+1-202-802-9399 (US)

Thycotic’s Cyber Security Publication

Top 8 Cyber Security Best Practices You Cannot Ignore

October 4th, 2016


With more than 3.5 billion Internet users worldwide, cyber security is a hot topic and implementing best security practices is more important than ever!

The sheer volume of accounts available for hacking is jaw dropping:

  • 6 billion email accounts
  • 2 billion Smartphones
  • 1 billion Apple users
  • 1 billion Gmail accounts
  • 1.8 billion Facebook accounts
  • …and 300 million Twitter accounts who tweet 7,350 times per second, send 2.5 million emails per second, and transfer 1.5 billion GB of data per day through the internet.

Each one of these provides hackers with an opportunity to attack and exploit personal accounts as well as the accounts of organizations.

Before we reveal the 8 cyber security practices you simply cannot ignore (scroll down if you want to get straight into it) it helps to understand why cyber crime is on the increase, and how easy it is to put your personal information right into the hands of a hacker.

Cyber criminals are testing our cyber security practices to the limit
Based on the number of cyber breach reports in 2016 we know it was a busy time for cyber criminals. Public reports described more than 500 data breaches and more than 2 billion records stolen and exposed. In 2016 The Identity Theft Resource Center recorded 980 breaches in the categories of banking and financial, business, educational, government and military, and healthcare. And we all know what happened over at Yahoo!

Why do we continue to see so many cyber breaches?
As digital social society we are sharing more information in more different cyber venues than ever before. Every day billions of us power up our devices and connect to the internet to access online services so we can get the latest news, shop for the best deals, chat and connect with friends, stream music and videos, get health advice, look for jobs, share our thoughts and access our financial information.

As more people and businesses use online services, more entities become available for cyber criminals and hackers to target. So we are increasingly more exposed to social engineering and targeted spear phishing attacks, and vulnerable to financial fraud and identity theft.

What happens when an identity is stolen?
When an identity is stolen it provides the attacker with the ease of bypassing traditional security perimeters undetected. And if the stolen identity has access to privileged accounts, the attacker can easily carry out malicious attacks on the victim, or even the organization where the person works.

It is critically important to know how cyber criminals target their victims
If you use the Internet in either a personal or business capacity it is essential that you understand exactly how you might be targeted, and what you can do to reduce the risk. Armed with this knowledge you can make it more challenging for attackers to steal your personal information, your identity or your money.

Behind most breaches you’ll find one or more of three major factors:

  • The Human Factor—cyber criminals count on a certain number of us becoming lazy or complacent in the way we use the Internet.
  • Identities and Credentials—hackers know that it takes effort to manage our passwords and personal information securely, and that not everyone is willing to make that effort.
  • Vulnerabilities—attackers understand that many online platforms and organizations’ systems have a weakness ripe for exploitation, and given enough time, there’s a chance they will find it.

What personal information are you giving away on social media?
When using services like social media you are sharing more and more of your personally identifiable information (PII). This is your physical and digital identity with information like full name, home address, telephone numbers, IP address, biometric details, location details, date of birth, birthplace, and even family members’ information.

The more personal information you divulge online, the easier it is to target you
As you provide more information about yourself online, the higher the likelihood that a cyber criminal will encounter that useful info and use it to make you the next victim of cyber crime. Cyber criminals and hackers spend up to 90% of their time performing reconnaissance of their target before acting. This means they typically have a complete blueprint of their target by the time they’re ready to attack. They gather as much personal information as possible by using a variety of online resources, like social media, or Google ‘dorking’—a technique that can take down entire companies—as well as other search engine resources.

So, how do we protect ourselves from cyber crime?
Any time you go online follow the National Cyber Security Alliance’s (NCSA) advice:
Stop. Think. Connect.

And to help you with the ‘Think’ part, here’s our checklist of cyber security best practices to think about:

THE 8 CYBER SECURITY BEST PRACTICES YOUR CANNOT IGNORE

How do you rate compared to this checklist?

1. Limit Personally Identifiable Information on Social Media
Whether you are about to create a new social media account or you already have one, only enter the basic information required to get the account activated and never provide excessive information that could put you at risk. Many social media services will tempt you to enter information like date of birth, home address, location details and mobile numbers to make it easier for other people to find you. But this dramatically increases your cyber security risk as cyber criminals find ways to locate this information. If you’ve already added this information set it to hidden; or better still, remove it from your profile.

2. Enable Privacy Settings, increase the default security settings, and set up alerts
Many social networks are open by default, privacy is basic or turned off, and security is optional. Review the privacy and security options available to you and enable them. Don’t be afraid to make your account less visible. If multi-factor authentication is available—use it! Use an Authenticator application like Google, Microsoft, Symantec or Authy to SMS. Enable alerts and notifications on your accounts so you are quickly advised of any suspicious activity. Get notified when anyone attempts to tag you.

3. Use $tr0ng3r passwords and change them at least once per year
When choosing a password make it long, strong and unique to that account. Then change it at least once per year. The average age of a social media password today is years, and social media platforms don’t do a great job of reminding you how old your password is, pointing out how weak it is, or telling you when it’s a good time to change it. It’s entirely up to you to protect your account—so do it wisely. If you have many accounts and passwords, use an enterprise password and privileged account vault to make it easier to manage and secure them. Never use the same password multiple times.
Want to compare password managers side by side? We’ve created charts to help you.

4. Never use social logins, as tempting as it may be
Where possible, log into original accounts using the unique login you created for that account rather than using social logins. Sure, it’s quick and convenient to ‘log in using Facebook’, but when Facebook gets hacked it means that the hacker could cascade to all of your accounts using that social login.

5. Maintain and use multiple Digital Identities
Create multiple accounts to de-risk your information. Set up multiple email accounts with different purposes: use one email address for low-risk communication; one for subscribing to online newsletters, airport Wi-Fi and other services that require an email address; one for shopping online, and another for resetting passwords (which has higher security settings). This lowers the chance that your information will be compromised, and limits the risks associated with having all your eggs in one basket.

6. Limit what you do over public Wi-Fi and apply the following best practices when using it:

a. It’s best not to use a public Wi-Fi network without VPN. Rather use your cell network when security is important (3G/4G/LTE).

b. When using public Wi-Fi ask the vendor for the correct name of the Wi-Fi Access point and confirm that it has security. It is common for hackers to publish their own Wi-Fi SID with similar names.

c. Disable Auto Connect Wi-Fi or enable Ask to Join Networks. Hackers use Wi-Fi access points with common names like ‘Airport’ or ‘Café’ so your device will auto-connect without your knowledge. Never opt to remember the Wi-Fi network on public access points.

d. Use the latest web browsers as they have improved security for fake websites. This prevents someone from hosting their own ‘Facebook’ website, for example, waiting for you to enter your credentials.

e. Do not click on suspicious links like videos, even via social chat.

f. Beware of advertisements. They could direct you to compromised websites.

g. Use a least privileged user or standard user while browsing as this will significantly reduce the possibility of malicious malware being installed.

h. Always assume someone is monitoring your data over public Wi-Fi.

i. Do not access your sensitive data like financial information over public Wi-Fi.

j. Do not change your passwords, and be wary of entering any personal credentials while using public Wi-Fi.

k. If you have a mobile device with a personal hotspot function, choose this over public Wi-Fi where possible—but still be cautious.

7. Limit on how often you like a status, follow a page, or allow an application to access your social media profile
If you’re a frequent user of any social media platform be aware of the risks of liking posts, following pages or allowing different applications to access your profile. You’re accumulating a trail of activity that is time consuming, or even impossible to reverse.

When you grant access to a social media app you must practice good cyber hygiene—remove the app’s access when it’s no longer required. Apps may share your information (and sometimes that of your friends) and unless you revoke access the app will continue to have access to your profile data and more. On occasion, go into your account and review which apps have your approved access and revoke access if you no longer need the app.

8. Before clicking on anything, stop, think and check if it is expected, valid and trusted
We are a society of clickers; we like to click on hyperlinks. But be cautious of any message you receive that contains a hyperlink, even if it looks like a legitimate message from a friend or a trusted organization.

Stop and ask yourself if the message was expected. Do you know the person who sent it, and is it really from them? Or could they have been hacked? Could it be a phishing email—a message that looks exactly like one you might receive from a familiar organization but is really a set-up to get your information. If you’re unsure of the authenticity of the message contact the sender by phone or via a new message and ask if they sent you the link. It could be malware, ransomware, a remote access tool or something that could steal or access your data. Nearly 30% of people will click on malicious links. We all need to be more aware and cautious. Before clicking, stop and think.

Stay safe online with these cyber security best practices and avoid becoming the next victim of cyber crime.

Want to improve information security in the work place? This post includes a must-see infographic.

SHARE THIS


The following two tabs change content below.

Joseph Carson

Joseph Carson has over 25 years' experience in enterprise security, is the author of "Privileged Account Management for Dummies" and "Cybersecurity for Dummies", and is a cyber security professional and ethical hacker. Joseph is a cyber security advisor to several governments, critical infrastructure, financial and transportation industries, speaking at conferences globally. Joseph serves as the Chief Security Scientist at Thycotic.

Leave a Reply

*