Homeowners associations: There’s a special version of this post just for you! Cybersecurity for HOAs 101
How to Protect Yourself from Security Breaches
In last week’s post, we examined the security risks that landlords face: from common misconceptions that hurt your security, to the biggest threats that demand your attention in 2017.
This week, we’ll lay out a step-by-step plan to securing your daily life. Have a notebook and pen handy–you’ll want to take notes!
Improve Your Password Practices
Step 1: Create Stronger Passwords
- You may have heard the term “passphrase”–this is a lengthy password that may consist of a short, memorable sentence (including spaces) instead of a single word. (e.g. “i love chocolate cake”)
- You should also incorporate as many letters, numbers, and symbols as each site or app allows. (e.g. “1 l0v3 ch0c0l@73 c4k3!”)
- Don’t use any dictionary words or names unless they’re part of a lengthy passphrase; use a mix of capital and lowercase letters. (e.g. “1 L0v3 Ch0c0l@73 C4k3!”)
- Be sure that you’re not using one of these common passwords.
- Keep in mind that hackers are using password cracking software to run through thousands of possible passwords each second. You can check how long it would take a password cracker to guess your password here: How Secure is My Password?
- I also recommend reading this article: How I’d Hack Your Weak Passwords
Step 2: Don’t Reuse Passwords
This is a step that everyone knows, but few people heed–to their detriment. We know it’s tedious, but it’s also the single most important step you can take in protecting your data. As we discussed above, when hackers gain access to one of your passwords, they have software that allows them to test it across all of your accounts–potentially enabling them to gain access to all of your information in one fell swoop.
Step 3: Use Password Management Software
This is the key to using different passwords across all sites and apps. A good password manager (our security expert recommends 1Password) will help you to create incredibly secure passwords and store them for use across all of your accounts, along with usernames, account numbers, and other pertinent information. All of my important accounts now have extremely long, gibberish passwords that no human could remember–but now, I don’t have to!
Bolster Your Software Security
Step 1: Perform Software Updates ASAP
Update your software regularly across all devices that you own. It can be tempting to put off updates when you’re busy, but keep in mind that new software versions often patch holes in their security. By saying “remind me later,” you’re choosing to continue using a weaker version, creating vulnerabilities in your security. This applies across your laptop, phone, tablet, and even your router.
Step 2: Invest in an Anti-Virus Solution
There are free antivirus solutions like AVAST and AVG for home use; but if you’re ready to invest in a full security suite, our security expert suggests TrendMicro, BitDefender, Sophos, Symantec, and McAfee.
Lock Down Your Data
Step 1: Guard Sensitive Data
Restrict access to sensitive data (such as lease agreements, rental applications, and tax records) to as few people as possible.
Step 2: Don’t Hold on to Records
Don’t hold on to records any longer than you’re legally required to. This significantly minimizes what could be stolen in the event of a breach.
Step 3: Encrypt Digital Data
Encrypt all digital data, and never share files containing personally identifiable information via unencrypted email.
Step 4: Store Your Data Off-Site
Back up your data to the cloud in case your network is compromised–and be sure to protect it with a strong password.
Secure Your Networks
93% of the time, attackers take just minutes (or less) to compromise a system; and intruders are in your network for an average of 200 days before they’re noticed. This makes it critically important to follow these steps:
Step 1: Restrict Wireless Network Access
Don’t let guests access the Wi-Fi network where your important files are stored. If you have frequent visitors who need your Wi-Fi password, create a separate guest network.
Step 2: Choose WPA2
Only use WPA2 networks–never WEP, according to our security expert.
Step 3: Change Default Passwords
Change the default password on your router. This is a surprisingly common oversight, but it’s incredibly dangerous–you’re essentially letting anyone access your network who bothers to test it.
Step 4: Have an Emergency Plan
In the event of a breach, be prepared to shut down your network immediately to keep an intrusion from spreading.
Manage Mobile Devices
Will you use your personal smartphone, tablet, and laptop for work or acquire a second set of devices strictly for business use? Here are the considerations:
Pros of BYOD
Pros of BYOD: On one hand, using personal devices (an increasingly popular movement known as bring-your-own-device, or BYOD) can increase productivity by allowing you to bring work and communication tools with you everywhere you go. In addition, it saves you the expense of buying a second set of devices.
Cons of BYOD
On the other hand, allowing sensitive data to live alongside your personal files and apps is a significant risk. You’ll have to use your devices in a certain way, such as always using a six-digit passcode to unlock your phone.
Defend Your Email
Don’t get caught up in the common misconception that your inbox doesn’t contain anything sensitive. As we discussed in last week’s Cybersecurity 101 post, personally identifiable information (PII) like email addresses, full names, and billing addresses are extremely attractive to hackers! Here are the steps that you need to take to protect your messages from cybercriminals:
Step 1: Create Extra-Strong Passwords
According to our security expert, your email tends to be the center of all of your accounts–if it’s breached, the rest of your accounts are at risk. Use the password tips that we recommended in the previous section to the max.
Step 2: Recognize Phishing Scams
Learn how to recognize phishing scams:
- Never click on a link or open a file in an unsolicited email from an unknown sender.
- Be suspicious of emails that end in a foreign extension (e.g. “.co.uk”) rather than .com or .gov.
- Don’t open files that end in .exe, .bat, or .pif unless you’re expecting the file from someone that you know. Keep in mind that even files from people that you know could be viruses if their device has been compromised, so always check with them before opening unexpected files.
- Hover over any links before clicking on them to see where they will actually direct you.
- Be skeptical of links that don’t begin with “https,” which signifies that a site has been authenticated and is encrypted to protect your data.
- Be suspicious of odd grammatical mistakes, poor graphic quality, or offers that seem too good to be true.
- Don’t trust emails that say, “Your account will be suspended unless you log in now”–and don’t click on that link or enter any account information! Go directly to the company’s website instead.
- If you do open a suspicious link by accident, shut down the device immediately.
Bring in Experts
Hire IT & Security Contractors
They’ll review any existing measures that you have in place, make recommendations on how to improve your security, and make any necessary upgrades that you can’t take care of yourself. It’s important to admit where your expertise may fall short in defending yourself against security breaches. Investing in prevention efforts costs far less in the long-term than crossing your fingers and hoping for the best.
Our security expert recommends forming a co-op with other landlords or small businesses and jointly hiring a staff of experts to attend to your issues.
Fight Breach Fatigue
We’ve all been inundated with headlines about cyberattacks in recent years; and it’s simultaneously made us paranoid and complacent about our own security. There’s a phenomenon known as “breach fatigue” that describes the way that our reactions to data breaches shift over time, gradually devolving from outright panic to apathy. We all have to consciously fight this instinct–because, as Consumer Affairs reminds us:
“Such an attitude only benefits the hackers. It’s one thing to deal with breach fatigue by deciding ‘To heck with these hackable credit cards, I’ll just use cash,’ but another matter entirely to deal with it by deciding ‘I’ll continue using credit cards, but I can’t be bothered to check whether they’ve been breached or not.’ Various forms of ‘can’t be bothered’ fatigue is exactly what certain types of scammers count on to make their dishonest profits. […] Yes, you’re tired of all those reminders to inspect your credit card statements and look for fraudulent charges and change your account numbers and passwords every time a hacker might’ve seen the old ones. But hackers and scammers want you to feel this way. Their intention is to spy on or steal from you, and if you give in to breach fatigue, you’ll only make it easier for them to succeed.”
Robin Burinskiy is the Senior Content Writer and Managing Editor for the All Property Management Blog and Buildium Blog. She cut her teeth as a marketing copywriter at Wayfair and TechTarget, and she spends her free time perfecting her lifestyle blog, Feather & Flint. She holds degrees in psychology, sociology, and songwriting.