12 tips for better cybersecurity

Almost half of all Americans have had their personal information exposed by cybercriminals, according to the Department of Homeland Security. Worldwide, the average person loses $358 and 21 hours per year dealing with online crime, Homeland Security reported.

In recognition of October being Cybersecurity Awareness Month, the Ohio Cyber Range Institute has offered the following cybersecurity tips.

A longer but easier to remember password is more secure than a shorter, complex password. Try using a phrase, song lyric or quote, for example, that is more than 16 characters. Add some capital letters and a randomly placed special character to meet complexity requirements. Here are some more tips to help you manage your passwords:

• Never use the same password twice. Many times, your login between systems is common, such as your email address. If one gets compromised, so do the others. To keep things simple, add an identifier to the beginning or end of your password. For example: A% to indicate it’s your Amazon password.
• Password managers are good tools to keep strong, complex and unique passwords organized.
• If two-factor authentication is offered, use it. These systems usually use your cell phone as a second form of authentication, either through a text message or an app. In the event your password is compromised, you can stop someone from accessing your account on your phone. It’s a small extra step, but, remember, it isn’t a replacement for a good password.

Free public Wi-Fi at coffee shops and hotels is often very convenient but also can be insecure. These types of networks can be untrusted, compromised or fake. If possible, it is best to avoid free public Wi-Fi. A better option is to use the Wi-Fi tethering feature on your phone (if available on your plan). If you must use public Wi-Fi, do the following:

• Verify the network name (SSID) and password with an employee of the establishment offering the Wi-Fi.
• Don’t access sensitive data (such as your bank account) or log in to any sites with your username and password while on public Wi-Fi.
• If you do need to access sensitive data on public Wi-Fi, connect to a virtual private network (VPN) service to encrypt your information.
  

Many people don’t consider their personal home networks or small office networks to be a target, but they are often easy pickings for malicious actors. There are few simple things that you can do to protect your home network and personal devices:

• Change default passwords on all devices. This includes your home Wi-Fi router, modem and smart devices. The default passwords are easy to look up in manuals and on the internet.
• Apply software updates as soon as possible. Many people put off software updates because they can be slow or are afraid something will change. Software updates fix problems that can be used by a hacker to gain control of your devices. This doesn’t apply only to your operating system but also applications on your computer and/or phone and the software that runs other devices such as routers or smart devices. If possible, it’s a good idea to set up automatic updates.
• Turn off unused features on devices and uninstall unused applications. The less that is running on a device, the less potential attack surface there is.
• If you allow guests in your home or office to connect to your Wi-Fi network, set up a separate guest network for them. Most modern Wi-Fi routers have this feature built in, and it will protect your devices from an infected guest device.

The biggest security vulnerability is the people who use computer systems. Hackers have many tactics to manipulate people into allowing them access to their systems or accounts. Here are a few things to keep in mind:

• Don’t plug in an unknown or found USB device, like a flash drive, on your computer. These may contain malicious software that will run as soon as you install it. If you do find a device, give it to an IT professional to determine who it may belong to.
• Be aware of phishing, a fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers. Phishing attacks often occur in email but also can happen through text messages and phone calls. An attacker will contact you with information that may seem urgent and exciting and you have to act fast — like winning a prize or an issue with your tax return or bank account. Often, it will be hard to distinguish a fake message from a real one. Look out for typos, misspellings and poorly worded messages. When in doubt, don’t click a link or download an attachment from a message.