Are you hack-proof? Here’s how to make sure

Clean up threat susceptibility by maintaining good cyber hygiene

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

While the writ­ing has been on the wall for a long time, on Fri­day, May 12, a new strain of ran­somware called Wan­naCrypt, also known as Wan­naCry, raged like an out-of-con­trol wild­fire across Europe and Asia, ulti­mate­ly impact­ing com­put­ers in 150 countries.

Adam Levin, chair­man and co-founder of and Cyber­Scout (for­mer­ly IDT911)

For many affect­ed by this hack, a few hun­dred dol­lars in ran­som mon­ey is a pit­tance when com­pared to the cost of hir­ing some­one to attempt the recov­ery of your files after they’ve been encrypt­ed. These ran­somware attacks would cease to be prof­itable were there easy workarounds. But at this time, it is high­ly like­ly that if you hap­pen to get got by one of these attacks, you should assume your files could be gone for good.

That’s why it’s crit­i­cal you learn how to pro­tect your­self.

Cyber hygiene

If you’re like most peo­ple, you spend about 40 min­utes a day on per­son­al hygiene. While that’s a con­sid­er­able amount of time, you prob­a­bly don’t con­sid­er it to be an issue. It is not the same thing when it comes to cyber­se­cu­ri­ty. Were it as sim­ple as down­load­ing and installing soft­ware updates, the time spent on cyber groom­ing would be min­i­mal (though the patch­es do seem to come fast and furi­ous these days).

The issue real­ly is that cyber hygiene is some­thing one should prac­tice 24÷7÷365. Come to think of it, it requires about the same amount of com­mit­ment and mind­ful­ness as it takes to make sure your hair is OK and there’s no spinach in your teeth.

Here are some things to con­sid­er includ­ing in your dai­ly cyber­se­cu­ri­ty routine.

1. Install updates

When you are try­ing to find some­thing online or use an app, an update notice can be like a mos­qui­to that’s over­ly inter­est­ed in you, but the last thing you should ever do is swat that notice away. It is often the only thing stand­ing between you and the bad guys out there who are look­ing for a way to exploit weak­ness­es in the secu­ri­ty fea­tures of the devices you use on a dai­ly basis.

2. Use stan­dard encryption

Both Macs and PCs now offer a way to pro­tect the con­tent stored on your hard dri­ve, and it’s so easy there’s no rea­son not to use it. It’s called Fil­e­Vault on Apple and Bit­Lock­er on PCs. It is easy to set up, and ren­ders every­thing on your machine unread­able by a hack­er who gains access to it.

3. Back up your dig­i­tal life on an exter­nal drive

For less than $60, you can pur­chase an exter­nal hard dri­ve large enough to store an immense amount of data. That’s where you want to keep your most sen­si­tive per­son­al infor­ma­tion. The rea­son is sim­ple: It is air-gapped (not con­nect­ed to the inter­net) most, if not all, of the time. There is no need to be online to back up your hard dri­ve to an exter­nal dri­ve. Extra points if you encrypt your data.

4. Use a pass­word manager

If you’re not using long and strong pass­words, or still using the same pass­word across mul­ti­ple plat­forms and web­sites, you need to read this. For those who get over that rather low bar, it’s time to improve your game. It used to be that peo­ple made cheat sheets with their pass­words and stored them in their desks (bad) or on an encrypt­ed thumb dri­ve (way bet­ter). That’s no longer nec­es­sary. Pass­word man­agers take away the risk asso­ci­at­ed with hav­ing your pass­words writ­ten down where they can be found and used. You need only remem­ber one. As far as ser­vices go, there are many, and all are bet­ter than old­er meth­ods of man­ag­ing pass­words. Research them online and make sure to read their reviews.

5. Read the URL address

There are more spoof sites out there than you may real­ize, and they are there to do harm, not good. Always look at the URL to be sure you are on the site you intend­ed to vis­it and not a clone—the clone often will have a very sim­i­lar address, so look close­ly. For an addi­tion­al lay­er of secu­ri­ty, you might want to con­sid­er down­load­ing HTTPS Every­where, a plug-in that works on Chrome and Fire­fox and enables HTTPS encryp­tion auto­mat­i­cal­ly on sites that sup­port it.

6. Think before you click

The No. 1 way peo­ple get got is thought­less click­ing. Whether it is a fake or cor­rupt­ed web­site designed to plant mal­ware on your device or a phish­ing email that looks like it came from a trust­ed insti­tu­tion or a friend but is in real­i­ty from a cyber fiend, you must have a pause in place and it has to be automatic—when it comes to click­ing on any­thing that comes your way from “out there,” even—or espe­cial­ly if—it looks like a friend or fam­i­ly mem­ber sent it.

7. Make your secu­ri­ty a seam­less part of your day

If you see a sto­ry about a data breach or a secu­ri­ty com­pro­mise on a device you use, con­sid­er that an action item for your day. Just take a sec­ond to find out if you are affect­ed, and then take what­ev­er pre­cau­tion you can. The 40 min­utes the aver­age per­son spends on per­son­al groom­ing is a good rule of thumb. Think of your cyber hygiene like a glance in the mirror.

8. Use two-fac­tor authentication

Increas­ing­ly, two-fac­tor authen­ti­ca­tion is avail­able on the accounts we use dai­ly, and it is essen­tial that you set it up. It means that if a per­son hijacks one of your accounts, there isn’t much dam­age they can do with­out also hav­ing pos­ses­sion of your mobile phone or access to your email account. It’s an easy mea­sure any­one can take to improve their per­son­al cybersecurity.

In my book Swiped: How to Pro­tect Your­self in a World Full of Scam­mers, Phish­ers and Iden­ti­ty ThievesI go into greater detail about the var­i­ous ways your infor­ma­tion can be got and what you can do to pro­tect it. The main les­son: Prac­tice what I call “The Three Ms,” which are as follows:

  • Min­i­mize your expo­sure. Don’t authen­ti­cate your­self to any­one unless you are in con­trol of the inter­ac­tion, don’t over­share on social media, be a good stew­ard of your pass­words, safe­guard any doc­u­ments that can be used to hijack your iden­ti­ty, and con­sid­er freez­ing your cred­it. (Here’s how to decide if you need a cred­it freeze.)
  • Mon­i­tor your accounts. Check your cred­it report reli­gious­ly, keep track of your cred­it score, read Expla­na­tion of Ben­e­fits state­ments from your health insur­er and review major accounts dai­ly, if pos­si­ble. (You can check two of your cred­it scores for free on If you pre­fer a more laid-back approach, sign up for free trans­ac­tion alerts from your bank, cred­it union and cred­it card com­pa­nies or pur­chase a sophis­ti­cat­ed cred­it and iden­ti­ty mon­i­tor­ing pro­gram.
  • Man­age the dam­age. Make sure you get on top of any incur­sion into your iden­ti­ty quick­ly and/or enroll in a pro­gram where pro­fes­sion­als help you nav­i­gate and resolve com­pro­mis­es. These are often­times avail­able for free or at a min­i­mal cost through insur­ance com­pa­nies, finan­cial insti­tu­tions and HR departments.

 Full dis­clo­sure: Cyber­Scout spon­sors Third­Cer­tain­ty. This sto­ry orig­i­nat­ed as an Op/Ed con­tri­bu­tion to and does not nec­es­sar­i­ly rep­re­sent the views of the com­pa­ny or its partners.

More on iden­ti­ty theft:
Iden­ti­ty Theft: What You Need to Know
3 Dumb Things You Can Do With Email
How Can You Tell If Your Iden­ti­ty Has Been Stolen?