Your smartphone, tablet and computer are incredibly useful tools. You use them to do your banking and make purchases, keep in touch with family and friends and store important stuff like photos, contacts and financial information—all at the touch of a few buttons. In today's world, this information is seamlessly (and often invisibly) stored locally, in the cloud, and both where it is then shared seamlessly across applications. This is a lot of points of failure. What makes it worse, is that now that you are working from home more often, it isn't just the $37 you have in your chequing account that is at stake. Now this same network your 11-year-old is downloading strange and untrustworthy Minecraft mods on, is the same network that you are filing taxes and accessing the payroll system for your multi-million dollar company.
Don't get me wrong, all this convenience is great - but that convenience also makes it easy for your personal information to get into the wrong hands, making you vulnerable to hackers and scams like phishing and malware that have potential to cause serious harm to you and others. Convenience has its price, and that price is you taking some personal responsibility to protect it.
Laptops and desktop computers
Once a hacker has access to your computer, they can retrieve information like passwords, financial documents or other personal data. If you leave your laptop unattended, a criminal may steal your actual device, but a hacker can use other ways to access your computer, such as through phishing or malware.
Phishing messages can come through email or social media and are designed to trick you into sharing personal information by pretending to be from a trusted source, such as your bank. Malware is malicious software created to damage your data, device or network. It is spread when you open an infected attachment in an email or click on suspicious links.
How to secure your laptop or desktop computer
Use firewall and antivirus software
Managing intrusion via firewall software and using antivirus software to prevent, detect and delete viruses from your computer are long-standing best practices. Comprehensive antivirus software protects from malware and may provide other features like website blocking and firewalls. It is important to install this software on all of your computers, set it to perform regular scans and ensure you update it on schedule. With respect to firewalls, remember that other sharing computers in your family could disable them when they get in the way of games and other applications, so monitor closely.
Update your computer programs
Software companies release updates, as well as patches to fix bugs, address weaknesses and improve performance. Installing updates and applying patches for all of your computer’s software will help keep your computer secure. Updating software immediately is one of the most important things you can be doing to protect yourself.
Secure your internet browser
You should customize the security settings on your internet browser to ensure you are comfortable with the level of security. Periodically clear your cache and your browsing history so that you don't leave a record of your login IDs, passwords, banking information or other sensitive data. Log out of your accounts when you are done. Consider a password manager (extension or otherwise) so you can more easily maintain strong passwords everywhere you browse. Consider also some zero-trust tools you can use to visually trigger you if you are unknowingly engaging in risky behaviour. These can show you non-secure sites, cue you to risky sites, and even just let you know if it is a site you have never been to before - which, let's be honest, doesn't happen all that often. And finally, we strongly recommend using CIRA Canadian Shield - Protected to filter out malicious traffic based on real-time latest threat feeds. It is trivial to set up in most browsers, and even better if you can do it on your router to protect everything in your home.
Use a strong password
Even if you just use your computer for emailing friends or shopping online, you should choose a strong password to unlock it. Consider using a passphrase. For example, you could look around the room and come up with a phrase based on what you see. If you are in your dining room, you may use a table, chair, lamp, vase. Add in a number and special character to strengthen it even more. You could also use biometric login. With programs like Windows Hello or macOS Touch ID, you use facial recognition or a fingerprint to access your device.
Secure your Wi-Fi network
Choose your own password on your router, rather than using the default login credentials. You should also change the manufacturer-assigned router name to one that is unique to you and won’t be easily guessed by others. Your operating system or security software likely come with a firewall. Be sure to turn it on. Firewalls watch for attempts to access your system and block non-legitimate incoming traffic.
Consider a VPN
Not everyone needs a VPN for home use since trusted organizations (i.e. your bank) use HTTPs and you have already ensured that your home Wi-Fi network is private and password protected. A VPN adds a layer of privacyby using encryption to scramble your data and keep it secure and unreadable along the way - when it is not already taking an encrypted path. Additionally, because your data is exiting the VPN server, it appears to have the internet protocol (IP) address of that server, masking your IP address and hiding your online activity. A good reason to consider a VPN for personal use, is if you often have your laptop on public Wi-Fi networks.
Cover your webcam
Cyber criminals can access your web camera, which can endanger your privacy and expose sensitive conversations. Inexpensive covers that stick to your laptop and slide over the camera work well. If you have an external webcam turn it off when not in use - or simply point it at a wall.
Phones and tablets
You probably use your mobile device as a camera, GPS, credit card, clock and flashlight. You may even use it to make phone calls. While these capabilities are amazing, they also mean we are sharing our personal and financial data, and in many cases, our location. Securing your smartphone or tablet can protect you from threats like malware and phishing, as well as smishing — phishing messages sent through SMS texts.
How to secure your phone or tablet
Update your operating system
Mobile operating system updates can provide a completely new version or a patch to strengthen security, remove bugs or improve performance. They are an important way to protect your device. Have an old or unsupported phone you are thinking of passing to a child? Think again. Unfortunately, all operating systems have a supported lifetime. This is a lesson for your home devices as well.
Mind your Bluetooth
Bluetooth technology allows you to link to devices like wireless headphones, nearby printers or audio speakers. But be cautious when pairing anything through Bluetooth and turn off Bluetooth when you’re not using it so that hackers cannot detect your device and attempt to pair with it. In point of fact, it is CIRA policy when we go to cybersecurity conferences to turn off Bluetooth because of all the white-hat games ethical hackers play - and that is a benign environment. The airport is not.
Do not send personal or sensitive details, such as passwords or banking information, via text message. Never open attachments, click links from unknown sources or call phone numbers in suspicious messages. If they say they’re from your bank or mobile provider, contact the company yourself. They will be able to tell you if there is a legitimate message they need to share.
Connect carefully to public Wi-Fi
Public Wi-Fi can provide an opportunity for hackers to access your device. If you are taking advantage of public Wi-Fi, make sure you are using a network you know and trust. And never do banking or access sensitive information through public Wi-Fi.
Protect access to your device
While you shouldn’t leave your phone or tablet unattended, in any case, make sure you use a strong lock screen password. If your phone or tablet has biometric security features, such as a fingerprint scan, they can prevent criminals from accessing your device if you lose it. You should also enable auto-lock, so your device locks after a short period of time.
Record the make and model of your phone or tablet (somewhere other than on your device!) in case it ever goes missing. If it does go missing, contact your service provider so they can help you deactivate your device. They can also place your phone on a national blacklist, preventing it from working on any Canadian wireless network. You can also report it to local law enforcement.
Conclusion - don't shirk responsibility
Sound like a lot of work? It really isn't. However, as humans, we can be lazy when an issue isn't immediately in our faces. Unfortunately, like making sure your car is well maintained to be safe on the road you need to make sure your technology is safe to be on the internet highway. And unlike the road, some virtual "drivers" (aka hackers) are actually out to get you.
Just remind yourself every time a security issue requires you to take 30 seconds to reboot something or a couple of minutes to install something - this is much better than being robbed. At best it is still much better than formatting every PC and device, calling every bank, changing every card, reaching out to every company that bills you automatically, and monitoring your credit score for years to come.