Cyber Tip: Defense in Depth for the Everyday User
National Cyber Security Awareness Month
To protect systems and data in the corporate world, computer network defenders use the “Defense in Depth” principle, which focuses on implementing several layers of security to guard against cyber threats or, in the unfortunate case of a cyber compromise, to quickly detect and mitigate its effects. Fortunately, home users can apply some of the same methods to protect their own personal data.
For one, protect your mobile devices from cyber intruders in public places. If you login to a WiFi hotspot at your favorite coffee house, airport, or hotel, remember that not all hotspots have strong security protections. In many cases, it’s easy for the person sitting next to you, in the vehicle outside, or on the other side of the building to “sniff” traffic as it passes through the network and collect the content of your communications and your login information to sensitive sites. Avoid logging into sensitive accounts (such banking, social media, and e-mail), but if you have to, use a well-known personal virtual private network (VPN) service provider. A VPN encrypts your data and adds a layer of security to your communications, which makes it much more difficult for cyber snoops to steal.
Another technique is the out-of-band backup—which is backing up your data to a cloud environment or storing hard copies of your data at a different physical location. Many people back up their information to external hard drives connected to their computers on their home networks, But given recent trends in ransomware—a type of malware that infects computers and restricts users’ access to their files or threatens the destruction of their information unless a ransom is paid—cyber criminals can encrypt both your computer and any devices attached to it. Storing your backup out-of band is also useful in protecting data from natural disasters (fire, flood, etc.) that can destroy your physical devices.
Here are some other ways to defend your computer systems:
- Ensure your operating system and software are up to date with the latest patches and versions and enable your firewall.
- Install protective software (i.e., antivirus, antispyware), and run scans on a periodic basis.
- Disable hidden file extensions (i.e., uncheck “hide extensions for known file types”) to ensure the file is what it purports to be.
- Ignore unsolicited e-mails and be wary of attachments, links, and forms in e-mails that come from people you don’t know, which can contain malicious files or links.
- Change the default administrator name and password on your wireless router, as well as the default SSID (service set identifier).
- Use the built-in cover or tape over your webcam when not in use.
- Disable guest accounts on your computer.
- Use strong passwords for each computer account and disable automatic login.
- Don’t read e-mail or browse the Internet using an administrator account.
- Don’t leave your computer on 24/7—turn it off when you’re not using it.
- Wipe your hard drive with disk wiping/cleaning software before you sell or recycle your old computer.
There is no one method or tool that will completely protect you from various cyber threats, but by using sound practices and implementing good security protections, you can raise the bar against the adversary and better protect your important data.