This week, we’re talking about personal cybersecurity in honor of National Cybersecurity Awareness Month. Personal cybersecurity, in the context that we’ll talk about it today, is cybersecurity for any devices or technology-involved activities that do not directly relate to your career. For instance, talking to your child on the phone, using your Walmart app, interacting with any personal email account, banking online, accessing personal medical documents, or donating to charity online are all considered personal cybersecurity. Don’t worry, though – if you were hoping to learn about cybersecurity for work, Todd will cover that next week.
Probably one of the most universal uses for personal technology is email. If you follow along with us, you know we’re on a crusade against phishing. I wrote several blog posts that cover the topic, and I’d highly recommend reading those if you’re not well-versed in what phishing is. But for now, I’ll run through a quick overview. Phishing is the sending of fraudulent emails in an attempt to steal information or money from the recipient. The sender could be after any number of things, but among the most popular are money transfers, banking information, passwords and login credentials, and personal identifiers (SSN). Bad guys will also try installing malware through phishing. Over the years and especially recently, these fraudulent emails have become very convincing. So, how do you recognize them?
Inspect the sender email address/domain. If the sender claims to be your friend, but the email comes from a different email address than your friend usually uses, it’s a huge red flag, especially if the content relates to money or security. Next, check the links or attachments, if any. If any unknown sender ever attaches a file to an email (especially an .html or .exe file), do not open it until you and your security team have verified its legitimacy. Next, inspect the email for grammar and spelling errors. Notoriously, phishing emails often originate from non-English speakers or people for whom English is a second language. If an email is littered with grammar errors or the wording sounds off, it could be a phishing email.
Now that we’ve got phishing down, let’s talk about passwords. Your passwords matter. Often for personal accounts, your password is the only thing between you and your account (or someone else and your account). And that’s why passwords need to be safe. So, password basics: don’t reuse passwords; don’t write passwords on sticky notes; use a good combination of letters, numbers, and symbols; and don’t use very obvious keywords like your name or your spouse’s name. I know this sounds like a lot of rules, and it is, so having a good password manager can be very useful in storing, creating, and protecting your passwords. Some of them are even free for personal use!
Of course, you need to be careful of cybercrime in all technological interactions you have, not just with email or passwords. Fraudulent phone calls claiming to be the IRS looking for your personal information, or calls claiming to be your electric company asking for payment, threatening to cut your power, are common examples of cybercrime via telephone. Texts claiming you won the lottery or you owe money on medical bills could be attempts to steal your banking information. There are endless examples of cybercrime (and it’s impossible to be aware of all of them), but when you educate yourself about common themes, red flags, and warning signs, it raises your awareness and significantly decreases the chances that you’ll fall for a scam. The information we’ve just talked about is a great start, but don’t stop here. Research, read, ask questions, and apply everything you learn to your use of technology. It makes your technology and the world around you a safer place.