What Security Advice Do The Experts Offer?

I recently read an article from Heimdal Security about online safety.  In this article Heimdal had asked 18 experts in the field of cybersecurity for their top 3 ideas about how to stay secure.  The contributors included top cybersecurity professionals from several anti-malware companies, security bloggers, and cybersecurity industry professionals.  The original article is here.

What I found interesting were the suggestions that they shared in common.  Here’s the rundown, and the number of security pros who offered same the tip.

Hacking Humans and Social Engineering

  • You are the most important security tool.    Be skeptical, trust no one.  Many exploits rely on social engineering and trickery to work.  Learn how they work.  Don’t be someone who falls for these exploits. (3)

Email and Phishing

  • Don’t click on links in emails from unknown parties. (6)
  • Be aware of potential phishing emails.  Spelling and grammar mistakes have decreased, you need to know what else to look for. (5)
  • Be aware of potential computer exploits targeting your computers. (4)

Updates and Patching

  • Patch third party applications such as Java, Reader, and Flash (9)
  • Run systems updates for your operating system.  (Windows updates, Apple updates) (7)
  • Update firmware for on all your devices including routers, networking devices, printers, and system BIOS on computers.

Passwords and Authentication

  • Create long and strong passwords of at least 10 characters.  (5)
  • Set up and use a password manager for all your passwords. (My favorite is LastPass.) (3)
  • Never reuse the same password on multiple accounts. (3)
  • Set up and use two-factor authentication wherever you can. (5)

Anti-Malware

  • Run an anti-malware software.  Windows Defender is pretty decent and better than nothing.  Or choose a program that is highly rated by an independent test lab such as A-V Test. (4)

Web Browsers and Web Applications

  • Update to the latest version of whatever web browser you use. (Edge, IE, Chrome, Firefox, Safari)
  • Disable or restrict Java and Flash on your web browsers.  (2)
  • Buy and use a Chromebook for web browsing, online banking and shopping.  Because Chromebooks rely on browser and cloud apps, and are unable to install applications including malware, a Chromebook is more secure.
  • Be careful what you download.  Use the manufacturer’s website.  Avoid popular download sites, they often offer unwanted programs that hitch a ride with the program you wanted. (2)
  • Free software and apps are not really free.  They take your personal information in exchange for your “free” use. (2)

Mobile Devices

  • Verify or set security and privacy settings on mobile devices
  • Use smartphone security such as a screen lock. (2)
  • When using unencrypted public Wi-Fi, use a VPN. (2)

Social Networks

  • Verify or set security and privacy setting on social network accounts.
  • Avoid over-sharing on social networks. (2)

Information and Data Security

  • Back up all your data, not only your computer, but your phone and tablet too. (2)
  • Think about the files you are creating and saving.  You can’t lose what you don’t have.
  • Be aware of third-party collection of your personal information and data.  This information is generally used in marketing, but can also be a gateway to an attack or exploit.

Following these tips can help you create and maintain a strong cybersecurity environment for you, your computers and devices, your networks, and your information.

0

About the Author:

Cybersecurity guru to business owners in the St Paul, Minneapolis, and western Wisconsin area. Computer security and hacking have been a passion of mine since I entered the computer and networking business in 2000. In 2013 I completed a course of study and certification exam to become a Certified Ethical Hacker (CEH). In 2016 I was certified as a Certified Information Systems Security Professional (CISSP). As Cybersecurity Analyst at The WyzCo Group, I help our clients experience high levels of computer security, network security, and web site security. In addition to consulting on security products and services, we also conduct security audits, vulnerability assessments and full penetration tests. We also provide Cybersecurity Awareness Training for clients and their employees. We also work with companies and organizations that need to certify compliance with regulations such as PCI-DSS (credit card processing), HIPAA/HITECH (medical records), and GLBA. The views expressed on this Web site are mine alone and do not necessarily represent the views of my employer.

Add a Comment


This site uses Akismet to reduce spam. Learn how your comment data is processed.