It’s October and Cyber Awareness month, when vendors are promoting their products and sending endless emails explaining how to be cyber aware flooding your way. Fear not dear reader, I will help you with some free friendly advice on how to keep yourself protected and how to implement basic security for yourself so that you will not be an easy target for the cybercriminals this Cyber Awareness month.
My advices focuses on humans rather than technology and I prefer to teach people how to think about cyber threats as well as teach them to protect against them.
Phishing is a common term for email attacks, where an attacker sends out emails to either click on a web address or part with personal details or even money (Nigerian Prince). Phishing is sometimes hard to detect as it can replicate a company, for example, PayPal which will alert you that someone has hacked your account, with a link to a website that the attackers have made to look exactly like the PayPal login, so when you enter your details the attacker will receive all the details, from there the attack really starts.
I can understand that for the average person these emails can seem so convincing so a tip is not to click on links inside the email and to type the web address in a web browser instead or don’t part with any personal details as you will not know who's behind the emails, Look out for any spelling or grammar errors as a lot of phishing emails or fake websites have a lot of spelling mistakes.
Vishing is similar to phishing but instead of email it happens over the phone, where an attacker will take advantage of human weakness and the kind nature of most of us, using various psychology techniques. An example of this could be that a female caller will call PayPal to try and change a password over the phone, at the same time of the call the female attacker will play a clip of a crying baby in the background to simulate a sense of urgency and empathy to distract the worker into trying to think about a possible attack, and more empathetic towards the attacker, in there good nature want to help them out naturally.
Next time you get a phone call think of the worst, think that is this an attacker calling me to get information, no matter who calls never give out information over the phone or change users credentials or any sensitive information.
Common passwords are always a weak point in security, most people use passwords that are their interests, family members or pet names...etc which can easily be guessable by gathering open-source information about yourself over the internet or friends of yours that display your information about yourself too or work colleagues etc…Using common words that can be cracked well under a minute using word lists and automation tools.
Enable 2-factor authentication where possible, download from your app store an authenticator which you can use alongside the 2-factor authentication, there are various products from google, Microsoft and the rest, pick one that you would sway more too and use it in your everyday life.
Creating complex passwords to stop attackers from trying to guess your password, there are applications like 1password and LastPass that will generate a complex password and store them in a vault.
Social Engineering attacks can stem from almost everything ranging from vishing to personal interaction, and again takes advantage of our kind and helpful nature all the way to intimidation. There will be attackers posing as employees or third-party contractors trying to infiltrate the building you are working in to try and gain access and hack the internal network. Attackers come in all shapes and sizes posing as if they belong there if you see anything out of the ordinary ask for an ID or let security know about someone wandering around the corridors of your workplace.
Mobile devices are prominent around the workplace and play a big role in our daily lives which brings an even bigger risk of our security which has been a big problem securing mobile devices in the workplace. There are practises that can help reduce security risks and keep mobile devices safer.
- Screen Locks
Having a complex screen lock or password to keep your device safe from attackers when not in use
Using biometrics like fingerprints or facial recognition, newer smartphones are a lot better now with biometrics
Keeping your device's firmware updated as well as the applications from any vulnerabilities that have been found
- Legit App Stores
Using legit app stores to download applications as all applications have been verified, as applications from an unknown source will probably have malware inside the application which can be used to steal your private data.
- Security Apps
Using security apps like an Antivirus to protect your files from any malware or malicious content.
- Protection Apps
Protection apps like authentication apps or a password manager to protect your passwords
- Screen Time
When using a mobile device, never leave the screen unattended for someone to view, put it on to the lock screen when possible to protect from prying eyes
- Wi-Fi Networks
Protect yourself when going on free Wi-Fi networks with your device as most the times it will be the bad guys trying to infiltrate data and compromise your device
Following the above tips will help create a safer environment and keep them, bad guys, away. These are basic steps towards securing your self and others around you. Think about where your clicking in emails, SMS, websites, keep your desk area clean and any passwords written down on sticky notes should be removed, be vigilant on any strangers wandering around your office, or phone calls out the ordinary asking for information.
Due to GDPR, protecting your company's data is imperative and keeping safe online is important for yourself and your company. There is so much a company can do to lock down there network, but if human error is in play it can be catastrophic for the company.