Updated: Apr 15, 2019
We all have received that inbox message on Facebook from a friend saying that they "seen us in a video" that we know nothing about! Or received an email from an unknown email address thanking you for attending an event you know you didn't attend or had any knowledge of! The first thing we want to do as end users (an end user is defined as "the ultimate consumer of a finished product" (https://www.merriam-webster.com/dictionary/end%20user)) is to blame Facebook and Google for not improving their security measures therefore allowing security threats.
But let me ask you this question, are they really the only ones responsible? If you are an end user that creates accounts through these different applications or a network administrator that's in charge of maintain the security of what come in or goes out a system(s), you play a major part in cyber security. According to U.S. Department of Homeland Security (https://www.us-cert.gov/ncas/tips/ST04-003) here are some good security habits for everyone to use:
· Improve password security. Passwords continue to be one of the most vulnerable cyber defenses.
· Create a strong password. Use a strong password that is unique for each device or account. Longer passwords are more secure. An option to help you create a long password is using a passphrase—four or more random words grouped together and used as a password. To create strong passwords, the National Institute of Standards and Technology (NIST) suggests using simple, long, and memorable passwords or passphrases. (See Choosing and Protecting Passwords.)
· Consider using a password manager. Password manager applications manage different accounts and passwords while having added benefits, including identifying weak or repeated passwords. There are many different options, so start by looking for an application that has a large install base (e.g., 1 million plus) and an overall positive review. Properly using one of these password managers may help improve your overall password security.
· Use two-factor authentication, if available. Two-factor authentication is a more secure method of authorizing access. It requires two out of the following three types of credentials: something you know (e.g., a password or PIN), something you have (e.g., a token or ID card), and something you are (e.g., a biometric fingerprint). Because one of the two required credentials requires physical presence, this step makes it more difficult for a threat actor to compromise your device.
· Use security questions properly. For accounts that ask you to set up one or more password reset questions, use private information about yourself that only you would know. Answers that can be found on your social media or facts everyone knows about you can make it easier for someone to guess your password.
· Create unique accounts for each user per device. Set up individual accounts that allow only the access and permissions needed by each user. When you need to grant daily use accounts administrative permissions, do so only temporarily. This precaution reduces the impact of poor choices, such as clicking on phishing emails or visiting malicious websites.
· Choose secure networks. Use internet connections you trust, such as your home service or Long-Term Evolution connection through your wireless carrier. Public networks are not very secure, which makes it easy for others to intercept your data. If you choose to connect to open networks, consider using antivirus and firewall software on your device. Another way you can help secure your mobile data is by using a Virtual Private Network service, which allows you to connect to the internet securely by keeping your exchanges private while you use Wi-Fi. When setting up your home wireless network, use WPA2 encryption. All other wireless encryption methods are outdated and more vulnerable to exploitation. In early 2018, the Wi-Fi Alliance announced WPA3 as a replacement to the longstanding WPA2 wireless encryption standard. As WPA3-certified devices become available, users should employ the new standard. (See Securing Wireless Networks.)
· Keep all of your personal electronic device software current. Manufacturers issue updates as they discover vulnerabilities in their products. Automatic updates make this easier for many devices—including computers, phones, tablets, and other smart devices—but you may need to manually update other devices. Only apply updates from manufacturer websites and built-in application stores—third-party sites and applications are unreliable and can result in an infected device. When shopping for new connected devices, consider the brand’s consistency in providing regular support updates.
· Be suspicious of unexpected emails. Phishing emails are currently one of the most prevalent risks to the average user. The goal of a phishing email is to gain information about you, steal money from you, or install malware on your device. Be suspicious of all unexpected emails. (See Avoiding Social Engineering and Phishing Attacks.)
So, at the end of the day, it is everyone’s responsibility to maintain cyber security.