Those of us who are able to work remotely in response to the COVID-19 outbreak are now taking more of our IT security into our own hands. But beyond staying aware of the latest coronavirus-inspired scams, what we can do to look after our own online security in these uncertain times?
What follows is our time-tested list of cybersecurity best practices that, in a perfect world, we’d all adhere to all the time. Nothing flashy, nothing dramatic. Just a list of habits cybersecurity experts agree could help make us all a little more cyber resilient.
Use antivirus software
While it sounds like a given from a company that makes it, antivirus software—we prefer the all-encompassing term anti-malware software, since viruses are only one strain of malicious software and you’re likely to be targeted by others—is an essential step in securing your devices. All your devices.
While most anti-malware software was once list-based, meaning it relied on a semi-static list of known threats living on your devices and fed by continuous updates, the industry gold standard is shifting to cloud-based.
This eliminates the need to continuously update and store bulky lists on your devices, which can lead to performance issues and allow new, sometimes as-yet-identified, threats to slip by. Cloud-based anti-malware software that can monitor unknown applications and decide on threat status based on their actions (with the ability to roll those actions back) is even better.
Regularly patch system software
This should be a no-brainer. But just like periodically changing your home’s air filter, it’s easily lost in the shuffle of everyday life.
Patching is essential since cyber criminals are always on the hunt for known exploits that could help them profitably infect unsuspecting users. Once patches are issued in response to exploits discovered by (sometimes ethical) hackers, it’s a simpler proposition to work backwards to the original security gap being addressed.
This applies to all software installed on your system, but it’s especially important for operating systems. They must be kept up to date, with upgrades if necessary. Windows 7, for which service has been discontinued by Microsoft, saw a 125% increase in malware targeting it over the course of 2019, as reported in the 2020 Webroot Threat Report.
Use strong passwords. And keep them to yourself
Our latest study on the password habits of 2020’s Most (and least) Secure States, we found that 34% of Americans are still sharing passwords! Americans who shared passwords for streaming services like Netflix were twice as likely to experience identity theft as those who didn’t.
Without going into too much math here (though it can be found here for those interested), long passwords are simply more effective than short ones against brute-force attacks, even when special characters are used. Passphrases are even better.
Essentially, it’s important to understand that “Keyb04rd$” is significantly weaker than “everyone loves a good passphrase”.
Limit your sharing of data
As data breaches continue to occur, we as internet users, must understand the tradeoffs and risks that accompany its many benefits. Users should limit where they share their information online and with whom. This, along with the other cybersecurity best practices we've discussed, make things safer not only for individuals but also for the internet as a whole.
If we stop offering up our data so freely, then we leave a less enticing bounty for cybercriminals to pursue. Being better stewards of our own data could also reduce the need for more legislation and privacy penalties, making the internet a more enjoyable place to spend our time.
When all else fails, back up
Another essential best practice for protecting data while working from home is reliable backup. When all else fails, data backup is the only surefire way to bounce back. True cyber resilience requires having a plan when all else fails.
Backup solutions can also protect you from unforeseen events around the house. Ever dropped your laptop? Ever spilt coffee on the keyboard? What about a hard drive failing? It’s essential to think about the physical risks around the home as well as the security risks.
There are four main ingredients to a resilient backup solution:
- Backups need to be automatic. It's no good relying on memory. Backups needs to happen regularly, especially when you're not thinking about them.
- Backups need to be off-site. Local backups are not secure. You’re tempting fate by keeping originals and copies like eggs in the same basket.
- Backups need to be immutable. Once a backup happens, there should be no way anyone or anything can get into it, modify it, or delete it.
- Lastly, backups should allow for recovery from any point in time. In the event of any kind data corruption, accidental deletion, unintentional overwrite or hardware failure, it’s important to be able to roll files back to when the data was good.