Increase Your Cyber Security with 10 Simple Steps

What started as a story about how I helped a dealer handle hackers who had created a fake website has now turned into a series on cyber security street smarts.
The last article I wrote looked at how to find fake websites, while this article will explore how you and your dealership can operate more safely online.
If this article raises any questions for you, don’t hesitate to reach out to me. Besides being a car guy, I also run a cybersecurity organization back where I live in the Caribbean so I should be able to answer any of your security related questions.

How to Practice Good Cyber Security Hygiene in 10 Steps

Staying safe online doesn’t have to be complicated. Just like brushing your teeth keeps you healthy, a few simple security habits can protect your digital life… whether as an individual, or as a company. Here are 10 steps to help you build strong “cyber security hygiene”, and stay secure on the internet.

1. Use Strong and Unique Passwords via a Password Vault

Many people make the mistake of using simple 5 or 6 character passwords that play off a birthday, or some other personal information that can often be found online and used to inform password cracking tools. Worse yet, most people reuse their passwords. DO NEITHER! Get a reputable password vault, such as NordPass or ExpressVPN, to check on the health of all your passwords, and then create mixed character passwords of 20+ characters. Most good vaults can also be used to conduct data breach scans to see if your email (and potentially their passwords) show up from password breaches.

2. Enable Two-Factor Authentication (2FA)

Turn on 2FA (also known as MFA) wherever possible to add an extra layer of security for critical websites such as your web email login, or your bank. We’ve already worked with a customer who had a critical email account stolen leading to a loss of hundreds of thousands of dollars. 2FA is a PITB, but absolutely necessary. This said, it is generally recommended that you use app-based multi-factor authentication, rather than phone-based SMS, since there are some well-known ways that hackers can compromise phones to gain access to SMS MFA texts.

3. Use a Reputable Virtual Private Network (VPN)

A good VPN masks much of your activity on the internet, and provides solutions for monitoring malicious websites and a whole host of other nasty things. Two VPN solutions that have a good reputation are ExpressVPN and NordVPN, and no, I don’t get any kickbacks for recommending them. That said, VPNs are great when you’re traveling and want to make your activity much more secure.

4. Use Anti-Virus Software

Yep, sadly a lot of people forget to set up their AV software and have it actively monitor their devices. There are many good solutions out there, but Windows has done relatively well improving their Windows Security offering so that’s a good place to start. Otherwise, BitDefender and Norton are good too.

5. Update Your Software and Review App Permissions

Whether it’s your phone, computer, or apps, always install updates, and automate updates whenever possible. Out of date software is a common way hackers exploit weaknesses in a system. Also, always follow the “least privilege principle” whether for your servers, or even personal phone. Effectively, this principle argues that a device, software, or person must only be able to access only the information and resources that are necessary for its legitimate purpose. Nothing else. Your IT will know what this is. For you, it just means that you should give any app only the least necessary access to your device. For example, if location info is not necessary, turn it off!

6. ALWAYS Think Before You Click

Don’t click on links or open attachments from anyone without first checking the link, or doing an anti-virus scan of the attachment. I don’t care if the email is from your momma, always check. And, if you get an email from some company, bank, or person you regularly work with asking you to click on something or look at a file, a simple call to a legitimate number can avoid potential pain and heartache.

7. Back Up Your Data

Sorry, I had to say this because many companies don’t back up their data. This puts you at huge risk if you get hit by a ransomware attack. With the right backup schedule, you can neuter most ransomware attacks and make recovery as simple as data restore by your IT team.

8. Stop Posting Personal Information About You and Those You Love

I’ve done some fun open source intelligence (OSINT) work which was made easy by targets who overshared personal information. Cut it out. Cut back on personal. Pay attention to what’s in a photo. Don’t tell people when you are travelling. Hackers use this information to profile people for attacks. The less info they have, the better it is for you.

9. Always Lock Your Devices When Not In Use

Do I really need to say more here?

10. Stay Informed

Like I said in my article on the steps to find fake websites, Google Alerts is a great way to stay informed about particular topics. For example, you can have Google keep a tab on “cybersecurity hygiene best practices”, or similar phrases, so you can be informed via email about any topics of interest that are published online.

The Final Word On Good Security Practices

I used to live in Baltimore and loved it! I went everywhere around town, but despite my love for the city, I used my “city smarts” to avoid bad situations. When I was walking, whether it was night or day, in a “good” neighborhood, or “bad”, I always paid attention to what was happening around me. I didn’t walk with my head in a phone. I looked around when leaving my home or another building… I just paid attention to validate that what I was doing was relatively safe.

You can do the same with your activities online, whether as an individual, or through your business. All it takes is learning some simple skills, and good habits, to get by like I did in the big city. If you, or your company, do not have a program in place for teaching good cybersecurity awareness, then you're making a mistake. A good training program should be fun, generate conversation, and be fully supported by management. It can save you pain and anguish, and potentially a lot of money too.

As usual, feel free to reach out with questions at any time. I love to help out.