You are here

Home » Cybersecurity resources

Cybersecurity resources

Staying safe online

One wrong click could let hackers steal your identity, access your financial accounts, or encrypt all the information on your hard drive and demand a ransom to get it back.

The bad actors who want to steal your information are constantly getting better at what they do. It’s no longer sufficient to install anti-virus software on your computer and call it good.

Here are six ways to help protect yourself online:

  • Use one credit card for all online purchases: Credit cards are safer than debit cards for online purchases. The Fair Credit Billing Act protects credit card use, and using one card limits the potential for financial fraud to affect all of your accounts. Even so, check your statements regularly.
  • Don’t use the same login and password for all your accounts. Make sure the passwords you do use contain more than ten characters, with numbers, special characters, and upper and lower case letters.
  • Add a layer of security by requiring another form of identification — in addition to a login and password — to gain access to your accounts. Many companies, like Google for example, allow a “two-step” authentication that involves sending a code to your phone by text in order to login.
  • Don’t trust your email. It’s becoming increasingly difficult to distinguish phishing attempts by hackers from legitimate messages. (Including those sent through social media) If a message contains a link to a web page offering a great deal, do not click the link. Go to the company web page directly. Same rule holds true for attachments.
  • Look for “https” in the internet address (URL) when making an online purchase. The “s” in “https” stands for “secure” and shows that communication with the webpage is encrypted. This helps ensure your information is transmitted safely to the merchant and no one can spy on it. You can also look for the lock symbol (sometimes it’s green) in the internet address bar.
  • Do not use public computers or public wireless internet access for your online shopping. Public computers and wireless networks can contain viruses and other malware that steal your information, which can lead to identity theft and financial fraud.

For more information, here are some additional resources:

Secure your network

The digital keys to your life likely reside inside a single device in your home — the ubiquitous wireless router.

When unsecured, wireless routers can let hackers access any device connected to your home network, including TVs, smartphones and computers. The bad guys can also take control of your devices to launch attacks on other networks, and even assume your identity based on information taken from your system.

This is a growing problem. The vast majority of U.S. households now have wireless internet access. All too often, internet users do a poor job of protecting their home networks. A common mistake is to rely on default logins and passwords issued by the router manufacturer, or use an easily guessed combination such as “admin/password.”

In addition, many people also stick with the default broadcast SSID used by the router — what you see when you sign into your wireless account — which often identifies the make and model. That’s an immediate tip off to hackers that the person who installed the network may not have taken the time to change anything else.

You may want to consider taking the following steps to help protect your network from bad actors:

  • As soon as you set up your wireless network, immediately change the SSID, or name of the network. Leaving the default name lets hackers know what kind of system you’re using. They likely also know the default login and password for the system as well, because that information is widely available.
  • Given that, you should also change the default login and password. Use a strong password that’s at least 12 characters long.
  • Turn on the highest level of encryption for your router. 
  • Create a guest network for visitors to your home that uses a separate password.
  • Make sure to update the router firmware regularly. The updates will fix known security vulnerabilities that could allow hackers to access your network.
  • Regularly check to make sure you recognize all devices connected to your network, and block any you don’t recognize.

Device disposal tips

Before you toss your old cellphone, computer or gaming console in the garbage, consider all the sensitive information you may have stored on the device over the years that hackers would love to have – including financial information, passwords and social media accounts.

Simply deleting files or erasing storage devices isn’t enough. When you delete files, although the files may appear to have been removed — data remains on the media even after a delete or format command is executed. Bad actors with even limited technical ability can easily recover the information.

Here are some methods recommended by US-CERT for cleaning devices before you get rid of them:

Computers: Use “Secure erase,” which is a set of commands in the firmware of most computer hard drives. If you select a program that runs the secure erase command set, it will erase the data by overwriting all areas of the hard drive. Alternately you can use a “Disk wiping” utility that erases sensitive information on hard drives and securely wipes flash drives and secure digital cards.

Smart Phones/Tablets: Ensure that all data is removed from your device by performing a “hard reset.” This will return the device to its original factory settings. Each device has a different hard reset procedure, but most smartphones and tablets can be reset through their settings. In addition, physically remove the memory card and the subscriber identity module (SIM) card, if your device has one.

Digital cameras, media players, and gaming consoles: Perform a standard factory reset (i.e., a hard reset) and physically remove the hard drive or memory card.

Office equipment (e.g., copiers, printers, fax machines, multifunction devices): Remove any memory cards from the equipment. Perform a full manufacture reset to restore the equipment to its factory default.

Destroying: Physical destruction of a device is the ultimate way to prevent others from retrieving your information. Specialized services are available that will disintegrate, burn, melt, or pulverize your computer drive and other devices. These sanitization methods are designed to completely destroy the media and are typically carried out at an outsourced metal destruction or licensed incineration facility. If you choose not to use a service, you can destroy your hard drive by driving nails or drilling holes into the device yourself. The remaining physical pieces of the drive must be small enough (at least 1/125 inches) that your information cannot be reconstructed from them. 

Tabletop exercises

Training is a critical step in being prepared to respond to real cybersecurity incidents. A quick and easy way to help prepare your team is to hold short 15 minute table top exercises every month. Here are a few of the important questions you may want to ask while holding a tabletop exercise:

  • Do you have a Cybersecurity Incident Response Plan?
  • Do you have compliance requirements you must adhere to? (PCI-DSS, HIPPA, FISMA, IRS, or Sarbanes-Oxley)
  • Who should you notify internally in your organization? External to your organization?
  • Do you have a backup point-of-contact for key roles in your organization? (For example, who do you contact if the manager who handles cybersecurity issues is out sick or out of town on vacation?)
  • What are the resources available to your team?
  • Who do you contact to get more resources? (For example: consultation, equipment, or additional cybersecurity professionals.)

 

Here are some tabletop exercises you can use: