Cybersecurity Feature: "How Secure Is Your Digital Life?" Practical Tips & Cybersecurity Best Practices

by Alexander Lederer & Nomaan Syed, Leidos

Good cybersecurity hygiene doesn’t start and end in the workplace – these habits need to follow you home to harden the boundaries of your home network, protect your identity and credentials, and secure your personal data.

Below is a list of 7 cybersecurity best practices that you can easily implement at home.

1) Protect your accounts with multi-factor authentication

No matter how good your password management is, nothing stops account compromises like multi-factor authentication. Multi-factor authentication is when you provide two or more authentication measures, like a password and a fingerprint or verification code, in order to login to an account. While hackers can work around multi-factor authentication, it reduces the number of successful compromises significantly – hackers relying solely on stolen or breached credentials are stopped by almost 100 percent.

Most multi-factor authentication methods involve a text or email confirmation code that only works for a limited amount of time. This stops hackers who only have your account information, because they also need the additional time sensitive identification data in order to break in. This won’t protect against certain advanced phishing tactics; fake credential harvesting pages can trigger a real verification code, and then use that code to break into your account.

Multi-factor authentication at home is easy to set up, even though all services that provide it do it a little differently. Usually you will need to go into your settings and enable multi-factor, and then choose your methods.

2) Use a password manager

With so many different online services, users are likely to recycle credentials to remember their accounts. Re-using usernames and passwords, however, is one of the easiest ways to compromise accounts. When an organization’s user database gets breached, those user credentials are sold or released on the dark web. As a result of past breaches, there are many different databases of user credentials that anybody can automatically pull from – and test against different websites. Hackers use automated scripts that try to log into different sites using leaked credentials, hoping users reuse usernames and passwords on multiple sites.

By using a password manager, you can have strong and unique passwords for each account, and you only need to remember the master password for your password manager. Password managers make remembering all of your account credentials much more manageable, which leaves you less vulnerable to data breaches. When every account has a unique password, you don’t need to worry about your entire online presence if a single account is compromised. To protect the master password, don’t use recycled credentials for your password manager and make sure you set up multi-factor authentication to prevent automated attacks.

3) Use an ad blocker

One of the leading ways for malware to enter your computer is by clicking on ads and pop-ups that appear on various webpages. Traditionally, bad advertisements have redirected users to phishing sites, spread viruses disguised as fake plugin updates, and other forms of malware. You can protect yourself from bad ads by using an ad blocker on untrusted websites. Malware in ads have led to high-profile attacks, like when the Syrian Electronic Army (SEA) hacked the Washington Post's website. SEA used Outbrain, a content and advertisement service, to redirect users from WashingtonPost.com to pro-Syria websites and content. Even YouTube ads have been leveraged, with hackers using the ad platform DoubleClick to hide JavaScript code to eat up the victim’s computer processing power in legitimate YouTube ads.

The most popular ad blocking programs can be set up as browser extensions, with Ublock Origin and Adblock being the most prominent. If you choose to use an ad blocker, setting up a whitelist to play ads on trusted websites allows you to support online content while keeping safe from more sketchy domains.

4) Turn on automatic updates

Automatic updates allow you to keep up with the latest security and functionality features of all your software, all at the low inconvenience of restarting your computer. Too often, users will turn off automatic updates to have more control over when their computer needs to be restarted, which can mean security updates aren’t installed to protect against an attack.

When different operating systems and softwares update, they are looking to correct and optimize their product, and delaying these updates can leave your computer open to massive security issues. Microsoft has a very well-documented exploit and vulnerability list, and Microsoft updates help resolve these issues to prevent malware from using these exploits to infect a system. One of the best examples of this is BlueKeep ransomware. This ransomware, after initially infecting a computer, was able to jump rapidly to other computers within the network by using a known exploit. If the affected individuals and businesses had patched their systems, the ransomware attack would have failed.

Updating software and applying security patches is a critical step in improving your cyber hygiene. You can schedule automatic updates during off-peak hours so that the forced restart won’t interfere with your regular computer usage.

5) Use both a firewall and an antivirus

Antivirus and firewalls are important components of network defense - and they are not the same thing. A firewall acts as a barrier that blocks untrusted incoming and outgoing network traffic, while antivirus prevents, detects, and removes malware. A firewall cannot remove or protect you from malware already on your system, and antivirus can’t filter out traffic entering your network. If you only have one, make sure you get the other as soon as possible.

6) Secure your home network

People have seen the phrase “securing your home network” but in practice, not many people know what that means. The first and most obvious security tip is to enable a password for your router, which prevents hackers from instantly connecting to your network and reading your internet traffic through a packet sniffer or “man in the middle” attack. Once you enable a password, change it immediately after setup. Default passwords are easily found online and displayed on the router itself, providing opportunities for your network to be breached.

Having a password to access your wireless network is the first step, but making sure that password can’t be cracked is the next important step. WEP, or Wired Equivalent Privacy, is an outdated security algorithm that is used to encrypt wireless traffic. WEP provides a baseline security standard, and it is better than having no password, but hackers can easily break into any WEP secured network in minutes – and they have been able to for more than a decade. As a best practice, disable WEP and make sure your home network uses the more secure Wi-Fi Protected Access (WPA) or Wi-Fi Protected Access II (WPA2).

7) Back up your data

Backing up your data works as a form of insurance against theft, malware, device failure, or another disaster. For large organizations, having a backup site and recovery strategy provide key protections, and the same should be true for your home network. The lack of updated and maintained backups is one of the main reasons some cyber incidents end up much more extreme than they should. If you do decide to back up your data, you have more options than ever before. Saving to an external hard drive, CD, USB drive, or using a cloud backup all have their advantages and drawbacks.