MY TAKE: 3 privacy and security habits each individual has a responsibility to embrace

Would you back out of a driveway without first buckling up, checking the rear view mirror and glancing behind to double check that the way is clear?

Consider that most of us spend more time navigating the Internet on our laptops and smartphones than we do behind the wheel of a car. Yet it’s my experience that most people don’t fully appreciate the profound risks they face online and all too many still do not practice simple behaviors that can dramatically reduce their chances of being victimized by malicious parties.

Related: Long run damage of 35-day government shutdown

Why we’re in the ‘Golden Age’ of cyber espionageThe fact is cyber criminals are expert at refining and carrying out phishing, malvertising and other tried-and-true ruses that gain them access to a targeted victim’s Internet-connected computing device. And the malware that subsequently gets installed continues to get more stealthy and capable with each advancing iteration.

This has become an engrained pattern in our modern digital world. A vivid illustration comes from Palo Alto Networks’ Unit 42 forensics team. Researchers recently flushed out a new variety of the Xbash family of malware tuned to seek out administrators’ rights and take control of Linux servers. This variant of Xbash is equipped to quietly uninstall any one of five popular types of cloud security protection and monitoring products used on such servers.

Targeting one device

The end game for this particular hacking ring is to install crypto currency mining routines on compromised Linux servers. But the larger point is that Xbash is just one of dozens of malware families circulating far and wide across the Internet. Xbash gets rolling by infecting one device, which then serves as the launch pad for deeper hacking forays limited only by the attacker’s initiative.

To be sure, it’s not as if the good guys aren’t also innovating. Worldwide spending on information security products and services rose to $114 billion in 2018, up from $102 billion in 2017, an increase of 12.4 percent, according to tech consultancy Gartner. Through the course of this year, Gartner forecasts that the infosec market will climb 9 percent  to $124 billion.

Yet, technology alone isn’t all that’s required. There is a distinct burden for each person using Internet services to help dampen cyber threats that are as diverse as they are dynamic. This includes consumers, employees, company owners, managers, senior executives and board members. Each of us have a responsibility to embrace best privacy and security practices. Here are three fundaments to get you, and others over whom you have influence, on the right path:

Use antivirus

Antivirus software, also known as antimalware, has come a long, long way since it was born in the late 1980’s to combat then nascent computer viruses during a time when a minority of families had a home computer. With each major advance of digital commerce – from the rise of e-tailing to cloud and mobile computing and now onto the Internet of Things – the cyber threats have morphed and the leading antivirus vendors have adjusted.

Traditional signature-based detection generally remains a core component of modern AV suites. But over the years the leading vendors have added behavioral and heuristic detection, sandbox isolation of suspicious code and real-time scanning for, and removal of, recent infections.

There is no good reason to get online without this fundamental level of device protection; it needs to be enabled and updated on PCs, laptops and smartphones. Selecting the AV suite that best fits your needs does take a modicum of research. But helpful reviews are plentiful, and the level of research required should take you no more than a couple of hours. The piece of mind, and actual protection you get, is worth it.

Use a password manager

It’s clear that we will continue to be reliant on usernames and passwords to access online services for some time to come. This means using strong passwords — and changing them frequently — will remain a vital best security practice.

The good news is that there is robust tool using – called a password manager – that significantly reduces your exposure to criminal specialists who poses a tangible threat to every Internet user:  credential stuffers.

Credential stuffing campaigns have become part of the fabric of the Internet. The perpetrators deploy botnets to automate the injection of surreptitiously obtained usernames and password pairs until they gain fraudulent access to a targeted account. And once they do, they swiftly try to gain access to accounts on other popular services.

Reddit earlier this month acknowledged that credential stuffers locked down a “large group of accounts.” The social news aggregation site informed the victims that would need to reset their passwords to regain access, and, notably, advised them to choose strong, unique passwords.

An all too common practice is for people to fall back on a few easy to remember passwords and use them everywhere they go online. This is one of the big reason credential stuffers thrive..

A good password manager ensures all of the passwords you rely on are strong and unique, and makes it easy and very secure for you to use them and even share them.

Passwords have advanced quite a bit in ease-of-use and functionality in the past couple of years and there are literally dozens of them to choose from. Everyone should be using one. Again, you’ll have to do some research to find the tool you prefer.

Secure your phone

Nearly 80 percent of Americans use smartphones, those fist-sized, powerful computing devices the dictate social and work lives. Yet, I’d argue that the majority of smartphone user do not fully appreciated the level of access to personal accounts, contacts, email and work systems enabled by our phones.

However, those with malicious intent certainly do. Cyber criminals are increasingly targeting the valuable personal information and account access stored on your phone. And let’s not forget human thieves, those who target your device for pilfering, or who find one you left on the seat of your mass transit or shared ride.

So lock your phone. At the very least, use a 4-digit PIN. This will keep thieves from easily accessing your contacts and apps. And patronize only the official app store. Google and Apple have invested a lot into securing their respective app stores. Apps from other sources can carry malware or spyware.

Finally, never forget that your phone’s connection can be accessed by parties that don’t have your best interest in mind. So shut off Bluetooth and Wi-Fi when you’re not using them. And be on the look out for email and text messages that appear to be a phishing ruse.

Yes, adopting better security habits requires giving up some convenience. But that’s the world we live in. For now, it’s a personal responsibility each person ought to take.


(Editor’s note: Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.)

*** This is a Security Bloggers Network syndicated blog from The Last Watchdog authored by bacohido. Read the original post at: