Strong cybersecurity habits help protect the personal information you keep online. As cyber attacks become more common and cybercriminals become more creative, it’s important to take measures to protect your online identity.
Responding to cybersecurity incidents
The Government of Alberta’s Cybersecurity Services team has created a cybersecurity tip sheet to help organizations prevent and respond to cybersecurity incidents.
Passwords are the first line of protection on your accounts, so it is important to build strong habits.
Use a unique password on each of your accounts. Stolen username and password combinations are often sold online after they are compromised in a security breach. Knowing that people are likely to reuse the same password, cybercriminals use the same username and password combination to gain access to the email or other accounts on popular websites.
Follow these tips when creating a password:
- create long passwords with at least 10 characters
- use a combination of lower- and upper-case letters, numbers and special characters, such as $ ^ * and spaces
- avoid using personal information, such as a pet’s name or an anniversary date
- consider using a passphrase. Start with a sentence that is meaningful to you, then replace some of the letters with numbers and special characters. For example, “I love cybersecurity tips” becomes “1 <3 CS t1p5!”
- change your passwords at least once a year or following an information breach on any website or service you use
Remember to protect your accounts by never sharing your passwords, writing them down, or saving them in your internet browser or apps. To help you keep track, consider downloading a password management app. Just be sure to read the user agreement policy before installing software.
Multifactor authentication (MFA) requires you to provide at least 2 pieces of evidence – also known as factors – to log into an account. Enabling this feature makes your accounts harder to compromise.
MFA uses a combination of factors:
- Something you know: this is your password or PIN.
- Something you have: this is usually a code that changes each time you log in and is often sent to you through a soft token (like a text or an app notification) or a hard token (like a USB key).
- Something you are: this is biometric information, like a scan of your fingerprint, iris or retina.
Downloading trusted security software is a quick and easy way to protect your devices, including your cell phone.
Antivirus software prevents viruses and malware from infecting your devices. When choosing a product, look for one that regularly updates its database to keep up with new viruses and malware.
Firewalls manage inbound and outbound data to prevent unauthorized users from access your network without limiting your activity. Some devices and operating systems may already have firewall integrated into their default security settings.
Many devices will allow you to encrypt your information. This effectively scrambles your data so it cannot be read or used if your device is compromised.
Many mobile devices will allow you to enable encryption in the settings. If your device does not provide this option, you can also purchase encryption software from a number of trusted organizations.
Viruses and malware (short for malicious software) are the most common attacks on devices.
Phishing attacks often come in an email, text or phone call and are designed to trick you into sharing your information or sending money. They are often ‘spoofed’ to look like they are coming from a known and trusted organization.
Phishing messages generally make unusual requests, like asking you to pay a fine with a gift card. They may also try to create a sense of urgency by claiming that your account or personal information will be lost if you do not take immediate action.
Phishing emails and texts usually include attachments or links that may install malware on your computer when opened. Avoid opening links on attachments unless you are confident you know the sender. If you are unsure whether an email is real, search for the sender’s contact information and call them to confirm whether they sent it.
Hover your cursor over the name of the sender to verify the email address. If the name shows something different than what is listed in the sender field, you are likely dealing with a phishing email.
You can also hover your cursor over a link to see the destination URL. This will often appear as a small line of text in the lower left-hand side of your internet browser. Do not click any links that point to a different website than what the text suggests or that appear to be alpha-numeric codes.
If you receive a phishing email, delete it without taking any of the actions suggested.
Learn more about other common text scams.
Ransomware is a kind of malware that uses encryption to hold your data and information hostage until a ransom is paid to the attacker. It is downloaded to a device without your consent through malicious links, emails, texts, or websites.
You can help prevent ransomware by following the same tips provided in the phishing email section above and by installing a good quality antivirus software.
Do not pay the ransom if your device is infected with ransomware. It does not guarantee that your information will be released to you or that the ransomware will be removed from the device. Contact a local computer repair service for support.
Network security helps you browse the internet by making sure that no one can access your Internet connection without your consent.
When you set up a WiFi router, take the time to change the default password because it may not be unique to you. You may also wish to create a guest network. This will keep your Internet-connected devices separate from your guests’ activity, adding an extra layer of protection to both parties.
If you are using public WiFi or a shared network when travelling, considering using a virtual private network (VPN) to encrypt your activity and disguise your online identity. This makes it harder for attackers to track your activity and steal your information.
Remember that not all VPNs are created equally. Some free VPNs will capture your information. Do your research when selecting a product and always read the user acceptance policies before installing a product.
Be sure to turn off your smartphone’s WiFi and Bluetooth radios when they’re not in use. Failing to do so can introduce vulnerabilities that cybercriminals can take advantage of.
Internet of Things
The Internet of Things (IoT) is the network of non-computing devices that are connected to the Internet, like a smart TV or a baby monitor that connects to your smartphone. They are convenient, but can be notoriously hard to secure.
Consider unplugging your smart devices when they are not in use. Some devices may be recording you without your consent or knowledge.
Introduce passwords to as many devices as you can. You may have to enable this in the settings. If an IoT device comes with a default password, be sure to change it when you set up the device for the first time.
Keep the software up to date because software updates can include security patches to address known vulnerabilities. Depending on the device, updates may be pushed to the device or you may have to download them from the manufacturer’s website.
Do your research before you purchase a product to see if there are any known vulnerabilities. Price is not always correlated with better security, but studies suggest that lower-end products offer less protection.