Part II – Tips for Practicing Safe Cybersecurity at Home
Editor’s Note: Our last leadership blog post featured CIO Joe Drouin discussing how PulteGroup keeps pace with cybersecurity challenges, including the role of employee awareness. But PulteGroup employees don’t go offline when they leave the office, making us vulnerable in our personal lives to a growing number of cybersecurity threats. So we asked CISO Kevin Morrison to share his advice on best practices for staying safe online.
Many of us have had some aspect of our identity hijacked or stolen by unscrupulous individuals, whether a credit card, social security number, bank account or all these combined. You can’t turn on the news without hearing ominous warnings about a new cyber threat, making the need for good cybersecurity hygiene even more important in today’s always connected world. The risk often comes down to the individual – you and me – recognizing the threats and taking steps to protect against them. Fortunately, there are simple steps you can take to protect yourself and your assets – whether at work or home. Click on the following tips to find out more:
1. Practice Good Password Management
2. Two-Factor is Better Than One
3. Don’t Overshare on Social Media
4. Make Surfing Safer
5. Don’t Forget About Wireless
6. Keep Software Up-to-Date
7. Download Software from Reputable Website
Remember, the power is at your fingertips. Don’t underestimate your ability to safeguard information from
online threats. With a few simple steps, navigating and engaging online can be safer and more secure. Happy and safe computing!
Stay tuned for an upcoming announcement about the Information Security program’s new SharePoint site, which will include guidance and best practices, cyber awareness tips and alerts, policies, frequently asked questions, and more!
Practice Good Password Management How many of you have the same password for every online account, and haven’t changed it in 5 years? If a “bad guy” compromises one account, he now has your login information and can try that password on critical bank or brokerage accounts, or post messages on your behalf, doing serious harm and potentially even damaging your reputation.
As an example, in 2012, LinkedIn suffered a breach with an estimated 6.5 million compromised passwords. Fast forward four years and in 2016, it was disclosed that a hacker had access to an additional 117 million passwords (and their corresponding emails) and posted them to a Russian crime forum. In yet another example, in September 2016, the widely publicized breach of Yahoo! made the news, with an estimated 500 million user accounts stolen. If you reuse the same password across different websites, if one of those websites is breached then not only do you have to change the password there, but also on every other website where it’s being used. Dropbox.com suffered a similar breach in 2012, with the actual number of compromised accounts (68 million) not fully known until four years later. So for four years, if you were using Dropbox and had not changed your password during that time, any data you uploaded was available to the hackers. Moral of these stories: use a different, strong password for each online account.
Use of a password manager can make this very easy, as it will create and store strong, unique passwords for every account you log into, making your life simpler: you no longer have to remember passwords — just right click the account and they auto-populate when you sign in to an account. Password manager software is inexpensive (some versions are free) and easy to install on all on your electronic devices.
Two-Factor is Better Than One Use two-factor authentication; don’t rely on passwords only. This seemingly creates a bigger hassle of having to take the time to complete that second factor authentication, but it adds an extra layer of security to your accounts, and it’s available for most web portals. When you sign up for an account and are asked “do you want us to send a second code to your mobile device?”, you should answer ‘’yes.” Or go back into the settings of your current accounts if not enabled and do so.
Don’t Overshare on Social Media When you’re on social media sites, do you answer those intriguing surveys like “who was your favorite musician or band growing up”? When you answer those questions, your information can be compromised based on the answers you provide. The goal of these surveys is often for attackers to build a list of answers that you may use for an online account’s challenge/response questions, including for online banking. It’s just another example of how hackers can use social engineering to gain access into your accounts.
Make Surfing Safer If you’re a Windows user, you can keep your computer more secure by creating a local user account that does not have administrator privileges and then surfing online with that account. Websites can install software in the background (without your authorization) — including a malicious program — based on the rights you have when visiting the website; they can typically do a lot more damage with an administrator account than with a standard account. These malicious programs include those known as “malvertising” (I promise I don’t make these up), which is when a paid advertisement has malware – including ransomware – hiding in its code that can infect your computer simply by visiting the website, as has happened at numerous trusted websites. Using a standard/non-admin account as your primary account for all online activity will help, and only use the administrator account when you need to perform tasks that require those permissions. It’s easy to create a standard account (just google the instructions).
Don’t Forget About Wireless Most people have wireless networks at home. If you do nothing else, change the default password that comes with your wireless router, and keep up to date with your router’s firmware/software updates. Typically, you can have automatic update notifications sent from the vendor, so sign-up for them when you first set up your router or even afterward. In an ascending level of paranoia (a healthy dose is never bad!), you can also:
- Hide the name of the wireless network (SSID) from broadcasting to your surrounding neighborhood (you’ll still be able to connect by manually entering in the SSID and the corresponding password).
- Use advanced settings like MAC address restrictions (creates a list of authorized devices that may connect to your wireless network)
- Reduce the number of IP addresses that can be issued for connections to the wireless router (who really needs over 250 IP addresses by default on their home network?).
Configured together, these settings can let you sleep well at night knowing your wireless network is protected.
Keep Software Up-to-Date Patch all your applications regularly. While Windows software – as well as many other programs – usually updates automatically, some third-party apps don’t update regularly and can become a security risk. Be sure that all apps that can be are set to automatically update themselves, and regularly patch and/or upgrade those that don’t.
Download Software from Reputable Websites Finally, when you need to install software, don’t necessarily click the first link that comes up from your search results. This includes from websites, as well as your mobile device’s app store (or outside of the store). With Android devices, the problem is even worse. A 2015 study showed that over 440,000 new malware strains emerged onto the Android scene in that year’s first quarter, and it’s only gotten worse, so use additional caution on Android devices.