One of the key lines of OODA LLC’s business is our cybersecurity practice. We help enterprises build action plans to mitigate risks and improve their security posture. Increasingly we are also asked to provide tips and techniques for employees to consider in their personal lives. Every person with a computer or phone has information at risk and should take personal responsibility for improving their security posture. The problem is reaching people with the right information on what they should do.
My personal belief is that local law enforcement should be enlisted to help get the word out to 100% of our citizens on cyber threats and mitigation strategies. That type of approach has scale and police all need to be cyber experts these days anyway.
Media can and should also play a role, which is one reason I was very glad to have a chance to discuss cyber security with People Magazine in a story titled “Keep Your Email Secure: Experts on How to Avoid the Hacks That Impacted Colin Powell and Hillary Clinton.” In it I provide a few tips, simply put, for those that are not computer experts.
The following captures tips from that article plus a few others that can help citizens become more secure:
- Stay aware of the threat and be suspicious of people trying to trick you out of personal information.
- Pick passwords that are impossible to guess but easy to remember (a favorite method is creating an easy to remember sentence and taking the first letter of each word and adding symbols in the middle, if you can remember the sentence you can remember the password).
- Since you have many passwords across multiple systems and can’t remember them all, use a password manager like Dashlane. Dashlane can help you see when passwords are not secure and can help you replace them with more secure ones.
- Don’t use free email from your ISP. Use Google mail.
- Use two factor authentication whenever you can (you can do this in Google mail and many other online services).
- Look for spoofed emails and links, and don’t click on links or attachments from spoofed sources.
- Know what https is and how to spot it in your browser.
- Make sure you use the most recent edition of your computer’s operating system and all applications.
- Contact all three of the major credit bureaus (Equifax, Experian and TransUnion) and ask for a copy of your credit report and also ask for a credit lock to make it a little harder on some of the bad guys.
- Use a modern anti-virus system on your PC or Mac (Norton Security).
The challenge with building a list like that is keeping it simple but at the same time relevant and actionable. I’m not sure if I have hit the mark exactly right yet and would appreciate your feedback. Do you think that is too general/generic? Does it overlook anything else major that the average user should know about?