Personal Cyber Hygiene

by Kate Dinnison

The Office for National Statistics estimates that there were 2.46 million cyber incidents and 2.11 million victims of cyber crime in the UK in 2015. There are simple ways to improve the security of your personal data and that of your business, from the mouth of industry and government experts.

Ben Buchanan, author of the Cybersecurity Dilemma and Fellow at Harvard University’s Belfer Center Cybersecurity Project told the War on the Rocks Podcast his tips for improving personal cybersecurity.

1. Two Factor Authentication – a notification you receive when you log into your account from an unfamiliar device. He says, “John Podesta will spend the rest of his life wishing he had it.” Google already offers it on Gmail, but there are apps such as Duo and Entrust Identity Guard.
2. Password managers like KeePass, Dashlane, 1password help you create unique, secure passwords for every website you visit on an easy, encrypted platform.
3. Don’t open unfamiliar attachments, he lastly suggests, to . He says that even the most sophisticated, high-end attacks often begin with a dangerous email attachment. In our ever-connected world, “It’s an irony of international politics that one of the most powerful tools of statecraft is being able to write a message someone else opens,” he said.

Ciaran Martin, GCHQ’s director general of Cybersecurity told WIRED his top tips.

1. Accept the inevitable – “You need a playbook ready for how you will react when an incident occurs,” says Martin. “You may not be able to hold off a breach but, by having procedures in place, you can quarantine them, isolate the damage and keep the organisation running.”
2. Guard your interior – “Perimeter defence is just about rising the barrier for entry into your system so that you’re not an easy target,” Martin asserts. “You need both perimeter defence and active internal monitoring to look for spikes, or unusual patterns of activity.”
3. Collaborate – “There needs to be information sharing between companies who are normally competitors.” Martin contends. “The financial sector has made great strides because they face a measurable financial threat every day, so they’ve set aside commercial rivalries to pool their data.”
4. Keep things human – “System administrators are your key vulnerability,” Martin says. “If they’re compromised then systems like encryption offer no further protection.” Yet malicious insider activity is less of a threat than accidental breaches. Make the procedures for everyone simple and accessible to minimize this risk.

The National Cyber Security Center put together a comprehensive white paper outlining how to respond to and reduce the impact of common cyber attacks. Providing a simple lexicon for the types of actors and attacks involved makes their 10 Steps to Cyber Security an easy paper to understand vulnerabilities. The document states, “doing nothing is no longer an option; protect your organisation and your reputation by establishing some basic cyber defenses to ensure that your name is not added to the growing list of victims.”