastPass. You should use a generator to create long, complicated passwords and store them in LastPass, and NEVER, EVER store them in your browser.
This is especially recommended if you’re using your personal device at work. Don’t forget to password-protect your devices as well, and remember to lock/log off each time you leave them unattended.
It may take a bit to set things up at first, but, when you’re done, you’ll have more peace of mind and have a simpler way to manage your passwords.
- Do you regularly update the software you use?
Consider some of these choices:
Do you perform operating system updates when you’re prompted to do so?
Do you have automatic software update set up for both your OS and your applications?
Do you regularly update Oracle Java, Adobe Reader or Adobe Flash, which are known to cause 85% of security exploits that hackers use?
Do you keep your browsers updated to the latest versions?
One of the most common and dangerous types of cyber attacks that hackers engineer are called “social engineering” strategies. These attacks entail the psychological manipulation of the victim to trick the person into divulging confidential information. The purpose can be information gathering, fraud, or system access.
So, ask yourself: do you reply to e-mails received from unknown people? Do you trust strangers and talk openly about your digital assets? Think about how you behave online and then adjust your habits so that you can become your own layer of protection.