5 Tips to address cyber security risk at home
Today’s topic is all about risks, and how it relates to cyber security. All through our lives we make decisions based on risk assessments. It all begins at a young age as a child. For example, I see the contrast in risk assessments with my two children. My oldest son is more risk adverse while my youngest one is the risk taker, i.e. the kamikaze kid.
My youngest would climb to the top of the couch and lay on headrest of the couch, coming perilously close to falling off the other end. He will jump off of things that are a little too high for him to be jumping off of, and uses the couch as a trampoline. Of course, he is only 3, so some of this is expected until he learns his limits.
My oldest on the other hand, seems to be understanding risk a little more and isn’t the daredevil like his brother. My older one will only climb up the 4th step of the rope climbing ladder, never going to up the final two because he knows it is quite a bit higher and falling from that high would definitely be more of a risk for injury.
Christina and I are also totally opposite. As I mentioned, I am fairly risk adverse, whereas Christina is the total risk taker. For example, Christina believes in letting kids take risks and learn from their mistakes, such as jumping off things on the playground. Whereas I would be there telling my kids to be careful and take it easy and not to jump off certain platforms.
Another example, I would be hesitant to eat some food if it’s been in the refrigerator for more than two days to minimize the risk of getting sick. Christina on the other hand would pull something out that’s been in the refrigerator for 3 or 4 days and have no problems eating it, not matter the greater probability that the food has gotten spoiled. But then again, I haven’t seen her get food poisoning at any time, thus I guess she is valid with her risk assessments and tolerances.
The point being, people have different risk tolerances, and this also applies with respect to cyber security. I just read an article today, “Blue Coat System conducts security survey“, which discusses a study done that shows employees acknowledge risky security behavior, but continue to engage in it. The article states that 82 percent of the US employees knew that opening an email from an unverified source is considered “very risky”, however 17 percent admitted to doing so. As phishing emails become more sophisticated with perpetrators personalizing their attacks, even the most knowledgeable folks could be tempted to open a phishing email and follow its link.
The study indicated that one out of every 20 US employees have looked at adult content on their work device. In China, on in five employees admitted to doing so. Now we all should know that adult content websites are usually are a high risk to visit. If one in 20 is willing to risk their jobs to visit these sites (and one in 5 in China), I am sure these same people would have no problems engaging in this risky behavior at home, where there is no IT or Security personnel to help mitigate these risks.
Therefore, here are 5 tips that I am providing with respect to cybersecurity risks:
- Conduct your own risk assessment of your cybersecurity treats. Determine what data you need to protect on your computer, smartphone, Ipad, etc. and then incorporate the required level of protection that is warranted. For example, if you are conducting banking and financial transactions on your computer, you probably want to insure that the computer is password protected, and key files encrypted to ensure that if your computer is compromised that you financial information stays safe and security. Also, if you have important files and records that you need to keep, you should make sure you have sufficient back up of those files to minimize risks that you will lose that information forever. On the other hand, if all you do with your IPAD is let your kids play game and watch movies (unfortunately, that’s me!), then you might not need to password protect the device due to the minimal risk of someone else accessing the IPAD.
- Assess the risks of not only yourselves but also of all your members of your family. We all know kids probably conduct risky behaviors with respect to using the family computer, or protecting data on their smartphone or Tablets. Be cognizant that to reduce the risks to your family from cyber threats, you must take into consideration the threats that exists based on your family member’s activities and implement protections as needed to protect your whole family.
- Use defense if depth to reduce the risk of damage to your IT equipment. For example, Christina tells me that she would let kids play at the playground, and if by chance they do something to break an arm and leg, at least have good health insurance as a risk mitigation if that does happen. I, on the other hand would have a second layer of defense, i.e. daddy telling the kids to not jump off high objects in the first place. The same goes for your IT equipment. I have a password on my computer accounts, and if that is breached, I have my important files encrypted as required. I also, have backups of my files just in case my computer gets corrupted. Make sure you have several defenses to reduce the risk of your computer and accounts becoming compromised.
- Continually examine new cybersecurity vulnerabilities that come out in the news and determine how much of a risk it is to you. The news is filled constantly these days about stories related to cybersecurity hacks and vulnerabilities. Being in the security field, I take a lot of what is reported with a grain of salt. For example, there was an article posted on USA today, “Technology Car Break Ins“, concerning putting keys in freezer to prevent car break-ins. This “hack” was also posted in various other publications and implies that cars are being stolen across the USA by using power amplifiers to help unlock cars. The solution? Put your key fob in an appliance with a metal cage, i.e. microwave, refrigerator, or freezer or wrap your keys in aluminum foil. Do I do this?? No. This is based on my risk assessment of the vulnerability (or hack), which is based on these factors. One, thieves usually are professional if they are attempting this and usually target high-tech cars. My minivan is a bit high tech, but heck, who wants to steal a minivan for a joyride? Two, I usually park my car in the garage, thus the thieves would have to break into my garage first to take my minivan. If they break in, they probably have a bunch of other things more appealing to steal. And three, I have insurance just in case I am targeted by such a thief, which I believe is minimal currently. The point I’m trying to make is when you hear stories about vulnerabilities/hacks out their being used, assess your risk given the given threat and then determine what action is required to protect yourself.
- Re-assess your risks constantly. Risks plays a role in many of the decisions we make daily. For example, I woke up this morning and asked myself what is the risk of me not going into work today. The risk was minimal, i.e. I did not have a lot of meetings, I didn’t have short term deadlines, and I have Annual Leave which I could take. I did go into work though, but the risk was minimal. Someone working a factory job with no yearly leave allotment would have a lot more risk of losing his/her job by taking the day off instead of going to work. I would recommend constantly assessing your risks in the same manner when buying a computer, downloading a new software or app, connecting to public wifi devices, not password protecting your computer or smartphone, buying your kids smartphones, etc. By making a habit of constantly assessing your risks for everything you do with respect to your computing and IT devices, hopefully you will make better decisions on how to protect yourself from the constant barrage of cyber vulnerabilities and exploits that are out there.
These are just a few things to consider when addressing cyber security risk at home. What may be some of the other factors must the home user consider in addressing cyber security risks?