Maybe you’ll want to check email on your phone using the hotel’s public WiFi, or your kids will want to play an online game. However, any kind of travel can leave you open to cybersecurity threats. It’s time to get cyber-safe and reevaluate your cyber security hygiene.
The harsh truth is, if you haven’t taken the time to secure your connected devices, you are part of the cyber security problem.
Security fatigue is leaving us vulnerable to more and more attacks. In the past year, we’ve seen malware like WannaCry spread via software vulnerabilities that cybercriminals know that organisations and individuals are either unaware of, or haven’t bothered to patch.
In fact, the Mirai botnet used around 100,000 unsecured devices, such as security cameras, to overwhelm service provider, Dyn. The result of this was an outage which took a significant number of websites, at home and abroad, offline.
The best way to understand it is to think of cyber attacks as a medical virus or bacteria. Before we understood what caused infection, personal hygiene was largely responsible for the spread of harmful disease.
A surgeon may not have washed his hands before operating 100 years ago, as medical science had yet to discover the role of microscopic organisms in illness. Once this had been discovered, basic hygiene became standard practice.
It’s a similar problem in cybersecurity, in a nutshell, WannaCry and Mirai were made possible because people simply weren’t washing their hands.
Currently, there are no legal requirements in place to ensure that the connected devices you buy are cyber-safe and protected from cybercriminals.
This places the responsibility on the customers themselves to protect their own devices. However, this shouldn’t be daunting.
There are four steps you can take to ensure that you are a responsible net citizen, keeping your data and devices secure.
(1) Practice good WiFi hygiene
Connecting to public WiFi is one of the biggest culprits when it comes to risky security behaviours.
Your online communications can be intercepted in several ways. A man in the middle attack is one of the most common. This is when someone in a public location, for instance a coffee shop, broadcasts their device as “Free Coffeeshop WiFi.”
When the victim connects to the internet through the criminal’s device, they can capture all the traffic moving between the victim and their online shopping site. The criminal then has access to the victim’s payment details, address, login credentials and so on.
To avoid interception of your sensitive data, you must always use a secure and trusted virtual private network (VPN) provider on any open WiFi network. If you need to be online frequently, there are many low or no cost services which can ensure your connection stays protected.
The best thing you can do is makes sure you are not connecting to any free WiFi networks which are not known to you – for instance at a café in a city you are visiting. Alternatively, you can use a mobile hotspot from an internet service provider and most smart phones can also be used as a hotspot.
Another best cyber-safe practice is to make sure that your connection is secure or encrypted any time you are online in a public location or are making a financial or private transaction.
Look at the URL bar of your browser and make sure that the address starts with https:// rather than http://, which means that the transactions are protected using SSL encryption.
Having SSL enabled is important, but encryption only works on secure communications while in transit.
So, if you are connected to a rogue WiFi access point, your data may still be exposed. If you do decide to connect to a free WiFi network, make sure it is one known to you to stay cyber-safe.
Be sure to disable the automatic WiFi connection function on your device. Otherwise, if you connect to a malicious access point, your device may auto-connect to it again in the future.
(2) Create stronger passwords
The easiest way for your accounts to be hacked is by using the same password across accounts. As we live more or our lives online, it can be overwhelming to remember multiple unique and strong passwords, but there’s an easier way to stay cyber-safe.
Password management services such as LastPass will help you manage all your passwords and all you need to do is remember one master password. This cyber-safe technology will also automatically generate strong, random passwords for each application you use and store them in an encrypted format.
(3) Use two-factor authentication
We’re now seeing almost all the most popular applications offering two or more factor authentications. Essentially this means the application will text you, or use some the method to verify it’s you when logging in.
A cybercriminal would need access to both your phone and your password to get in. Embrace this, where it’s offered use it, it may seem like an inconvenient extra step, but it’s nothing compared to the repercussions of ransomware or identity theft.
This will keep you, your online accounts and your personal data safer. Start thinking of security as a cyber-safe feature rather than a nuisance.
(4) Find the viruses and malware
Make sure you install antivirus and anti-malware software and keep it updated and running regularly. It’s important to do some research first though, as there are actually products pretending to be security tools that are disguised malware.
As no software can be 100 per cent effective, it’s good practice to set up a regular scan once a month with a second or third security solution, which will scan your device or network.
In fact, many solutions provide a free online version or allow you to run a free demo for a trial period. Most anti-malware software comes with a firewall, so make sure you enable this added protection.
Plan ahead, stay sharp
Don’t let poor security hygiene ruin your cyber-safe summer. You are in charge of your own cyber security, so stay sharp and be sure to protect yourself.
Make sure you take the necessary steps ahead of your holiday and stay diligent throughout the trip. Using common sense and good hygiene will give you the cyber-safe edge over cyber criminals.
Mark Weir is regional director UK&I at Fortinet