October 31, 2019

Online security is an ongoing process

Online security is an ongoing process

This is the 31st and last post in my Cyber Security Awareness Month blog series. I will do a short recap of what I covered in this series, but I also want to emphasize that online security is not a one-time action. Threats change over time and so must your defenses.

Attackers will look for holes in your defense. When you followed me along this 31 day journey you hopefully have improved your online security. Most of the best practices you learned will be valid for some time. Online crimes like phishing, ransomware and scams will not disappear anytime soon and within 5 or 10 years we'll still be using passwords.

But don't think all the work is done now, security is an ongoing process.

Build a strong security foundation

Throughout this series I have showed how you can reduce security risks. I deliberately started with a post about data backups. No matter how strong your security measures are you can always end up in a situation where backups are you last resort. Make sure you have working backups.

We've also seen that there's no such thing like 100% secure or unhackable. Security is about reducing the likelihood of being hacked or getting your data stolen or compromised. That's why it's so important to combine different layers of security.

This applies for instance for your user accounts. Make sure you use strong passwords, but don't rely on passwords only, enable two-factor authentication (2FA) whenever possible. And do this in such a way that you don't lose access to your accounts. Also manage the third party apps that have access to your online accounts.

When a password falls into the wrong hands, for instance after a phishing attack, 2FA is the additional layer of protection that can safe your from a lot of trouble.

Throughout the series we have seen more examples of layered security. For instance to prevent ransomware attacks or secure IoT devices in the best possible way.

I've written about different online scams, for instance tech support scams, sextortion, social media scams and online shopping fraud. Like ransomware and phishing they have all in common that they use deception techniques.

Another recurring theme in the different blogs is the importance of keeping your software up to date, and how this should even influence which mobile device you buy.

Limiting the software on your devices and your online accounts to a strict minimum is another security best practice, which is often overlooked.

Oversharing is another major security and privacy risk that a lot of people are not aware of. You should be careful what you share online.

If you understand these security principles and follow the security tips I gave in the blogs you have already built a solid foundation and you're becoming a much less likely target for attackers.

Keep your security at a high level

Keep in mind though that security measures that are good enough today might not be anymore in the future.

A good example of this is SMS based 2FA. Five years ago it was still considered secure enough, but nowadays we see more and more succesful attacks against this 2FA implementation.

To give you an idea what you can do to keep your security at a hight level, I've listed here a few important things you should keep in mind:

  • When you learn that an account is hacked you should change your password immediately.
  • Regularly check the security settings of your online accounts. If 2FA becomes available for a particular account, enable it. Or upgrade when a better implementation of 2FA than the one that you have configured becomes available*. Another example is when a website adds recovery codes to their 2FA implementation. Generate them and save them somewhere securely.
  • Install the latest updates and make sure your devices and software don't run out of support.
  • Regularly test if your backups are working.
  • Evaluate if the antivirus solution that you use is still a decent choice. Sites like this one can help you with this.
  • Evaluate the software you're using and your online accounts. Delete what you no longer need.

*For example, earlier this year PayPal finally introduced 2FA with authenticator app. I configured it straight away and disabled SMS based 2FA.

Thank you!

This post concludes the series. 31 blogs written, challenge completed!

Hopefully I also accomplished my mission of helping non tech users to improve their online security. I'm very pleased with the positive reactions I got, which made it all worth the effort. Sometimes it was not easy to keep the daily blogs coming, but in general it went reasonably well. It was good fun, and I learned a lot from this adventure. I'm not only talking about the knowledge I gained, but it certainly helped me to improve explaining security related concepts in a simple way.

I'll take some rest now, but I'll continue writing security blogs in the future. The easiest way to stay informed is by checking out my website regularly or following me on Twitter.

Thank your for reading and sharing my blogs and stay safe online!