The digital world is changing at a tremendous speed. New communication technologies open up new possibilities, but by using them you can also expose yourself, and others, to risks. Each individual now has an online presence not just limited to having an email address. The use of social media platforms, the galore of online shopping, and the expression of interest to go digital/online payments have open floodgates of security issues and cyber attacks.
Security researchers have been suggesting and stressing the importance of having a secured online presence. We shop online. We work online. We play online. We live online. As our lives increasingly depend on digital services, the need to protect our information from being maliciously disrupted or misused is really important.
Here are these six simple steps to gain peace of mind and more control over your online security:
1. Protect account with strong authentication. We cannot deny the importance of having a strong identification and authentication mechanism for parties who have an online presence. Username password-based authentication is giving ways for having stronger authentication. Strong authentication sometimes referred to as two factor or multifactor authentication requires you to have more than just passwords to sign in. It needs to be coupled with security keys or Biometrics or One time codes etc. It provides an extra layer of security over just having a username password.
2. Keep software updated. When you run an outdated software possibility exploits getting realized becomes two folds. Hackers are always in the look out for exploiting vulnerabilities associated with running an out-of-date software, Always keep your software — including Internet browsers, operating systems, plugins, and document editors — up to date on internet-connected devices It helps prevent malware infections that could compromise your devices and accounts. The recent incidents of Wannacry ransomware could have been avoided if the system was running on the latest version where Those still running older, unsupported versions of Microsoft Windows, such as Windows XP and Windows Server 2003 were at risk.
3. Avoid phishing attempts. Attempts by cybercriminals, nation states, or hacktivists to lure you into giving away personal information to gain access to accounts or to infect your machine with malware and viruses are called “phishing.” Hackers can use various channles such as email, phones or text messages and lure you in giving them the information they want to execute phishing. Spear phishing usually is attempted on a target group or a user to gain information
Attackers would apply all tricks to get users/ victims to sign in on a fake login page where their usernames and passwords can be stolen. As a vigilant user and to keep your online identity secure you can take various measures to avoid being a victim of phishing. Don’t click any link from unknown sources, always read the warnings issued by the browser or by service provider in an attempt to try accessing any insecure content.
4. Use unique passwords. Many security experts and articles would point out passwords as the weakest link of all the controls an application can have. As pointed earlier about having a strong authentication, a username password in combination with any second method of authentication is recommended. With the use of passwords it is imperative to ensure that every online account that own have must have a unique password. When passwords are reused and lack uniqueness, if hackers can steal your one account credentials chances are that your other accounts with the same passwords may be compromised. If need be, use a password manager tool to help you remember just the master password to access your other passwords.
5. Protect mobile devices. Widespread use of mobile & tablet devices to carry out you day to day online activity has given a way for attackers to steal your mobile device in order to gain useful information. Since Mobile phones and tablets contain a wealth of personal data, including emails, contacts, schedules, your locations, and direct access to apps and in some cases even financial and banking data losing your mobile device could lead to personal information leakage. As a prime requirement have a passcode or a touch id to lock your mobile device. Ensure that you know the steps to remote wipe your data when the phone is lost. If you lose a device issued to you at work, ensure to contact your organization and have the admin take necessary actions to ensure that the data is removed or wiped our remotely.
6. Use trusted security tools. To manage your online presence and ensure online security of your account, service provides tend to offer many useful tools and settings on your device. Always ensure to turn the strong authentication feature that the providers offer, refer to their guided help on how to turn that own, read the privacy policies to make sure that your data is not used without your consent. Always manage your notifications to get the necessary alerts from the app or device
Note : What is the Lock Down Your Login campaign?
The “Lock Down Your Login” campaign, a key public-facing pillar of the multifaceted Cybersecurity National Action Plan (CNAP) announced by the White House in February 2016, is a STOP. THINK. CONNECT.™ initiative led by the National Cyber Security Alliance and developed by a coalition of industry leaders and like-minded organizations working in collaboration with government, who understand the importance of cybersecurity awareness and education. The campaign was built upon a broad, coordinated effort to increase consumer awareness of our individual and collective roles in cybersecurity.
Authored By - Abhishek Gandhi
TCS Cyber Security Practice
National Cyber Security Alliance (NCSA)