How to protect yourself in an age of insecurity

Fueled by hyper-connectivity and pervasive digitization, security threats today are more insidious and damaging than ever, but you don't have to be a victim. These tips will improve your security posture at work and on the go.

protection in insecure world primary
Thinkstock

Become An Insider

Sign up now and get FREE access to hundreds of Insider articles, guides, reviews, interviews, blogs, and other premium content. Learn more.

At a time where state actors have working exploits that target smart TVs and undisclosed zero-day exploits of fully patched PC and smartphone platforms, there is no question that practicing safe computing is more important than ever. While there is no silver bullet for you to protect yourself against constantly evolving security threats, there are some steps you can take to reduce your likelihood of being a victim in this age of insecurity.

Good online habits

For all the sophistication of modern exploits, the traditional warning about how files haring is a hotbed for malware is as valid today as ever. It is a good practice not to download and run software from untrusted online sources or via peer-to-peer networks. Hackers have been known to take legitimate software and infect it with malware before distributing it to the unsuspecting. Some even take the extra step of removing copy protection on licensed software to sweeten the bait.

Another good practice is to avoid logging into online services through public terminals or systems you don’t own, as these could be infected — or knowingly installed — with a keylogging software. The result is the immediate theft of all passwords that are keyed, even when logging in over a “secure” website. If logging in through a third-party device is unavoidable, be sure to log out properly and change your password as soon as possible.

Phishing remains one of the most common strategies hackers use to steal data or plant malware due to how the email protocol was not initially designed to validate senders. While most phishing messages are amateurish and easily identified through their poor grammar, don’t expect this to be the case with more sophisticated attempts.

Regardless of whether the sender of your phishing message is masquerading as a reputable company or a colleague, the bad guys typically have two outcomes in mind: for victims to click on an embedded link or to open a specially crafted attachment. While the latter requires good judgment, one way to effectively protect yourself against the former is to manually key them into the browser instead of clicking on URLs. Unfamiliar domains should be avoided, and shortened URLs can first be reviewed using an online service such as Unshorten.It.

Raising the security bar

An easy way to beat casual hacking attempts is to enable two-factor authentication. It’s relatively straightforward and will stop brute-force attacks in their tracks. Be sure to also establish a secure login method as a backup and, where static codes are used, to keep them at a safe location.

While using text messages is popular, an arguably stronger approach for enabling two-factor authentication is to use a physical dongle such as the YubiKey. Supported by popular services such as Facebook, Dropbox and Google Apps, the YubiKey can also store static passwords that are transmitted through a USB port or NFC. The added convenience is an incentive to use a strong password for crucial applications such as a password manager.

Another way to increase security is to use a VPN service. Because all outgoing data streams are encrypted, VPN services act as a shield against compromised hosts on a local network and other digital reconnaissance attempts. Many routers support VPN by default, though they are usually much trickier to configure than a commercial service such as VyprVPN.

To continue reading this article register now

NEW! Download the Fall 2018 digital issue of CIO