Cyber scams and attacks are increasing in frequency and severity. People of all demographics and groups are the targets of cyber attacks. I noticed the “defensive-gun” community rarely addresses this topic. So, with a background in Cyber Security, I thought I would take the next few weeks and months to write a few articles outlining the different types and ways we can mitigate our risk.
First and foremost, understand that no system is ever 100% secure. As soon as we address one vulnerability, we discover another.
How do we open ourselves to a cyber attack —
A few of the most common ways I see people open themselves up to a cyber attack are:
- poor (or non-existent) patch management
- poor digital hygiene
- careless use of social media
I've written these articles with the novice-intermediate user in mind. If you're already a tech expert, I won't present much that you don't already know.
Cyber security basics —
With that out of the way, let's start with the basics, work our way through that, and address more complex concepts at the end. The goal is that after reading this, you'll be safer online and in the real world.
Protecting information —
Although bad actors use more advanced TTP (tools, techniques, procedures), many still rely on old-school methods like dumpster diving to get sensitive data or PII (personally identifiable information). Many companies use professional companies for record destruction services to protect themselves and their data on this front.
However, there are still a good number that just throw spreadsheets, database records, and other sensitive material in an unsecured dumpster. Of course, this is far from what we'd call a “best practice” but it's difficult to enforce data security compliance.
Fundamentals for destroying data —
Users and enterprises can benefit from shredding sensitive documents before discarding them. This seems obvious, but many people aren't always aware of what to shred. Old financial records that you no longer need are an obvious one, but lots of people discard things like prescription and health records without shredding them. If discovered, these records can give bad actors an opportunity to get their foot in the door.
The best practice is to shred anything containing sensitive information or PII. When in doubt, shred it! Shredders are inexpensive and can help protect you on this front. If you don't have one, get one. Here are some features to look for when choosing a shredder.
Choosing a shredder —
Consider buying one that uses crosscut shredding as opposed to straight shred/strip shred. Shredders that simply cut the paper into straight strips are faster, but it is possible to reconstruct the shredded documents. A crosscut document is nearly impossible to put back together, and therefore I recommend this style.
Some shredders also can shred credit cards. You certainly can use scissors to cut up a credit card, but that method doesn't destroy the card quite like a shredder can. You may also consider shredding expired identifications and other cards that contain any PII.
Consider the volume of paper you will shred regularly. The average household probably doesn't need a shredder with massive capacity. However, if you have a small business or deal with a lot of sensitive documents, you may want one that shreds more papers at once and can go longer between emptying.
It is also good to ensure the shredder has a reverse function for safety reasons.
Shredders are great, but remember, they only work if you use them.