homeworksecurity.jpeg

I recently had a software developer ask me if non-technical application users were  more secure than they were ten years ago.  I told him that I believe they are more secure as long as they follow the same cybersecurity best practices at home that they have been taught at work.  Many of these best practices are just as useful for protecting our sensitive data at home as they are in the office.  So our goal is to consistently follow these cybersecurity best practices so that we reduce the chances of a cybersecurity event occurring wherever we may be using a computer.

Creating Secure Passwords
Everyone should know that it is not safe to create passwords based upon words found in any dictionary.  But it is also just as important to create passwords that are no shorter than eight characters.  And the longer the passwords are, the more secure they are.  We also still need to sprinkle special characters and numbers throughout our passwords and make sure we use a combination of upper and lower case letters.  Complex passwords created with these requirements secure our personal accounts just as well as our work accounts.

PATCH, PATCH, PATCH!
Once a month, Microsoft releases a patch that includes all of their bug fixes from the previous four weeks.  Some of those bugs will be security issues.  While they may not have a patch released every month, most organizations will need to update software running on our work computers.  So it's important that our organization update their servers as soon as possible with these fixes so that we don't become the victim of an attack that targets publicly known vulnerabilities.  While patching at the organization level is a complicated process, it's easier, and just as important, to patch our personal devices when patches are released for them.  Laptops and mobile devices need to be patched on a consistent basis to reduce the chances of a criminal infecting our home computers with malicious software that targets recent publicly revealed security issues. 

Be Weary of Clicking on Email Attachments
Being careful about opening email attachments at work has been a security issue for a number of years now, but the same level of concern needs to be taken towards any attachments sent to our home email accounts.  Whether it is a work email with an attachment titled "Executive Payroll List" or a personal email with an attachment titled "IRS Investigation", these titles are used to trick users into opening them and allowing the malicious software within to run.  If an unexpected attachment appears in either a work or personal account, call the author of the email with a phone number you look up yourself and double check to make sure they really did mean to send you an attachment titled "You've Won a Free Trip!”.  

Validate Links Before Clicking
Suspicious attachments aren't the only way cybercriminals will attempt to trick us when using email.  We also have to be concerened about malicioius links.  While it may appear that a link clicked in a work email or document will take you to the visible address, this is not always true.  The only way to know for sure that you will be visiting the intended address is to type in the address of the website you want to visit directly into the URL address bar in a browser. At home, there will be many tempting links to click on our social media sites such as Facebook, Twitter, EBay, etc.  These tempting links are often placed near an interesting picture or headline that makes the reader curious, so they may click without thinking.  Typing an address into our browsers may take a few more seconds of time, but it vastly reduces the chances of a clicked link instructing our browsers to open a malicious website.

For a handy visual reference, print out our Malware Prevention @Home and Malware Prevention @Work Infographics!

Protecting sensitive data at home is just important as protecting sensitive data within our organizations.  By following the cybersecurity best practices that protect us at work as well as at home, we can reduce the chances of becoming a victim to a cybersecurity attack.