(5 min read)
5 Tips for the Chief Information Security Officer of Your Home
During this Cyber Security Awareness Month (U.S., Canada, Europe) – especially this week where the focus is to stay safe online at home – let’s ask ourselves: “Who’s the CISO at my house? Are we using similar security tools and best practices at home that are used in the workplace? If not, why not?” In the workplace, there’s someone in charge of security awareness. Whether it’s the chief information security officer (CISO), an IT director, or the CIO, there’s someone implementing the security technology and awareness programs that equip and prepare everyone in the organization to protect the sensitive data of the business, its customers and its partners. We can’t lose sight of safeguarding our homes and families from cyber attack. Cybersecurity Ventures predicts the human attack surface (the number of individuals connected to the internet) will reach six billion people by 2022. Gartner Research predicts IoT technology will be in 95 percent of electronics for new product designs, and through 2022, half of all security budgets for IoT will go to fault remediation, recalls and safety failures, rather than protection (a key indicator of the unknown). The more connected we humans and our homes become, the more vulnerable we are to identity theft, financial loss, credit card breach and even burglary.
Check Your Cyber Security Toolbox at Home
There are several cyber security tools, in the form of best practices, that are used in the workplace and can transfer to stay safe online at home. They can help make your home a haven for online safety by training your family to have security-aware behavior and a security-first mindset.
#1 – Security Awareness and Education.
Cyber attacks and hacks aren’t reserved for just the adults in a family. A 2018 study from Javelin Strategy and Research showed that more than 1 million children were victims of identity theft in 2017, resulting in total losses of $2.6 billion and over $540 million in out-of-pocket costs to families. Sit down and talk to your family about safe, online computing practices. Teaching your family about phishing, spam, online predators, unsecured WiFi networks and social engineering are just as important teaching children to cross a street, not talk to strangers and playing safely.
#2 – Don’t Take the Bait and Get Phished.
According to this year’s Verizon Data Breach Incident Report, phishing and pretexting represent 98 percent of social incidents and 93 percent of breaches. Email continues to be the most common vector (96 percent) with a significant increase of phishing attempts via phone calls. The phishing attacks have gotten more sophisticated since the days of the Prince who wants to give us money. Talk to your family and share examples of fraudulent emails or phone calls asking you to click a link, provide personal information or call an unknown number. Remember, the messages could seem to come from a friend, a company you do business with (like your bank) and even the government. If something doesn’t seem right – you weren’t expecting the message, the subject seems odd or the message doesn’t sound like anything the person or business would ever ask you about – then view it as fraud, don’t click anything and report it to your ISP, a government agency or to the global Anti-Phishing Working Group – or all three.
#3 – Manage Your Privacy Settings.
The EU didn’t implement the General Data Protection Regulation for nothing. Personal data and what organizations can do with it can affect your life. Make sure you check the privacy policies and settings to ensure your data – and the data of your connections – is being used in an approved manner.
#4 – Use Strong Passwords and Two-Factor Authentication.
Despite the desire to eliminate passwords as the primary method of authentication, we still live in a password-driven world. Therefore, we need to choose the strongest password, or passphrase, and bolster it with two-factor authentication. Passphrases are strong and easy to remember. They can be made stronger by using advice from Bruce Schneier, internationally renowned security expert, and the followers of his blog who’ve commented on his pieces on this subject.
#5 – Patch Vulnerabilities.
You are the CISO of your home, and that means making sure known vulnerabilities are patched – from applications to firmware and even replacing products if there’s no way to patch them (which may be a scenario when it comes to IoT devices).
BONUS TIP: Don’t forget the paper trail.
Although you wouldn’t normally think of the paper trail having anything to do with cyber security, it can if you don’t properly dispose of paper with your personal information on it. Or if you write down your passwords and don’t sufficiently secure them, that’s like giving a cyber criminal keys to your kingdom. The right thing to do would be to shred the document with the password.
Whether you’re the CISO of your own home or the CISO of a business, security awareness training for everyone can reduce the risk of data beach caused by human error or a malicious attack. You can learn more about setting up a security awareness program in The Human Fix for Human Risk, by Lise Lapointe, Terranova CEO.