How Cyber Secure Are You?

AARPLynne · ‎10-05-2018

October is Cyber Security Awareness Month. How Cyber Secure Are You?

Here are some tips to help you stay cyber secure:

1. Make sure your passwords are strong. Don't just stick to the minimum requirements. Passwords should be unique to you, but at the same time, easy to remember. In fact, instead of a password, consider creating a passphrase. Make it something unique to you and easy to remember. For example, if you’re a cake lover, your passphrase could be Ilovechocolatecake. Like to golf? How about Golfismyfavoritesport. Think of something that would be easy for you to remember, but hard for a thief to crack. And make sure you use a unique password for each and every website that you use. That way a data breach on one site doesn’t put you at risk on others. An alternative is to use a password manager (Google “password manager” for options), through which a tool creates and stores your passwords for you.

2. Think before you connect. Before you connect to any public wireless hotspot – such as those in an airport, hotel, train/bus station, or café – be sure to confirm the name of the network and exact login procedures with appropriate staff to ensure that the network is legitimate. Many fake networks have seemingly legitimate names.

3. Never conduct sensitive activities in public. This type of work can include online shopping, banking, or other sensitive financial and personal work. Never conduct these activities using a public wireless network or a public computer, even if the network appears secure.

4. Enable stronger authentication. Stronger authentication (also known as two-factor or multi-factor authentication) adds an extra layer of security beyond using a password to access your accounts. An example of this would be, when you try to log on to your account using your bank’s mobile app, they may send you a text message with a code to verify it is really you. Most major e-mail, social media, and financial platforms offer multi-factor authentication to their users. If you are going to be traveling, be sure to ask your service provider if you can activate this feature before departing on your trip. To learn more, visit www.lockdownyourlogin.com.

5. Turn off your Bluetooth when not in use. Bluetooth enables your device to connect to other devices – for example, it’s what allows you to operate your smartphone hands-free while you are in the car. When it’s on, it can open you up to vulnerabilities.

6. Keep your software updated. Keep your operating system and other software strong by installing updates to improve your device’s ability to defend against malicious software, also known as ‘malware’. Don’t ignore the prompts to update your operating system. Often times, those updates specifically address a known vulnerability and will offer added protection from it.

WebWiseWoman · ‎10-05-2018

Excellent article, Lynne! Thank you for this!

I work in IT (not Tech Security) and would like to add:

1: add !1 or 1! to password first or last on rotating basis; easy to remember but not usually included.
2: never sign into any site via public wifi, including aarp.org! Connect and browse; don't log in!
3. see 2 above.
4: see 1 above.
5: not only does it keep you secure but saves battery life.
6: have to dispute this one; only accept Microsoft Windows updates for security until you research OS updates (e.g. wait until people like me get beat up by it and get those MS nuckleheads to fix). I've been fighting update 1803 for months regarding audio/video. Check update settings and change to security only is my recommendation.

Thanks for this important topic!

#VegasStrong
Phil Harris, actor and showman, to John Fogerty of CCR: “If I’d known I’d live this long, I’d have taken better care of myself.”

fffred · ‎10-06-2018

Public wifi: In general I agree not to log into any accounts using public wifi. Many sites use the https encrypted protocol so the transmission of your credentials should be secure. But even so, the risk of someone snooping on your system and activities is too great. Particularly your email, this may be the place where your password resets get sent to for other sites.

However, I have and will use public wifi, or sketchy private wifi, with my VPN subscription. Not really necessary for those sites with encrypted log-ins but it helps with the general snooping concerns. I used this a lot on my recent 5 week trip outside of the US.

2FA: I've been using some Yubi keys for a number of critical sites (financial, email, etc) and am so happy. These are so easy to use (much simpler and more secure than SMS text codes) and provide a great sense of security (based on reality, not a false hope).