It's mid-January, and oh, how time flies. It wasn’t long since we bid farewell to 2017 and welcomed the new year with renewed hope and vigor. Of course, with such positivity comes a sense of an equally favorable outlook for the year ahead. However good that may sound, being faced with a tabula rasa may pose a challenge equivalent to writer’s block: We simply don’t know where to begin.
This is where resolutions come in.
It’s no surprise that our resolutions are usually about health, finances, relationships, and self-improvement. They’re the things that matter to us the most. As all of us live digital lives, too, why not think up cybersecurity New Year's resolutions that concern our online health and safety as well?
10 cybersecurity resolutions for 2018Exercise more. Learn a new skill or hobby. Save (more) money.
What most of us probably don’t realize is that these are actually goals, not resolutions. Resolutions are firm decisions you make to do or not do something for your benefit. Here's a bonus: They are never time-oriented.
Without further ado, below are some New Year's resolutions that we urge you, dear reader, to start doing in 2018.
(1) I will use two-factor authentication for all my online accounts. 2FAs are awesome. Not only do they add security to your accounts by further verifying that you are who you say you are, but they also protect you from those unlawfully attempting to access your account. So take advantage of these features if they are on offer.
(2) I will back up my files on a regular basis. Believe it or not, your files are in danger. If a strain of ransomware doesn't hinder you from accessing them, theft, software bugs, or even mother nature would. Because of these, backing up has become an essential security and business continuity practice. Be sure to create multiple copies of personal and work files you can't live without, and then store them in a number of physical and digital locations, such as an external hard drive or cloud storage.
(3) I will only visit sites that use HTTPS. Not every website on the Internet—even popular ones, sadly—uses HTTPs. Even sadder is that not every one of us seems to mind entering our personally identifiable information (PII) onto HTTP sites in order to use their services. As more and more companies are beginning to realize that security must go hand-in-hand with privacy, it's important that we start watching which sites we visit and where we enter our information. Opportunely, there are extensions you can install to your browser to automatically connect to HTTPS versions of websites. Take HTTPS Everywhere, for example.
(4) I will routinely review apps on my devices and uninstall those I no longer use or need. What first seems like the must-have app that everyone raves about today is then either abandoned or completely forgotten in the next few days. Unfortunately, out of sight, out of mind actually presents a security risk—this was the outcome of a study by Google a couple of years back. Why is it important to delete unused apps? Not only can unused apps still access and use your sensitive information, but your device could be exploited through vulnerabilities in the apps, especially those that are no longer maintained by the developer. Deleting unused apps will minimize those security risks—not to mention free up some space on your phone.
(5) I will use strong passwords and manage them well. By "strong" we mean long passwords with a combination of lowercase and uppercase letters, numbers, and special characters. And by "manage" we mean not committing all these complicated strings into memory but using software that can help you remember and fill in forms you had been filling in manually in the past. I'm talking about passwords managers. No, paper and Post-Its don't count. Neither does a master password list you created in Excel.
(6) I will update all my software in a timely manner. Doing this may be inconvenient for some users—particularly when the ill-timed notification pops up while in the middle of defeating that video game boss in hard mode—but think about the inconveniences, headache, hassle, and sleepless nights a vulnerable software could cause if cybercriminals were to successfully exploit it. You may have to retry beating that boss more than once, but there is no going back to how things were if your computing device is compromised.
(7) I will handle emails more carefully. Emails: Can't live with them, can't live without them. For some of us, they're the only means to get in touch with others miles away. Unfortunately, emails are also one of the main avenues cybercriminals can get into your system. In this day and age, clicking a link or opening an attachment can literally turn someone's life around for the worst. So this year, before doing anything with that email, pause and think things through. Were you expecting an email from someone you know? Does the email seem fishy or "off" somehow? Verify the send by hovering over the email address or going directly to your vendor's website.
(8) I will think before I post. There's no harm in posting on social media; however, sharing personal details can be endangering your own privacy. You're essentially making it easy for online miscreants and persistent threat actors to use your information in crafting a personalized social engineering attack scheme against your system. Not only that, the information you may freely give away can be used to access your accounts or steal your identity.
Do you think you've been oversharing? That doesn't mean you should go cold turkey, but it does mean that you need to tone down on posting stuff about yourself or people close to you. Ask questions: Why am I posting this? If I were the bad guy, what would they get out of this post? Should I really be posting this picture of my bank card?
(9) I will familiarize myself with the latest cybersecurity threats and scams. A long time ago, I overheard someone jokingly say that they don't watch the news anymore because they're allergic to bad news. When it comes to news about cybersecurity, we mostly hear or read about the bad stuff. But trust me, no matter how stressful the news can be—take Meltdown and Spectre catching everyone by surprise, for example—the more you know, the more you're able to protect yourself against new threats. (That said, have you already applied the patches you need for Meltdown and Spectre? If not, this write-up by our very own Jérôme Boursier describes and links to the patches available for various hardware, OS, and software systems.)
(10) I will talk to my friends and family about cybersecurity and privacy. It may be a bit awkward at first, or you may be met with glazed over eyes, but you know this is important. These days, politics might dominate the conversation around cybersecurity, but it doesn't have to be that way. Start off by commenting on a news report about an Internet scam or what some reporters might still call "a new computer virus." Share any helpful tips you know for protecting against these threats, including any of the resolutions listed above or which cybersecurity program you use that blocks them. Work with what you know. Ask questions, and share your thoughts. They might learn a thing or two from you.
Act nowMaking resolutions is one thing. Acting on them is another. In reality, we don’t need to wait for every first day of the year to clean up our computing habits. Resolve to make the small changes now. Whether 2018 may be the year you start building on safe computing habits, reinforcing the good ones you already practice and ditching the old, or not, who knows. Act now and see where it take you.
Have you come up with cybersecurity resolutions of your own? Share them with us in the comments below!