The modern cyber world has significantly improved our lives. It has allowed us to create, share, and communicate in ways we never could before. But it goes without saying that it can also be dangerous. Hackers lie in wait to steal precious personal data and whole companies are vulnerable to large-scale attacks.
Poor understanding of cyber security can make you an easy target. Hackers may steal your data, shut down your computer, or even hold your systems for ransom. The best way to stay safe is to get educated, practice good security habits, and stay alert. Here are some common cyber security mistakes you might be making and how to fix them.
You Have Poor WiFI Setup.
Create a unique SSID.
An SSID (service set identifier) is the name you give your WIFI network in order to identify it. Many people plug in their shiny new router and leave the network name as is, say, “Lynksys_05cSD.” While it may be convenient to just keep the name, it’s not very secure. The default network SSID contains more information than you want out there for anyone to see. For example, a hacker can simply look up the router—Linksys in this case—and see what other default settings it has, like the admin password or WiFi password. And knowing your exact device type lets hackers know which specific attacks work best against it.
Change your SSID to something you can remember without containing anything personal.
Use a secure WIFI password.
This one should be obvious. Unless you want any random person connecting to your WiFi (a very bad idea), you’re going to have to add a password. Be sure to change this to something secure. Most routers have a password generator that will give you a random sequence of numbers and letters you can use. Stay tuned for more about how to create secure passwords you’ll actually remember.
Choose an advanced encryption type.
When you’re creating your password, you should see options for encryption type. Choose WPA 2 AES. This is the most secure encryption you can get.
Note: If you choose WEP encryption you might as well have chosen no encryption. WEP encryption is so outdated that it can be breached almost instantly. And regular WPA is the older version of WPA 2 leftover to support older devices. This is like TKIP; it exists in case you need to use some legacy hardware.
Change the default admin login.
The admin login is the credential needed to access the router’s setup interface. Usually, the default username is “admin” and the default password is “password.” You want to change these to something secure, as anyone who connects to your networks can access this. You don’t want people changing your WiFi password or other settings without your knowledge.
Secure your guest account access.
Guest accounts are used for people who are visiting a location for a short time. Guest access allows visitors to use an alternate login and password for the main account. Either disable guest access or make sure this is as secure as the main network access.
Update firmware.
Having the latest updates will increase effectiveness, decrease bugs, and improve security. Most routers allow you to update firmware in their setup page. Usually, you can go to advanced settings and select “update firmware.” If it isn’t running already, install the newest version.
You Use Weak Passwords.
Creating secure passwords seems basic, but it’s critical. In fact, passwords might just be the most fundamental part of cybersecurity.
Despite how often we use passwords, most people are very bad at creating them. This is probably because a good, memorable password seems like something of an oxymoron. Too many people err on the side of convenience, and resort to using their birthday and a pet’s name, for example. That is not a good password!
A password should be something only you know that’s nearly impossible to guess and difficult for a computer to crack. Many hackers are frighteningly good at simply guessing passwords. What’s more, there are a lot of “password cracker” computer programs out there designed to try endless combinations of letters and numbers until they gain access.
For this reason, most modern passwords are required to have capital letters, special characters, and numbers. The more variation and possibilities a password has, the longer it would take a “cracker” to crack.
Imagine a lock with a 3-digit combination. If you tried every combination starting with 111, 112, 113, and so on, eventually you’d open the lock. A computer doing this can obviously do this type of thing much faster than a human, so you get the idea. Plus, computers use advanced password guessing algorithms that will test more commonly used words and phrases first rather than starting one character at a time. Follow my foolproof steps below to create strong, easy-to-remember passwords.
How to create a secure password:
1. Choose three or four words that aren’t commonly used together but still have some meaning to you.
“Red, white, and blue” is not what I mean here. You want something more along the lines of “carrot, phone, shovel, man.” Considering the fact that these words are unlikely to have been used together, it’s also unlikely a nefarious program will try it. It helps, too, if the words somehow mean something to you, while still remaining unrelated enough to be guess-proof.
For example, one of my old passwords used the words “shrimp,” “escape,” and “scare” because of an experience I had involving an escaped shrimp and a scared friend. The story makes this combination of words easy for me to remember and hard for a computer to guess.
2. Add some numbers.
If you can remember a random string of numbers, then go ahead and use those. If you can’t, find some number sequence you can remember—but that doesn’t relate to your personal information. Instead of using your birthday, use the birthday of your favorite musician, for example. This way if you can at least remember where the numbers came from, you can do a quick search and get them again.
3. Add a few special characters.
This part is tricky because most people like to replace letters with alternatives and think it’s a clever security trick that’s also easy to memorize. However, password crackers are smart and can often read between the lines when it comes to letter swapping.
For example, “@fterm4th” isn’t great because “aftermath” is a very common word and replacing a’s with “@” and “4” is something most programs would try. Your best bet is either to add them sporadically (hard to memorize) or just do what I do and use emoticons. They’re easy to remember and fun to use. Check out this wizard made of special characters: (∩ ͡° ͜ʖ ͡°)⊃━☆
4. Put them all together and you’re done.
Now you have some mismatched words that have meaning to you, a random string of numbers ingrained into your psyche, and a weird emoticon face made of special characters. Go ahead and slap them together in whatever fashion you like, and you have yourself one heck of a password.
Really though, if your password is “791TelevisonPaperStatusFish(>‘_’)>” who’s going to guess that? This password-testing site says it would take 21 NOVEMVIGINTILLION YEARS to crack this. All while being fairly easy to remember.
You Fall for Email Scams.
Email scams are often overlooked and misunderstood. Many people don’t understand the risks they’re taking when they click thoughtlessly thorough emails, open every one they get, and download files from people they don’t know. Let me break down every negative thing that can happen just through your email account.
1. Spam is even worse than you think.
Everyone loves spam!
Free iPhone 10 from IPHONEGIVAWAY@hotmail.com.
Hey {name error} this is Betty! I wanna talk… from CHATboti8439@scammer.net.
They’re just so amusing! Really though, no one wants these obviously meaningless emails appearing all over their inbox, making it harder to see what is actually important. But why do we get these emails and how do you make them stop?
The first thing you should know is that if you’re getting a lot of spam, that probably means you’ve opened a lot of spam. Hasn’t anyone ever told you not to open emails from people you don’t know? This may be part of the reason. When you open a spam email, you run the risk of auto-downloading content from that email. When this happens, the scammer that sends these emails gets notified that you’ve opened the email. Now that they know you are a person who opens spam, they will put you on a list of “easy targets” and send even more spam to you.
Stop opening random emails. Don’t open anything from someone you don’t know. Be sure to check the sender’s address, too. It may say it’s from Bank of America, for example, but the sender address might say “support@bankofamerca.com.” The missing “i” from America, is a dead giveaway that it’s from a scammer.
2. Watch out for phishing.
This one is as clever as it is dangerous. It involves creating fake login pages that are incredibly close to being identical to the real ones. It happens like this: You get an email from Amazon saying, “Your Order#34251-4 could not be complete.” You buy stuff from Amazon all the time, so when you see this you don’t think twice about it. You just open it and see that it says some vague stuff about an order and that you should sign in to see more info.
You click the “Sign In” hyperlink and it brings you to what looks like the Amazon sign-in page. But when you put your information in and hit “enter,” you don’t see anything about orders not going through.
At this point, you’ve already been had. The scammers now have your login and password and can use it for all their nefarious purposes. So, what really happened?
Of course, the email about the order was fake. If you had taken a closer look, you may have noticed problems with the sender address (something like “AMZN@on.com” designed to fool you) and spelling or grammatical errors in the text of the message. In addition, the hyperlink you clicked on sent you first to a site that collects your data, then redirected you to the real Amazon login page. Sneaky.
Even if the url had looked legitimate, like “http://www.amazon.com/orders/signin.php,” the actual site that it links to could be a completely different address. Check out this link: google.com. Even though it says “Google,” the link takes you to Yahoo. See how deceiving looks can be?
In the above Amazon order example, the link was fake. The page it took you to was designed by some hacker to resemble the Amazon login page. Once you enter your credentials and click enter, the site stores your data and then redirects you to the real amazon login page. To you, it just looks like the page glitched or you entered a wrong password or something. Now that you’re at the real site, you log in and it works. Your brain thinks all is well even though you’ve just willingly given up your account info.
See what I mean by clever? Be cautious when opening emails, and especially when clicking on links inside them.
3. Avoid accidentally downloading malware.
I’m sure you’ve heard that downloading files from strange websites on the internet can give your computer viruses. If you haven’t, well, I feel bad for your computer. Anyway, you should also know never to download attachments from emails you can’t be certain are from a reputable sender.
These attachments could contain malware, spyware, viruses, and other things that you don’t want on your computer. Learn the signs of malicious emails, as some can be quite brilliantly disguised. Don’t think hackers don’t know who you are and create targeted emails just for you.
I’ve seen people who had their company phones linked to their email so that they would be sent emails with voicemail audio files as attachments. They would get scam emails that look like voicemail emails that had attached file names similar to the real ones. These attachments would even play a sound clip of a voice saying, “Hello Hello” before sending them to a phishing site.
The point is that you can never be too careful. Never underestimate the extent criminals will go to in order to get their hands on your personal data.
You Use Personal Devices for Work (BYOD).
BYOD, or Bring Your Own Device, is a fairly new concept. It basically means what its name implies: using your own device (your personal phone or computer) as your work device. This means companies allow employees to connect to company networks, access restricted files, use company applications, and gain other privileged access.
This a pretty widespread phenomenon as most people have smartphones and powerful computers and companies are glad to not have to purchase expensive equipment for every employee. Plus, most employees just feel more comfortable using what’s familiar to them so in many ways, it seems like a win-win situation.
But, enough about the positives. Following are the harsh cyber-security realities of BYOD.
1. Data breaches and potential leaks
Anytime a non-employee, or an employee without proper credentials, gains access to company information and views, stores, or sells that information, you have a data breach. Data breaches can be very detrimental. Stolen critical data could end up costing a company a fortune, or even force them to shut down.
If you think I’m exaggerating, consider any company dealing with medical records. Many laws and regulations ensure the confidentiality of this data. If a company’s lack of security ends up causing that data to be exposed, the company will be at fault.
Or perhaps information gets leaked involving a company’s upcoming event. A competitor could use this information against them.
Data gets leaked most often through stolen devices. People steal phones and laptops all the time and sometimes these people know the value of data. Stolen data can be sold on the dark web for a high price. How do you prevent this? Well, besides keeping your phone glued to your person, companies can introduce Mobile Device Management (MDM) software that can remotely track, lock, and format a compromised device.
Data can also be leaked simply by letting others use your devices. Make sure you store any important data in a “hard to reach” place so that no one accidentally stumbles upon it. Also, be sure that you know exactly what any temporary users have in mind when allowing them access.
2. Malware
The worst aspect of BYOD may be that it relies on each individual to know—and follow—good cybersecurity practices. Unfortunately, employees who take their devices home usually end up doing all sorts of risky things with them. For example, most people won’t think twice about plugging in their phone to their home computer or transferring files using some flash drive they found lying around, but these and other behaviors can be very risky. Advanced malware can spread the second you connect a device to it, then lie dormant on your phone, flash drive, or laptop until connected to a company device or network. When the malware spreads, your company becomes infected.
You need to be extremely cautious about which networks you connect to and which computers you plug into. If your home computer runs slow and constantly has browser windows popping up saying things like, “Local singles wanna chat! Click here now!” you should think twice about connecting anything to it.
This goes for networks, too. Your home networks should be ok if you took the right steps when you set up its security features. Free McDonald’s WiFi, on the other hand, is a no go. Public WiFi has too much vulnerability and connecting to it could easily infect your phone.
You Trust Public WiFi.
Sure, public WiFi is convenient. Data plans are expensive, and everyone knows “unlimited 4G” doesn’t really mean unlimited 4G. Switching to WiFi networks when available seems like a great way to avoid using up your precious data. But as helpful as it seems, accessing public WiFi comes with some significant security risks.
1. Rogue WIFI networks are trouble.
A rogue WIFI network is one that someone other than the establishment providing the WiFi is hosting, in order to trick users into signing into it. Say you’re at Subway. You see some available networks. One is called “SUBWAY FREE WIFI” and another is called “SUBWAY OPEN WIFI.” Which one do you connect to?
You’d probably click either one and see if it works, then go about your business, not realizing that “SUBWAY FREE WIFI” is a network being broadcasted by that sketchy character at the back table on his laptop.
While you browse, the hacker collects all your data. Everything thing you visit, everything you login into . . . everything. You’ve given your delicious data up on a silver platter.
If the network is in question, ask the employees which network is the real one. Another thing you can check is for a hotspot login page. Most company’s WiFi networks will require you to open a browser window and agree to their terms and conditions, and sometimes provide an email address. A rogue network is much less likely to have one.
Finally, be sure that the websites you visit contain “https:” in the URL. The “s” at the end means your connection is secure.
2. Packet sniffing is designed to read your data on the way to its destination.
Packet sniffing is pretty much what the name implies. It’s when someone uses software to read the (sniff) data being transmitted between the computers and the network. So, whatever you do on the network could be seen by some malicious hacker.
You can counteract packet sniffing software by using a virtual private network (VPN) to hide your data. A VPN sends the data to a remote server before accessing the internet, so you’re effectively hiding from the websites you’re visiting. It also encrypts the data, making it impossible for a sniffing packet to read because it appears as a bunch of jumbled up text.
3. Malware can be introduced via public WiFi.
Yes, once again, malware. Public WiFi networks can be vessels for malware to spread and infect devices. Hackers discover weaknesses that allow malware to be introduced without the users knowing. One day you may be browsing Facebook at your local Starbucks, and the next day your computer is demanding $2000 worth of bitcoin for the ability to access your data again.
The best thing you can do is keep your devices updated and install a reputable security application. Many of the weaknesses hackers use are quickly patched, but you must allow your devices to update in order for them to work. Anti-malware programs will monitor and scan your devices for malware that exists or that is attempting to gain access.