2017 saw security breaches from the likes of Equifax to Verizon. And unfortunately, 2018 is shaping up to be an even worse year for cybersecurity.
On the plus side, the average global cost of a data breach has decreased by 10 percent over previous years, according to the Ponemon Institute. However, the bad news is that the average size of a data breach has increased by almost two percent at the same time.
That means that your odds of getting hit by a data breach in 2018 are higher than ever before.
Before you get too worried, there are a few proactive things you can do to protect yourself and your information. Here are five things you should start doing on Safer Internet Day and all year to secure your online accounts.
Start with the low hanging fruit. The simplest way to keep accounts safe is to install device updates ASAP when released. (Yes, even if that means a slower-than-usual Mac for a few days.)
You’ve probably received notifications to update the software on your devices and clicked “Remind Me Later” for a few weeks before taking the “Install Now” plunge.
It’s easy to assume that these software updates aren’t important. Or that their purpose is just to add new features, remove old ones, or change your device’s interface.
But each time you delay a software update, you’re giving hackers a brief window to take advantage of your unsecured device.
Updates upgrade drivers, deliver bug fixes, and fix any weak areas in security that have been uncovered since the last update was released. Without an update that patches these holes, hackers can write codes that target specific vulnerabilities with malware.
Malware infects your devices through malicious programs, including viruses, worms, ransomware, spyware, Trojan horses, adware, and scareware (just to name a few).
Once these malicious programs infect your device, they can steal your data and take total control of it. No device is truly safe. Even MacOS malware is infecting devices at a greater rate than ever before.
That’s why you should always press “Install Now,” on your mobile phone, computer, tablet, laptop, and even on your gaming system.
Another quick fix to lock down online accounts is turning on two-factor authentication.
Turn on Two-Factor Authentication
Let’s face it, two-factor authentication (also called 2FA, or multi-factor authentication) makes it less convenient to log into your accounts.
It’s true. It’s kind of a hassle. But that’s the point: the extra step, that typically requires access to a physical item that’s in your possession, makes the lives of hackers everywhere significantly worse. (And that’s a good thing — they should hate life.)
Two-factor authentication adds a second layer of security to your accounts. Instead of just entering a username and password to gain account access, you have to enter a second piece of information, like a verification code, that’s sent to your mobile device.
Gmail, Dropbox, Instagram, Apple, and Microsoft are among many online services that offer two-factor authentication. Even companies like MailChimp are rewarding users that set it up with plan discounts.
The second factor that verifies your identity is usually:
- Something you are – a fingerprint scan
- Something you own – a text sent to a mobile phone with a verification code
- Something you know – a second password or image
If someone tries to hack into your account when you have two-factor authentication turned on, you’ll get a text message every time. That message contains a time-sensitive passcode. So the hacker would also need to gain access to your mobile device within a few minutes.
Otherwise, the code expires and they’re out of luck, forced to start over from the beginning.
Use a Password Manager
A key attack method hackers use is to steal your information in minutes is by figuring out the username and password to just one of your online accounts. Then, they use the same combinations to get into account where you share that password.
For example, say that your Facebook login password is the one you use for other accounts. You know, because it’s that super password that easy for you to remember. A hack, or even you simply entering it into an unsecured public WiFi network can put it in the hands of the bad guys.
They can use it to try to brute-force their way into your other accounts (effectively guessing your banking and other passwords by trying a bunch of similar variations).
Or, they can go on Facebook, look at the answers to your security questions like “High School Mascot,” and then use that to reset your banking password within a few minutes.
The easiest way to prevent this entire scenario is to use a unique, unpredictable password for each account and store them all with a password manager.
That way, you won’t have to remember each password.
For example, Sticky Password can help you generate unique codes with random letter and number combinations for each site. Then, when you visit that site in the future, you can quickly load the information to enter the site (without typing a single letter).
All of your passwords will be protected by AES-256 encryption, which is military-grade security used by top security professionals around the world. It’s considered virtually ‘hack proof’ by government agencies.
You can also enable two-factor authentication to your StickyPassword account to double-up on the security.
When creating passwords for each online account, you won’t have to keep track of all the rules for what makes a strong password, either.
StickyPassword will help you generate strong passwords and give you tips right from your account. That way, you don’t have to memorize which symbols, numbers, or words are best.
The only password you have to remember is the one you’ll use to access your StickyPassword account. Having to remember just the one master password makes it much easier to have a strong password.
You can also add information like your address and credit card info to secure your online shopping data and speed along the process.
And best of all, it’s completely free to sign up.
Use a Virtual Private Network
Your online activity is constantly tracked by your IP address.
This paints a target on your back for hackers, restrictive government agencies, and more. They can endanger your sensitive information and take control of your data simply by tracking your IP address.
Businesses can also track what you’re doing online through your IP address and then tailor ads based on your past browsing history. This is literally the definition of “good display advertising” today.
VPNs prevent all of these problems. A VPN is a service that allows you to access the internet privately through an encrypted connection (hence the name: Virtual Private Network).
Your regular internet connection is routed through a VPN server first. So you’re using their technology to get on the internet and start browsing different websites. As a result, your true identity, location, activity, and IP address remain anonymous online.
You don’t need to have any kind of technical knowledge to use one, either. All you have to do is download some VPN software to get started in about five minutes.
Choosing can be tough. I personally spent the last year or so signing up for over 30 different services. The result is this best VPN ranking to help you figure out which is the best for your own unique circumstance.
For example, some are better for privacy (if your government has strict censorship laws) while others are better for speed (if you want to download movies and music). Some might set you back a buck or two a month while others will cost hundreds. And while free ones sound great, many of those often sell your personal information to advertisers.
So it’s not as simple as signing up for the first one available. A little due diligence is in order.
And no matter how proactive you are, a data breach is always possible. That’s why you should always back up your data.
Back Up Your Data
Almost 50 percent of all organizations have been hit with some kind of ransomware attack in the last 12 months.
The attack isn’t even the worst problem. Sure, it’s annoying to deal with and clean up. The bad news is that a ransomware attack will wipe out all of the information on your device.
Data loss can also be caused by virus infection, hard drive failure, computer crashes, theft, disaster, and more. Even unintentional actions cause 44% of all data loss, according to EaseUS.
Simply put: Your data isn’t as safe as you probably think it is.
And just backing up your files to your hard drive isn’t enough. You need to save that information in a separate location, like an external hard drive or up in the cloud.
You can also use a free online backup like Comodo Backup where your files are stored separately. That way, you’re covered if your external hard drive ever malfunctions.
Conclusions and Recommendations
The number of people affected by cybersecurity is on the rise. The trends are outpacing the number of professionals in the industry who can help.
As we enter 2018, it’s more important than ever to be proactive in securing your online accounts.
Be sure to install device updates that patch holes and vulnerabilities in your device’s security. This is one of the easiest ways to secure your information.
Enable two-factor authentication on every online account that offers it to make it harder for hackers to gain access to your accounts.
Use a unique password for every account and store every password with a password manager.
Use a VPN to encrypt your internet connection and mask your IP address to make it harder for cybercriminals to target you online.
Finally, back up your data to a protected location so that if your primary device is ever compromised, you don’t lose everything.
Cybersecurity is an increasingly threatening issue. So, act fast to protect your sensitive information. The potential risks truly do outweigh the costs.
About the author
John Mason is a cyber security analyst, based in Tallinn, Estonia. In his free time, he likes to give (free & paid) consultations as well as write about privacy-related concerns, news, politics and technology.