Cyber Self-Defense

Cyber Self Defense - Two Factor Authentication

Cyber Self-Defense

Myths

  • Real hackers would not be targeting me
  • Cyber security should be left to the professionals
  • Antivirus software is sufficient
  • “Hacking into a computer” is very difficult

Facts

  • Risks associated with computing on the internet are on the rise
  • U.S. national vulnerability database logged almost 7,000 known vulnerabilities for the first 10 months in 2014
  • There are roughly 20 newly discovered security vulnerabilities per day, which is almost 2,000 more than all of 2013
  • Secure processes (processes which make it harder for attackers) also add complexity for you

Threats

Cyber-criminals (aka hackers) are persons who seek and exploit weaknesses in computers or networks. They may be motivated by a multitude of reasons, such as profit, protest, challenge or enjoyment. The following are common cyber-attack methods.

Phishing email attacks consist of emails crafted to look like legitimate vendor communications. Most of the time their malicious content is transmitted by opening the attachment or clicking on an embedded link. The attacker is targeting vulnerabilities in your computing device that will give them control. It is recommended that you call the company to verify any information they may be requesting instead of responding to the email, or type in the web address into your browser instead of clicking on the embedded link. You can tell if a web page is secure if the URL starts with “https” as opposed to “http”.

Password attacks entail the use of automated password guessing. Hackers may run common password dictionaries, common “complexity” schemes (such as p@ssw0rd!), or customized dictionaries which take into account any personal information hackers can gather. Review password best practices below.

Software bugs are programmatic or logical errors that cause the software to malfunction. Software vulnerabilities can occur when software bug malfunction can be utilized to control and modify

Defense

Apply the following tactics to build a reasonable defensive stance against cyber-attacks:

Antivirus software (AV) is a suite of tools that run on your computer to prevent viruses and malware from doing damage to your computer and its data. It’s best to verify that your AV software is installed, running, and up-to-date. Don’t allow your subscription to lapse and don’t disable it because it might slows things down. Click here for a list of the top-rated antivirus software providers.

A firewall is either a device or software that manages how your computer can interact with the internet, providing a mechanism to allow and block internet traffic both leaving and entering your computer. It’s best to verify that the firewall (a part of your computer’s operating system) is enabled. You may want to learn how to add exception to the firewall rules as opposed to disabling the firewall if a known program fails because the firewall blocked the traffic. Click here for information on how to manage firewalls on a Windows Computer, or click here for Mac OS X. Never connect to public networks (WiFi) without the protection of a firewall. Ask your phone manufacturer for recommendations on firewall software.

System & software updates are important because the updates typically fix and strengthen installed programs based known cyber-attacks. Updates are frequently available on operating systems (Windows update, OS X app store updates, iPhone and android updates). Ask your software vendors (antivirus, web browsers, email, Microsoft Office) how to set up “automatic updates”.

Pass-phrases refers to passwords that are more strategic. Because these passwords are harder to remember, it helps to use a password vault.

Password Best Practices

  • Make it as long as you can
  • Make it complex. It should consist of numbers, letters (both upper and lower case) and special characters (@#$%^….)
  • Don’t use a word, name, date or number which can be easily associated with you
  • Each password should only be used in one place; especially where sensitive data is stored (email, banking, investments, etc.)
  • Change you passwords every 3-6 months or anytime there might have been a breach
  • Never share your passwords with anyone
  • If password is written down for safe keeping, it should be locked away (safe, security box, etc.)

Formula for Generating a Pass-Phrase

  • Pick two or three random nouns: stone, book, and coffee
  • Capitalize at least one random letter in each word or add a number: stOne, bOOk, cOffeE
  • Put them together with special characters: stOne@bOOk$cOffeE

Password vaults or keepers allow you to create and store really strong passwords. You only have to remember one really strong password. You can download a password vault software on both a computer and mobile device. Examples: lastpass, keepass, 1password

Two-factor or multi-factor authentication requires multiple things to authenticate you, such as using a password which is a secret that only you “know” or a random number generated by something you “have”. An authenticator could be an app that runs on a smartphone, text messages sent to a smartphone, or a physical fob (keychain device). Examples: google authenticator, Microsoft authenticator, yubikey.

STAY INFORMED

www.securingthehuman.org – OUCH! Newsletter
www.staysafeonline.org
www.onguardonline.gov

Source: ITEGRIA

For more information, please visit www.itegria.com

Share this post:

Blog Archives