In today's hybrid work environment, users are more susceptible to phishing and social engineering attacks.
Cybercriminals know this and are constantly changing tactics to exploit new vulnerabilities.
While cybersecurity may seem like a complex subject, ultimately, it's really all about people.
With that said, here are my eight all-around security tips to keep in mind:
Share as little data as possible online. Every time you share data, whether it be your SSN on a credit application or a picture you took on vacation, it becomes public or has the potential to become public.
Use up-to-date software. Modern software, like browsers and email clients, has built-in protections that weren't available a few years ago. Let's take browsers, for instance: The top browsers, Chrome and Firefox, have internal protections that warn you or outright prevent you from visiting sites that don't meet minimum security standards or are malicious.
Follow your instincts. My grandfather said to me once, "If it seems too good to be true, it probably is." Most have heard that advice, but when finding out you're a prince and are set to inherit $40 million, your gut should tell you it's a scam. Call it what you like, instinct, intuition, experience, street smarts, or whatever; it's there for a reason and tends to point us in the right direction.
Avoid clicking links in spam or phishing emails. I get it; this one goes without saying, but spotting malicious emails has become very difficult in recent years. The bad guys are getting better at it. One click can be all an attacker needs to compromise your machine and your network. Stay up on the latest trends and question every email. See this article for more information on spam and phishing.
Don't share your passwords. So many of us share our passwords without thinking about the consequences. "My Google ID has all of my streaming movies, so there's no harm in giving that to my kids and in-laws, right?" It would grant them access to your Google accounts, including Gmail, which should be a red flag. In addition, if any of those people fall prey to a bad actor, your accounts are now fair game. With access to your email, the sky is the limit on how many services they can access. Where do those password reset emails go anyway?
Use a password manager. Password Managers like LastPass or 1Password take the complexity out of...well...password management. They will auto-generate strong and random passwords and auto-fill your credentials into sites and services you use regularly. They will even check for password reuse across those services. Password Managers have gotten so good that I typically don't have to know or remember my passwords.
Don't talk to strange Wi-Fi networks. Everywhere we go these days, there's free Wi-Fi. Free for us is also accessible for bad guys. Is there someone spying on your traffic while you sip on a latte at your favorite coffee shop or while you check your bank balance from your hotel? You never know. Your data can't be stolen off the network if it's not on the network. I stick with a cellular hotspot or simply leave my laptop in my bag.
Beware of spam calls. Nowadays, we practically live on cell phones, so it's no surprise that the bad guys are targeting us through them. Whether it's a call about your car's extended warranty, credit card activity, felony warrants, or canceling your SSN (my favorite), it's quite possibly a scam.
So, to sum it up, build security into your culture and stay safe online, folks.
Who is Greg Gammino? Our resident security expert, Greg Gammino, is ELM's Director of Cybersecurity & Data Protection Officer. Greg has more than 20 years of IT Engineering and Information Security experience. Prior to joining ELM, Greg led security operations across several industries including Healthcare, Fulfillment, and Logistics, IT Consulting, and Higher