We recognize the continuing and rapid digitization of information around us today. Regardless of who is responsible for data security, the common belief is that it is only a matter of “when” not “if” our information will be stolen.Given this expectation, we must do all we can to minimize the risk to ourselves and others. Often this is done through the choices we make daily. But it also takes having the right security protocols in place, and making sure our staff and volunteers have the proper training to help prevent cyberattacks.
AwarenessAwareness of how and what we are interacting with through email, websites, and text messages is crucial to protect ourselves. These represent some of the most common methods hackers use to infiltrate our system. Some specific steps you should take include:
- When receiving an email, always verify the sender. You can do this in several ways. Start by hovering over the sender’s name and confirming the sender’s email address. If it looks different than you would expect, it may not be from who it says it’s from. Check the body of the email to see if the wording sounds like the person who sent the email. If something still does not feel right, reach out to the sender through another method and confirm they sent the message.
- Beware of using links within an email or on a website. Just because a link says adventistrisk.org doesn’t mean it’s sending you to our website. Hover over the link to see the URL the link is redirecting you to and verify that it makes sense.
- Hypertext Transfer Protocol (HTTP) is the “language” used by websites. Any site that contains sensitive data should be protected by Hypertext Transfer Protocol Secure (HTTPS). You can confirm if a site is encrypted by looking for HTTPS in the URL or web address.
- Don’t overshare. Often, bad actors will use the information you post about yourself or others on social media sites to develop profiles about you using that information. This information is then used to target you to make the emails or text messages appear legitimate. Where possible, set social media accounts to private to help reduce risk.
CredentialsThe average person has access to hundreds of online accounts, both for work and personal business. Remember that your username and password credentials are your first line of defense to protect critical personal data. Here are some things to remember:
- Never use the same credentials on more than one system. If that system is hacked, the bad actors take those stolen credentials. Then they try using them across hundreds of commonly used sites hoping that you will have used them again elsewhere. If you did, they now have access to multiple systems instead of just one.
- Always use complex passwords of at least 10 characters or more. Complex means your password will contain at least one upper case letter, at least one lower case letter, at least one number, and at least one special character.
- Most online systems now offer two-factor authentication to protect your account. Choose this option whenever it is provided to you. By using two-factor authentication, you make it even harder for bad actors to access your data. Two-factor means that you must use more than just a username and a password to access the site. This could include needing to know a one-time passcode, acknowledging a notification sent to your phone or email, or other similar method.
Secure your connectionsBe sure to secure your connections, whether on a known network like home or work or while roaming.
- Protect your computer with a password, and be sure to lock your device if you step away from it, even at home. It only takes a minute for someone to access your computer if it is not locked.
- Use a modern firewall device to protect the connection between the internet and your network at home or work.
- When possible, do not use a public WiFi connection. These public connections are typically not secure and are easily taken over by bad actors who can steal your information as you use your device.
- If you must use public WiFi, at least use a Virtual Private Network (VPN) application. A VPN application will encrypt your data on your internet connection, making it difficult for bad actors to steal your information. There are a many VPNs available, but be sure to read the reviews and select a reputable one.
Use proper protection methodsThere is a comprehensive list of protection methods available today, depending on the systems you use. However, here are some of the most common universal ones.
- Use reputable antivirus software. Many modern antivirus software applications include protection for malware, ransomware, and protection against malicious websites.
- Consider an ad blocker for your browser. This will block ads that are commonly used to trick you into clicking on a link that can infect your computer.
- Configure your web browser to automatically clear the cache or do it manually regularly. Clearing the cache protects you from bad actors who may use your cache to gather your browsing habits and use the data against you.
- Use spam and email filters. A good email filtering system can help to catch phishing or infected emails before they get to you. This reduces the chances you may be tricked into clicking a bad link or accidentally responding to a fake email. Both of these actions can cause your computer to become infected or sharing information with the wrong person.
- With so many systems being used as part of our daily lives, select a reputable password manager to help you securely store your passwords. This will allow you to use a unique complex password for each account or system.
- Keep your operating system updated and patched. Even a Mac computer has vulnerabilities.
- Keep your applications patched and updated as well. Also, be sure to remove any applications you no longer use to avoid them exposing you to vulnerabilities.
- Whether or not children use your computers, be sure to use a DNS filter. DNS filtering allows you to block specific unwanted categories of web browsing and protects you from visiting websites with known infections.
Cybersecurity is a serious issue facing our churches, schools, and ministries around the globe. Adventist Risk Management, Inc. (ARM) is dedicating this year’s Safety Sabbath to help ministries be better protected against attacks. With your church’s registration to participate, you will receive free resources to help your church identify potential risks and what to do to mitigate them.
ARM has worked with leading experts in the cybersecurity field to develop the resources available for Safety Sabbath. Register today to help protect your ministry.
Image Credits: iStock/Marco_Piunti