April 3, 2018 | Portfolio

Personal Cybersecurity 101

Rachel Quon

Written by

Rachel Quon

Image for post
Masha Sedova, co-founder Elevate Security, presents at Canvas Ventures & Costanoa Ventures Dinner Series: Cybersecurity 101. Photo credit: Craig Ricker.

Do you connect to public coffee shops’ wifi? Snooze computer software updates? Use the same password for multiple sites? If you said “yes” to any one of these questions, you may as well hand over your credit card number or any other personal data to the stranger next to you.

Speaking at a recent dinner co-hosted by Costanoa Ventures and Canvas VenturesMasha Sedova, the co-founder of Elevate Security, offered the group several valuable tips about personal cybersecurity and how to keep personal assets safe.

“You don’t have to outrun the tiger. You only have to outrun your slowest friend.”

The truth is: Hackers are going to hack. But if you protect your data by taking care of the easy stuff, you’re less likely to wind up as a victim.

Here are five simple ways to protect yourself:

1. Keep your operating systems up to date.

Hacktivists, cyber criminals, and government sponsored hackers are motivated in different ways, but they all won’t just steal your data; they will also change it and use it against you. Don’t ignore the software update notifications you receive on your mobile device or computer. The alerts mean there is a hole in your system that needs patching. The longer the you wait to update, the more time hackers have to steal your data.

2. Use a password manager.

Do not use the same password for multiple sites — even if you have a really complex, long password. Use a password manager, like LastPass or 1Password. They will create complex, long passwords for each site and store it in their online vaults. You will only have to memorize one unique password to get into the bank. I bet your next argument is, “If they figure out that one password to my vault; won’t all your passwords will be at risk?” Correct, but that leads us to the next suggestion.

3. Use two-factor authentication.

Two-factor authentication requires a second step in the login before accessing the account. Whether text-based, token-based, or a physical YubiKey, two-factor authentication adds another level of security.

4. Stop connecting to public Wifi.

Starbuck’s wifi, Xfinity wifi, your hotel wifi, etc. are all unsecure networks. Use a personal hotspot or Virtual Personal Network (VPN). If you don’t have a hotspot or VPN and need to connect, make sure you are using HTTP Secure (https://) to keep your data protected.

5. Check the sender address email and follow up on the phone or in person before sharing personal information.

According to Verizon’s 2017 Data Breach Investigations Report, two-thirds of all malware was installed via email attachments in 2016. Hackers are savvy and use different techniques to fool users into clicking on phony links to scam them into divulging account information and more. Don’t be fooled. Fake invoice messages are the #1 type of phishing lure, so double check who sent the email and cross-check before moving forward.

Image for post
Common phishing email example. For more examples, click here.

These strategies seem like common sense, but most cyber attacks are still caused by human behavior. IBM found that 95% of known incidents included a technical and human behavioral exploit. So at the minimum follow these five strategies, and remember: You don’t have to outrun the tiger. You only have to outrun your slowest friend.

Elevate Security teaches these skills to employees at scale at large companies. Elevate’s first release, Hacker’s Mind, is a group-based virtual experience that puts employees inside the mind of a hacker, allowing them to spot and exploit security vulnerabilities in their company, their team, and themselves, and giving them a first-hand look at why security matters to them. For more information, please visit www.elevatesecurity.com.