As infrastructure surrounding network connectivity improves, the number of Internet users will continue to increase. As of April, 2021, there is an estimated 4.27 billion of the 7.6 billion people in the world , who are using the internet. That’s more than 60% of the world population. Many users aren’t just using the internet at work, but they are also using it at home to keep connected with friends, use internet of things devices, and stream television and movies.
Cybersecurity starts with us, and there are simple things that we can do to get started on a path towards to a more cyber secure future.
Check Your Existing Accounts For Breaches
You probably use your email address or a pretty standard username or two when signing up for new accounts. This information may also assist you in finding out if your were a victim of a data breach.
The godfather of data breach reports, HaveIBeenPwned, allows you to search your email addresses and phone numbers to find out if either has appeared in a data breach. As of this writing the site has recorded over 11 billion “pwned” accounts.
DEHASHED allows you to search multiple different fields including email and username in order to find compromised assets. DEHASHED acts as a search engine and is not an illegal data repository.
Inspired by HaveIBeenPwned, Have I Been Sold allows you to enter an email address and does a check to see if it was seen on any email sell lists. Have I Been Sold also allows you to receive notifications if they find it moving forward, as well as allows you to remove your data from their database.
BreachAlarm is another service that will allow you to check and monitor if any of your account passwords show up online allowing you to change your passwords before damage can be done.
Don’t Use Breached Passwords
“But, how can I know if the password that I’m using was found in a breach?” Great question! Various tools allow you to check whether a password was found in a data breach, without compromising the security of your passwords.
Pwned Passwords stems from Troy Hunt’s tireless work with HaveIBeenPwned. Pwned Passwords is a gigantic database of over 600 million passwords found in real world data breaches. You simply enter a password and Pwned Passwords will tell you if it was exposed during a data breach.
Is that safe? Pwned Passwords uses a concept known as k-anonymity to only send the first 5-characters of an encrypted version of the password that you entered. In other words, the password that you enter isn’t even the same data that gets sent to the server. k-anonymity means that Pwned Passwords is only able to tell you that the password you entered matches any number of passwords it found, and is not a one-to-one lookup. You can read more about how Pwned Passwords uses k-anonymity, here.
Use a Password Management Tool and Never Reuse Passwords
I continue to preach password management as credential theft and password reuse is still far too common. Password management tools integrate with browsers and devices to help you create and store passwords, securely.
BitWarden is the only password manager that we recommend. It’s open source and is available on every platform, for both individuals and enterprises.
Use Multi-Factor Authentication
- Authy (All)
- Google Authenticator (Android and Apple iOS)
- Microsoft Authenticator (Android and Apple iOS)
- Duo Mobile App (Android and Apple iOS)
Use Antivirus and Firewall Protection
“What Antivirus should I use?”, “Which firewall do I need to download?”, “Do I need a hardware firewall?” Look, leave the tough stuff for the engineers. Both MacOS and Windows 10 have Antivirus protection and firewall software out-of-the-box. Instead of loading your devices with additional security software, you should educate yourself on how to be cybersafe.
Educate Yourself on Cyber Safety
Cybersecurity awareness and education isn’t always fun, but it doesn’t have to be boring. Here are some personal cybersecurity awareness links that will help you with better identifying threats, reminding you to perform regular security checks, and keep you in the know on the latest cybersecurity trends.
Knowing how, and where, to Report a cyber incident is important, too.
- Government of Canada – Get Cyber Safe Resources
- Get Cyber Safe Blog
- Canadian Internet Registration Authority (CIRA) Cybersecurity Services
- SANS Security Awareness Tip of the Day
- SANS Cyber Security Blog
- Rogue Security Cybersecurity Daily News
- FCC Smartphone Security Checker
- Telework Security Basics – NIST
- Before You Connect a New Computer to the Internet – CISA
- Protecting Portable Devices: Data Security – CISA
- Understanding Firewalls for Home and Small Office Use – CISA
- Understanding Patches and Software Updates – CISA
- Evaluating Your Web Browser’s Security Settings – CISA
Keep Your Software Updated
Some of the biggest data breaches of our time have been due to unpatched software. When you your update software, computers, devices, and even apps you aren’t just getting cool new features and visuals, but you’re also usually getting security updates.
This website is hosted on WordPress, a commonly used Content Management System (CMS). According to the Sucuri 2019 Website Threat Research Report , just under half of WordPress websites were outdated at the time that the infection occurred.
Use a VPN When On Public Wi-Fi
It’s impossible to be certain whether the operators of a public Wi-Fi Hotspot are taking the necessary steps to protect your data from being stolen when using their services. You can, however, encrypt your communications using a Virtual Private Network (VPN) whenever you do connect to public Wi-Fi.
There are a lot of VPN providers available and we really can’t recommend one. However, here is a pretty regularly updated VPN Provider comparison Google Sheet that gives you information on 96 VPN providers including whether they log, limit traffic, what VPN technology they use, and even if they provide protections against a number of VPN attacks.
Review Your Accounts Regularly
Put it in your calendar right now. I’ll wait. All that you need to do is login to your accounts, verify your security settings, make sure MFA is enabled, and do a check of any third-party connections that exist when you use services like Google and Facebook to login to websites that are note Google or Facebook. Disconnect any services that you no longer use and bask in your account security.