It’s a wrap! – on week 2 of Cyber Security Awareness Month, that is! The past week has seen the Kalnara team look at a variety of topics as they related to the week’s theme of “Securing Devices at Home and Work”.
We continued our look at week 2 by talking about Physical Tokens. Physical tokens are used to log in to accounts and applications as part of Multi-Factor Authentication (more about that below). They provide an extra layer of assurance that the person trying to access an account really is who they say they are, because they physically possess something they were given. Physical tokens prevent hackers from simply using a stolen password to log in to your account.
One way to protect yourself and your devices is to use Multi-Factor Authentication (MFA). Also known as Two-Factor Authentication, MFA allows you to use at least two different ways to prove that you are who you say you are when you’re logging into a system or application, using at least two of the following:
- something you KNOW: password
- an item you HAVE: a physical token
- something you ARE: fingerprint
Why does MFA work? Chances are, any attacker trying to access your accounts will only have one of these factors. They may have stolen your password, but if they don’t have your physical token, they won’t be able to complete the attack. Enabling MFA on your cell phone, computer, and account logins is a sure-fire way to #BeCyberSmart, allowing you to feel peace of mind when it comes to keeping your personal information and accounts secure.
We then did a quick overview of Wi-Fi Passwords. If you’ve been to any restaurant or coffee shop over the past few years you’ll have noticed that many of them have their guest Wi-Fi password posted so their patrons can take advantage and not have to use data. Free data!? Sign me up!
Many businesses in office settings also have a guest Wi-Fi password, though you usually have to ask reception for it. The reason why they don’t post it? Companies could be held responsible for the actions of anyone connected to their Wi-Fi. If a guest connects to a business’ Wi-Fi and performs illegal activities while connected, it can come back to the company itself and they could be held responsible – even though they weren’t the ones who crossed the line.
A good practice for any business is to regularly change your Wi-Fi passwords – especially for guest Wi-Fi networks. Wherever possible, it’s also a good idea to keep the password hidden so that if anyone wants to connect, they have to ask for the password first. This keeps you in control and helps prevent abuse!
Phishing was the next topic on our list. While it’s pronounced exactly like ‘fishing’, it sure doesn’t mean that we’re talking about taking out our rod and reel to catch the big one!
When we at Kalnara talk about phishing, we’re talking about the various things that hackers do to get your personal information. This could mean usernames, passwords, or even banking details. Why do they want those specifics? It could be for any number of reasons. Maybe they want to log into your bank account and transfer whatever money you might have to themselves. Or perhaps they want to get the iPhone 12 Pro – using your credit card. In the case of businesses, if an attacker gains sensitive information, they could leak proprietary data to a company’s competitors or even hold data hostage.
The easiest way to avoid becoming a ‘phish’ is to not click on any suspicious links or email attachments, especially those that you aren’t expecting. Did you just get an email from that vendor you did business with two years ago. Did it ask you to open the invoice they attached? It’s likely it’s a phishing scam. Don’t open the attachment and be sure to report it to your IT department.
Week 3: Securing Internet-Connected Devices in Healthcare
And just like that…week 2 was over and we hopped right into Week 3 – “Securing Internet-Connected Devices in Healthcare”. This is a particularly important theme to delve into given the pandemic will continue shaping our medical system well after it is over. The medical landscape is adapting to the current state of the world. It’s important that you are aware of how your personal medical details will remain private in these troubling times.
Personal Medical Devices
Personal medical devices such as pacemakers or blood-glucose monitors are a good example of something that you need to keep secure. There are so many instances of data being held hostage for ransom – and it doesn’t just apply to computer data! Imagine if your device was infected and held for ransom. What would you do? An ounce of prevention can go a long way to ensuring your medical data remains secure. Make sure to check your device’s settings to safeguard your personal information!
A quick look at Wellness Apps reminded us yet again about the importance of being aware of what information you share with the applications you use. The rate at which technology is advancing is truly incredible. Did you know that Apple’s new smart watch can read your blood oxygen levels? Would you be comfortable sharing that bit of personal medical data with them? I’m sure I’m starting to sound like a broken record, but it is so very important to check your device and application settings to ensure that only the information you want out in public is all that is being shared!
Speaking of personal medical data – let’s talk about your Medical Records for a moment. Medical records are much like your DNA. They’re something that can’t (and shouldn’t) be altered. Protecting digital health records is critical to maintaining your privacy. While you can change your password, you can’t change the fact you broke your ankle skiing. A broken bone might not be sensitive, but there may well be other details about your past that you want to keep to yourself. If you are at all concerned about the security of your medical records, reach out to your healthcare provider to ensure your information is being properly protected.
Still to come…
We still have plenty of topics to cover in Week 3’s theme of “Securing Internet-Connect Devices in Healthcare”, including:
- Physical Security
- Legacy Systems
Follow along with us each and every day (weekends included!) on Instagram and Twitter to learn more on how to #BeCyberSmart!