From the remote workforce to virtual classrooms and online grocery stores, the cyber world is now a key part of our daily lives, and we each need to do our part to protect it.
Angelo Marcotullio, chief information officer for the Center for Internet Security, answers some of the most common questions about the best ways to do that.
Chief Information Officer, Center for Internet Security
Is there a single product or service that can fully protect one’s data?
That would be amazing, but unfortunately not. Cybersecurity experts recommend layers of security. Before the bad guys can get to your data, they have to successfully penetrate these multiple layers. Hopefully, one of the layers of defense will stop the attackers before they get to your data.
Where do we start? What’s the best first step?
The single most important action is applying security patches to your operating system and applications on your computers, smart phones, and network devices. Luckily, most modern operating systems apply these patches automatically, but it’s critical to confirm that the configuration has not been modified to prevent that.
Then, check your apps. Uninstall and delete the apps you no longer use, and make sure the ones you do use are still being updated and supported by the developer.
Are there additional precautions you should take when working from home?
Yes. First, confirm that the password on your home router is strong, and not set to the default administrator password. Also, confirm your router is configured to automatically install patches. If your router does not offer this option, you will have to manually install patches on a regular basis, or replace it with a more current model that does.
Most newer home routers offer the option to create a guest wireless network, which is a great option for non-family members and for your home automation devices like wireless doorbells and video cameras. This type of setup prevents access to your personal or business data if a vulnerability in the device is used by the bad guys.
Is there anything else we should check on our computers?
Yes. Confirm that your anti-virus software is running and configured to automatically download and install updates. You should also confirm that your computer’s firewall is turned on.
I hear a lot about cyber criminals using email to get access to sensitive data. How can you prevent this from happening?
Email is one of the most common ways that attackers get access to our computer systems. Phishing emails are designed to trick the recipient into sharing sensitive information or downloading malicious software. The best way to prevent this is to be extremely cautious when clicking links in emails or opening attachments. Here are a few things to think about:
First, is this someone you know and were you expecting this email? Examine the actual email address used to confirm it is correct. Hover your cursor over the sender’s email address to confirm that the name and email address are accurate.
It’s also important to examine the text of the email. Are there spelling or grammatical errors? Does the tone match previous emails? Is the email signature correct? Are they asking that you do something immediately? These are all signs that it might be a phishing email, and to be extremely cautious.
What is two-factor authentication and should we be using it?
Yes, you should always set up two-factor authentication when available. Sometimes called multi-factor authentication, this additional layer of protection requires two pieces of information before you can successfully log into a website.
Typically, the first factor is your password. In a two-factor login, this is referred to as something you know. The second factor is often a code sent by text message to your cell phone. This is referred to as something you have (your cell phone).
Using that second factor prevents your account from being compromised if someone gets access to your password.
Since cybersecurity threats are constantly evolving, what’s the best way people can stay up to date on how to protect their data?
We regularly update our website with information on known threats, steps you can take to stay safe online whether it is for work or personal use, and products and services we offer to help you keep our connected world a safer place. You can find us at cisecurity.org or follow us on Twitter @cisecurity.