Collecting good threat intelligence is important to stay ahead in today’s highly connected world, but companies and organizations aren’t the only targets out there. Individuals and households can better defend their networks and devices by taking stock of the threats that may come their way. To proactively block threats and improve detection, individuals should limit their attack surface, improve their network visibility, and understand what malicious activity might target them.
Here’s how you can do just that:
#1 Evaluate your attack surface -- where can threats originate?
Think about the devices you have in your household — phones, desktop computers, tablets, watches, voice assistants, even lights and refrigerators. Once you take note of these devices, you’ll have a better understanding of your home network and how it may be connected to the wider internet. In the settings of each device, ensure the firewall is active (if built-in), and that the device is connected only to a trusted gateway.
#2 Double check your applications.
Double check the permissions for each app to ensure they are limited and do not represent a risk of retrieving and storing personal and/or device information beyond what is reasonable. Some variables to consider include the reputation of the company, its user base, and its privacy and data policies. What data, for instance, does the application send back to the developer or third parties?
#3 Limit the distribution of your personal and business information.
Cyber criminals collect intelligence on their victims in advance, and they will often use publicly available information freely provided by the victims on social media accounts. An employee’s business accounts can be targeted through personal accounts and vice-versa. Ensure credentials are stored safely through trusted password managers. By limiting the distribution of important information and understanding our attack surface, we can prevent threat actors from accessing intelligence on us and our devices. Moreover, by being aware of the connections between our devices and the broader internet, we can better protect ourselves.
#4 Keep your home network free of intruders
Ensure your passwords are strong and secure. Check your wifi name for two weaknesses: names that reveal personal information or are determined by default. Be careful with whom you share your personal wifi password/access and enable the built-in firewall on your laptop or desktop computer. You may even consider installing antivirus software or a stronger firewall on your devices. If your internet access is provided by a third party, you may have to reach out to request information about how your wifi is configured.
#5 Keep unnecessary information out of the spotlight
Most of the time when we’re online, we submit personal information on websites secured by TLS (Transport Layer Security) 1.2. TLS is just one of the tools that keeps information encrypted so that outsiders can’t view what they aren’t privy to. We all like to be online, however, and we particularly enjoy sharing and scrolling on social media. Much of what we post on social media is public, so we should be careful not to post confidential information, whether personal or corporate. This type of information clearly includes passwords and financial information, but phone numbers, addresses, health information, and other similar data can be harmful if released. In some cases, even information such as your banking institution, personal contacts, or weekly routine can be used for spear-phishing or exploited against you in other ways.
Avoid participating in any “games” or posts asking you to list details about yourself. These details can range from your maiden name, pet name, and cousin to your birthday, place of birth, and other useful information that sounds innocent until pieced together.
#6 Keep your devices close
Be aware of your surroundings and make sure your devices are not in locations where someone could gain unauthorized access. This might include public areas where passersby could easily view your screen or where your device is left unattended. Be careful at transition points such as trains, airport security, planes, hotels, taxis, and buses, where you are more likely to forget or misplace an item. If you lose a corporate item while at home office, be sure to notify your company’s security or IT team so the device can be remotely secured.
#7 Mind your clicks!
If something seems suspicious, don’t click it, delete it, and, if it is severe enough or targets your very private data or even online banking account, or as a home office worker your corporate account, report it.
Remember: good cybersecurity starts with you! Take note of how to be vigilant every day — from anywhere you work or use your internet-connected devices. Finally, talk to your children about the risks of using social media without thinking twice. Not every posting is just fun but can lead to severe consequences