The various applications, devices and networks in use across the world have now become so intertwined that it’s hard to keep them separate. The cloud allows users to access data and information from any device with a Wi-Fi connection, and IT consumerization encourages those same users to download new applications and storage solutions to use and share across a wide variety of devices. The increased use of technology has opened users to advanced cyber-risks; the crossover and sharing of devices, information and networks compounds these risks.
The Q4 2017 Fortinet Threat Landscape Report detected an average of 274 attacks per surveyed firm, which is a significant increase of 82 percent over the previous quarter. The number of malware families also increased by 25 percent (to 3,317) and unique variants grew 19 percent (to 17,671). This indicates not only a dramatic growth in volume but also in the evolution of malware itself. Organizations must safeguard their networks and data from this onslaught of attacks coming from both corporate and employee devices.
Cyber-Risks with Increased Connections
As connected devices and applications become more ubiquitous, the impact of poor security practices can have further-reaching consequences than ever before. For example, connecting a device to an infected home network and then taking that same device to work can set off a chain reaction of infection that could potentially lead to a breach of company and consumer data. The reality of this sort of threat is especially relevant today, as 1 in 5 American homes contain 10 or more connected devices, while higher numbers of employees are electing to work remotely more often and for longer periods of time. Compromised personal devices are now frequently used by cybercriminals to not only steal personal data but also create botnets, carry out DDoS attacks, deliver ransomware and spread malware—all of which can have devastating effects on an organization.
As the world becomes more connected, strong cybersecurity practices at home and at work are more important than ever. As employers and individuals navigate this landscape, here are several cyberhygiene guidelines to keep in mind.
Perform Due Diligence
If you are considering purchasing or downloading a new device or application, check to be sure they don’t also carry new security risks. This means doing research to ensure there are no known vulnerabilities for the device or, if there are, that they have been fully patched. Additionally, it’s important to know that a device or application will continue to be supported by the manufacturer, and that you can count on them to release regular updates and patches.
Inventory Your Solutions and Devices
Once you have performed due diligence, determined the product is not at risk and installed it, it is important to then add it to your device inventory. Keeping an inventory of each connected device and application you use regularly, both at home and for work, allows you to run a regular check on each one to ensure they are being updated. Regular checkups help ensure there have been no recent security incidents related to that product and can also help mitigate risks related to the use of shadow IT. While these sorts of checkups on your digital inventory may require some time, they are an important part of ensuring that one at-risk device doesn’t end up compromising your entire network or those that you connect to. Additionally, maintaining this inventory will ensure that if you no longer have a need for a certain application, you remember to remove your data and delete it, thereby avoiding it becoming a risk down the line.
Employ Security Controls
When connecting to or storing sensitive data on personal devices or within applications, it is important that security tools are also engaged to deter cybercriminals. For home networks, this often means using a firewall and encryption. The firewall ensures that malicious traffic from compromised devices, applications or websites that try to enter the network are stopped. Additionally, users should be sure that any sensitive data or communications are encrypted. Connecting to public Wi-Fi is another common consumer practice that poses substantial risk to network security. Generally, you should not connect to public Wi-Fi, as it is often easily hacked. Also, be sure to segment work and personal devices, and always use a VPN (virtual private network) tunnel when connecting a personal device to a corporate network.
Use Strong Passwords
Reusing passwords across multiple accounts makes you susceptible to account takeover or credential stuffing attacks. This is because if your information is compromised on one site, it is potentially compromised on any others that use the same password. For that reason, you should never use the same credentials twice, especially on accounts that store sensitive information. Additionally, enabling two-factor authentication is a good way to ensure that only you can access your information. This functionality should be enabled across all devices and email accounts.
Cybercriminals will often try to scam their way into networks using phishing attacks or malicious emails posing as legitimate communications. To ensure security, never click on an unfamiliar link or attachment. Additionally, be sure to double-check that emails requesting sensitive information are actually coming from the person they claim. Often, scammers will use almost the same email address as a well-known institution or authority figure with a slight misspelling or grammatical error that allows unsuspecting users to connect to or download malicious content.
As cyberattacks become more sophisticated, consumers and employers have to be more aware of where they connect and where they store data. This is especially true as devices and accounts become more interconnected, resulting in sensitive data being kept in more places. Heading into 2018, following the above cyberhygiene guidelines will help mitigate these cyber-risks.