When we talk to our clients about protecting their data, we refer to the many layers of security. In your home you protect yourself in layers – an alarm system, video cameras, a scary dog, a fence, locks on your doors and windows, and more. If one layer doesn’t do the trick because Sally forgot to turn the alarm system on after returning home late from work, it’s possible Lassie will be able to warn you if an intruder breaks in to your home. Right?
The Many Layers of IT Security
Layers of physical security, in regards to your home, business, and/or belongings, is much more straightforward. When you think of the many layers of security for protecting your information, data, and IT infrastructure sometimes it is less clear. Here are some ways you may already be protecting yourself:
Don’t Click on Any Phish-y Emails
Have you received an email from someone that just didn’t feel right? Something in the tone or context didn’t quite sound like the person or vendor who sent it to you. Go with your gut feeling. And even more so, just take an extra second to read the complete email address and hover over any links to see if there is some trickery at work. If you are doubting the validity of the link or attachment, don’t do it. Cyber criminals are very smart and have access to a lot of personal information that can help them craft a very impressive impersonation email from a colleague, family member or friend. Give them a call or send them an email with the email that you know is correct and ask them if they sent you this email.
Criminals are recreating emails from vendors you currently work with, such as Facebook, Apple, Bank of America, Verizon, Dropbox, etc. These are all examples I have seen first hand, there are many, many more. The safest way to avoid clicking on a bad link, is to visit the website directly. If you have an account with these vendors, any notifications will be available in your own personal, protected account.
Ignoring Emails, Phone Calls, Pop Up Notifications from Unknown Senders
It goes beyond just emails, cyber criminals are trying to out smart you by phone and pop up notifications on your computer. Some of these criminals are pretending to be security vendors or IT service companies who are trying to scare you into giving them your credit card information. As a consumer, you always have the right to say “I’m not sure I’m ready to do so. Can I have your name, company, and phone number so I can give you a call back later?”
Avoid Using Public Wi-Fi Networks
When you use public internet at say Starbucks, the library, most restaurants and shopping malls you become extremely vulnerable in who has access to your information. With malware such as WannaCry, another user on the shared public wifi can spread a virus without you even knowing it until it’s too late. You are better off using your own wireless data plan from your mobile device. This is a private network and prohibits others on the public Wi-Fi to access your data and your information.
Increased Password Management
Documents with passwords, sticky notes on monitors, and using a single password for all of your online portals are examples of what NOT to do. Here are some things you CAN and SHOULD do to lower the chances of being hacked:
- Two-factor Authentication
Many portals these days allow for two-factor authentication, or another way of thinking about it is double the protection. The first is a password that you create and reuse. The second part is something that is constantly changing. For example, when I log in to my bank account I use a normal password. It will also send me a text with a 6 digit code that is only good for 5 minutes. I must know both of these in order to log in to my account. The likelihood of a criminal having both my password and my cell phone are slim.
- Routinely Updating Password
This is so important. Yes, it is very inconvenient but you must determine your own Security vs. Convenience ratio. If you think it will be hard to remember your routinely updated password, then you can …
- Store Passwords in a Password Manager
There are many out there that we recommend to our clients, such as Last Pass and another one we have heard about is Password Plus. Now you just need to remember your very important password for this management tool. Lol.
Set Up Alerts for Large Credit Card or Bank Transactions
Most of the large banking and credit card companies offer security protection plans. These include sending you notifications if certain transactions are over a certain dollar amount, or if any transaction is made without a physical card in hand (i.e. online purchases, dialing in CC numbers over the phone, etc.). Most bank institutions will also alert you if there are transactions made that seem out of character – i.e. out of the country, in the middle of the night according to your time zone, or multiple transactions in different states within a short period of time. Below are some other ways you can monitor the health and safety of your financial accounts.
- Monitor your credit activity by requesting an annual credit report. Equifax offers a report annually to consumers.
- Be sure to track and monitor mail flow. Make note of when to expect your monthly statements or bills. Once criminals gain access to your accounts, they can change your address and re-route bills via post office or email.
- If taking extra measures is something you just don’t have time for, you may consider Identity Protection services. There are several different companies that can do this for you, such as LifeLock, IDShield, IdentityForce, or TrueIdentity.
Use a Separate Device for Financial Transactions
If you conduct a lot of business online, specifically with financial transactions you may want to consider having two separate computers or devices. Most viruses and malware transport via email or the internet. If you had one computer for checking email and browsing the web, and a separate device for logging into your financial institutions, you are adding an extra layer of security between criminals gaining access to your transactional information. Many of our wealth advisor customers recommend this to their clients for added protection against hacking.
Most computers purchased by consumers come with a basic firewall. If you are using this computer for your business, you must have something stronger to combat against malware. We require our clients have a Unified Threat Management system firewall, or UTM. Here are the many benefits of having a UTM Firewall.
Antivirus and Malware Protection
Antivirus and malware tools are a critical layer in protecting individual computers and servers. These products are not foolproof, as the creators can only protect against known virus or malware threats. However, it’s relatively easy to keep your systems up to date with this layer of protection.
Automatically Schedule Operating System Updates
Let the recent WannaCry ransomware attack be a reminder of the importance of updating your Operating System regularly. Although it may never be the most convenient time to reboot, it’s always inconvenient when a criminal gains access to your information and refuses to give it back. You can schedule automatic software updates and patches for Windows and most other Operating Systems. Schedule them for times you are not on your computer – weekends or in the middle of the night.
Disabling USB Ports
In some instances, we encourage our clients to disable their USB ports on their computers. It may seem like an extreme measure but it’s very simple for someone, unbeknownst to them, to have a virus or piece of malware from transferring files from device-to-device. All it takes is for you to plug in that infected USB and viruses and malware can immediately start to download and that’s it, say “so long, farewell to your data.”
Backup Your Data and Test Its Effectiveness Regularly
Not only is it important to backup your data, but what good is the backup tape if you don’t know if it is working? Make sure you test your backups at least quarterly. Here is some information on what type of backup is best for you and your business.
These are just some of the layers that are available to you to protect your information. It is certainly unrealistic to think that you must take all of these measures. You are the only one who can determine the value you place on your data and what layers you feel comfortable with.
Protecting Your Information is a Practice
Today, we can only prevent what we know about. Cyber criminals are dedicated to finding other, new ways to gain access to your information. That is why what works today, might not work in 1, 3, 6 months from now. You must make security part of your IT routine.