The 12 Days of Better Personal Cybersecurity
‘Tis the season – to take cybersecurity personally and seriously.
Lots of people – maybe even including you and yours – will give and receive connected electronic devices this holiday gift-giving season. From smart speakers to video doorbells to smartphones, tablets, and more, the New Year will see many people engaging with new connected devices, at home and at work.
The problem? Each of these devices represents a possible entry point for acts of online malfeasance. And bad actors are always looking for ways to sneak into otherwise legitimate networks. Once they gain access, they steal private and proprietary information, install rogue software, enslave other connected computers, and even hold companies or even entire cities hostage with ransomware.
Fortunately, there are a few simple, inexpensive steps everyone giving or receiving a connected device can take to make their devices and their lives more secure online. Here’s a step-a-day set of recommendations that I’ll be sharing with my friends, family, and colleagues in honor of the classic song, “The 12 Days of Christmas” (not that you need to spread all these steps out over 12 days!)
Day 1: Shop Carefully
- Buy your connected devices from reputable vendors, in person or online.
- Read reviews. Ask your friends and colleagues.
- Make sure you know what you’re buying, you get what you ordered, and can count on timely, hassle-free returns and refunds.
- Ensure each connected device has a password that can be set and reset by its owner.
Day 2: “Harden” Your Device Security
- If your device supports apps or services, remove any you don’t need.
- If your device supports antivirus and anti-malware tools, turn them on. If it doesn’t come with any, find, acquire, and install some, with help from your device provider wherever possible.
- If your device supports software updates, update all software to its current version. Some updates add new or improved features. Some add enhancements to cybersecurity. Ensure that you and those who receive connected devices as gifts from you know how to acquire and install updates. Add reminders to your calendar of choice. Encourage your gift recipients to do the same.
- Make sure you implement and follow your device provider’s security guidelines. (If your provider does not offer any security guidelines, change your provider.)
- Remind yourself and all of your connected device gift recipients remember to turn off any and all connected devices when they’re not in use. It’s almost impossible to hack or attack a connected device when it’s completely turned off.
Day 3: Create Separate, Strong Passwords for Everything
- Start with every new device. Then, do the same for every device you already have but for which you have not yet created or updated a password.
- Replace weak passwords with strong ones. Strong passwords should, at minimum, be at least eight characters long and include a mix of upper-case, lower-case, numeric, and special characters. Never, ever leave a device with whatever password it comes with, assuming it comes with one.
- Avoid passwords like “passw0rd” and “12345678.” Attackers see such passwords the same way opportunistic thieves see unlocked cars and homes. Yet every year, surveys conducted by numerous cybersecurity market watchers find these to be two of the most widely used passwords in the United States.
- Don’t reuse passwords. A poll published by Google in February found that 52 percent of respondents reuse the same password for multiple accounts. This makes those passwords even more damaging if compromised, as hundreds of millions were in 2019. The 2018 edition of the Verizon Data Breach Incident Report found compromised passwords to be responsible for more than 80 percent of all hacking-related data breaches.
- Make sure you and your gift recipients know how to change all connected device passwords, and do so at least once a year. Christmas, New Year’s Day, or the day you change the batteries in your smoke detectors are all good candidates for easy-to-remember dates for your annual password updates.
Day 4: Manage Your Passwords
Make sure your gift recipients do so as well. At minimum, store them in your favorite contact management app, and back them up. For more flexibility and robust security, consider a password management tool or cloud-based service. A bit of online research or guidance from your favorite provider of technology advice can help you find a solution that works for you.
Day 5: Connect and Power Yourself
Public Wi-Fi networks and charging facilities for connected devices are sometimes irresistibly convenient. However, they can be hacked to infect connected devices with rogue software while connecting or charging those devices.
- Avoid pubic Wi-Fi networks as much as possible.
- If your connected device supports virtual private network (VPN) connectivity, implement and use it wherever public Wi-Fi is the only option. Also use your VPN features whenever dealing with unencrypted web sites or online services.
- Explore “hotspot” options for your smartphone with your chosen carrier, so you can connect your tablet or laptop to the Internet securely wherever you can get cellular service.
Consider getting or giving a portable battery, sometimes called a “portable charger” or “portable power bank.” Some are equipped with multiple ports, to charge more than one device at a time. Some can be charged via a power outlet or connection to a computer. And they all work anywhere – as long as you remember to keep them charged, of course. As you doubtless do with your smartphone, tablet, e-reader, and laptop.
Day 6: Drive Yourself
Almost every connected device provider offers some cloud-based storage service for your photos, other files, or files created by the particular device itself. But not everyone is familiar or comfortable with accessing and managing cloud-based services. And those services can sometimes get costly. A perfectly fine alternative is a high-capacity portable hard drive or other type of storage device. Drives that hold up to 5 terabytes of data are available for prices starting at around US$100 online – and you can access your data even when you can’t go online. (Click here to learn how we keep Huawei Cloud secure.)
Day 7: Trust, but Verify
If you haven’t already, you’re likely going to get emails, phone calls, and/or letters claiming to be from legitimate sources – but they’re not. Never click on a link you don’t recognize. Never return a call that claims to come from US Social Security, the Internal Revenue Service (IRS), or any other agency that never calls people. Never give any personal information or wire money to anyone who claims to be a business partner, boss, or relative without confirming the identity of the sender and legitimacy of the request. When in doubt, just say “No.” Legitimate actors will help you confirm their veracity.
Day 8: Validate Your Vendors
Extend the cautions you exercised while shopping on Day One to all the technology vendors you deal with. Don’t just take what vendors tell you as gospel. Validate their certifications with issuing bodies. Go online to read news releases, blog posts, and information about past security incidents. Encourage your gift recipients to do the same.
Day 9: Know Who To Call
Sometimes, you can’t get online to read the online help or engage a support agent in an online chat. You need to have a phone number and an email address for everyone upon whom you rely to keep your technologies running. This could be a paid support provider, your favorite IT person, or even the relative or colleague who gave you the connected device bedeviling you. But the time to capture the contact coordinates for that person or those people is now, before you have a problem that requires their help.
Day 10: Learn the Basics
You may have a person or some people you can call, but let’s face it: self-sufficiency is gratifying and empowering. It almost always also takes less time than calling and waiting for help. Read the instructions that come with your new connected device. Highlight or capture and store the most critical details, such as how to restart the device if it freezes up. Do the same with those bits of advice you find yourself using or requesting repeatedly. At the very least, know what operating system your smartphone, tablet, and/or computer runs, what browser software you’re using to surf the web, and the names of the apps you use most. (Yes, there are people who use computers every day who don’t know these things. Help. Don’t judge.)
Day 11: Never Stop Learning
Your journey toward greater familiarity and facility with your connected devices doesn’t stop once you learn the basics. Your devices and the software that powers them will continue to evolve, as will the apps and services you use. Your sources of knowledge will evolve as well. As will best practices for cybersecurity, as defined by industry analysts and experts. Think of every device you own or gift as an opportunity to extend lifelong learning for you, a colleague, a friend, or a family member.
Day 12: Practice Good Cybersecurity Hygiene Every Day
Cyber threats, like connected devices, evolve. Your cybersecurity must do the same. This means you should pursue all of the steps outlined here continuously, and never fail to follow all of them. This list is a floor, not a ceiling. Reach higher and further for better cybersecurity. Your connected devices and your life online will become ever more safe, valuable, and enjoyable, for you and those connected to you.
Before you switch off your devices and screens to spend time with your friends and family during the festive holiday season, make sure you read up on how Huawei devices do the heavy lifting when it comes to protecting your data.
Got any stories about being hacked or phished? Or do you have any additional ideas about how to improve cybersecurity? Leave a comment below and we’ll share the best ideas in a future piece.
Disclaimer: Any views and/or opinions expressed in this post by individual authors or contributors are their personal views and/or opinions and do not necessarily reflect the views and/or opinions of Huawei Technologies.