In case you missed it, some of our nation’s largest organizations were hacked, from the State Department to the National Nuclear Security Administration. While this hack might not have affected you or your company directly, there are still lessons we can all take away to make our digital work and personal activities more secure.
1. Always Listen to Trusted Security Warnings
The U.S. government was warned by a third-party that a hack like this could happen. Unfortunately, the threat wasn’t taken seriously, and resources were spent in other areas while bad actors made their move.
If a trusted source, such as your IT department or your bank, warns you about malicious activity, always listen and act accordingly. These warnings are likely not haphazard, and are designed to ensure your security as well as anyone else in the network that might be connected to you.
2. Always Review What’s In Your Software Updates
From phone updates to app updates, from computer updates to TV updates, our tech-driven lives are full of updates. While it can be overwhelming, it’s important to pay attention to what you’re actually updating to, instead of just accepting each and every update on a whim.
The hack is thought to be primarily sourced from malware attached to an otherwise innocuous SolarWinds-orion update. With that information in mind, SolarWinds developers, in addition to officials who use SolarWinds software, will no doubt be more cognizant of what exactly is contained with each SolarWinds update.
While the chances of you encountering a SolarWinds-level malware hack from a software update is quite rare, it’s a best-practice to carefully review your software updates before updating your apps or devices. You don’t want to give developers unnecessary permissions.
Do not take this to mean that you should shy away from updates, however. Many updates are pushed out solely to patch security vulnerabilities. This is especially true with both Windows and your mobile phones and tablets. When patches and updates are done and reboots recommended from a trusted source, such as MERIT Solutions, you should allow the reboot.
In a nutshell, pay close attention and look for things that are out of the ordinary cadence of activity.
3. Don’t Put Your Cybersecurity Eggs in One Basket
To the US government, there was no greater crisis for America’s cybersecurity than the 2020 election. The government had a point — 2016 was fraught with security interference from foreign nations, so 2020 was a likely target as well.
While they were right to focus much of their efforts on beefing up election security, they were wrong to turn a blind eye to other issues. That intense focus on only one security area is thought to have played a part in this hack’s success.
Take that as advice for your own digital life. Don’t focus so much on creating one unbreakable password, that you forget to use a different password for each account you have. Don’t put all your effort into avoiding fake emails while falling for phishing via text message. We must remember that cybersecurity has many facets, and that we must remain vigilant through all of them.
Cover image by Florian Olivo/Unsplash