Article Read Time
He didn’t think he was taking about Cyber Security, but he gave me a good idea for cyber security. A hardware store owner in Danville told me last week that he spends one Saturday every April cleaning out his shop, tossing the stuff that piled up over winter, fixing the door latch he kept meaning to get to, and changing the batteries in the smoke detectors. He does it because small problems left alone become expensive ones. I told him his cyber security deserves the same treatment.
Spring is a good time to take stock. The threats have not slowed down. Phishing emails, which are fake messages designed to trick you into giving up passwords or clicking dangerous links, are sharper than they were a year ago. Ransomware, the kind of attack that locks your files until you pay, has hit Kentucky local governments from Jefferson County to Bardstown to Shelbyville in just the past two years. But most of the damage I have seen in my career started with something small that someone meant to fix and never did. A password that was too old. A backup that was never tested. An update that got postponed one too many times.
Here are 10 things you can do this spring, most of them in under an hour, to tighten up your digital life. None of them cost much. All of them work.
1. Change Your Passwords, Starting with Email
If your email password is the same one you set two years ago, change it today. Email is the front door to everything else, because password resets for your bank, your payroll system, and your social media all go through it. Pick a passphrase, which is a short sentence that is easy for you to remember and hard for a machine to guess. “BlueGrass-Fence-2019” is better than “P@ssw0rd1.”
2. Turn On Multifactor Authentication
Multifactor authentication, sometimes called MFA or two-step verification, means a second login step beyond your password. Usually, it is a code sent to your phone. Turn it on for email, banking, and any account that touches sensitive data. A stolen password alone should never be enough to get in.
3. Update Your Devices
That update notification you have been swiping away? It matters. Software updates close security holes that criminals are already using. Update your phone, laptop, tablet, and router. Set them to update automatically if you can.
4. Review Who Has Cyber Security Access
In any small office or organization, people come and go. Former employees, old vendors, and last year’s intern. Check who still has login credentials to your systems, email, shared drives, and social media accounts. Remove anyone who should not be there. This takes 20 minutes and prevents a real category of breach.
5. Back Up Your Files (and Test the Backup)
Backing up your important files is only half the job. The other half is making sure the backup actually works. Copy your critical data to an external drive or a cloud service that is not connected to your main network. Then try restoring a file from it. If you cannot bring a file back, you do not have a backup. You have a hope.
6. Clean Out Your Email
Old emails are a gold mine for anyone who gets into your account. Delete messages that contain passwords, tax documents, bank statements, or personal information you no longer need sitting in your inbox. Empty your trash and spam folders while you are at it. What is gone cannot be stolen.
7. Check Your Wi-Fi Settings
Change your office or home wi-fi password if it has been the same for more than a year. Make sure your router uses WPA3 or at least WPA2 encryption, which scrambles data on your network so outsiders cannot read it. If your router is more than five years old, it may be time to replace it. Older routers often stop receiving security updates.
8. Look at What Apps You Have Installed
Scroll through your phone and your computer. Delete apps and programs you no longer use. Every unused app is a door you forgot to lock. Old apps that no longer receive updates from their developers are especially risky because known security holes stay open forever.
9. Run a Spring Cyber Security Phishing Drill
Ask a colleague or a family member to send you a fake phishing email and see if you catch it. Better yet, if you run an office, send a test phishing email to your staff and use the results as a conversation starter, not a punishment. The goal is to build the habit of pausing before clicking. CISA, the federal Cybersecurity and Infrastructure Security Agency, offers free phishing exercise tools for small organizations at cisa.gov.
10. Have a Plan for the Bad Cyber Security Day
If your systems went down tomorrow, who would you call? What would you do first? Write a one-page incident response plan. Include the name and phone number of someone who can help, the location of your backups, and the steps to notify anyone whose data you hold. Tape it to the wall. A plan you can see is a plan you can follow.
The Upshot in Cyber Security Spring Cleaning
None of these steps requires a consultant or a big budget. They require attention, the same kind you give your shop when winter breaks and the light comes back in. The threats are real, but they are not magic. They succeed most often where small things go unattended.
If you get through this list and want a second set of eyes on your setup, Commonwealth Sentinel is here. We help local governments, small businesses, and nonprofits across the Commonwealth build the kind of habits that keep people and data safe. Not with scare tactics, not with a sales pitch. With plain advice and honest conversation.
Contact us or call us at 502-234-5554. That first conversation costs nothing, and it might be the most useful hour you spend this month.
At Commonwealth Sentinel, we stay focused on cyber security so you can focus on other things!