Phone Number +1-202-802-9399 (US)
The Lockdown

Thycotic’s Cyber Security Blog

National Cyber Security Awareness Month: If you connect it, protect it

Written by Joseph Carson

October 8th, 2020

Can you spot the red flags of a cyber crime? What behaviors do cyber criminals love to abuse? Here’s how to avoid being the next victim!

Cyber security is no longer just a technology challenge. It’s a challenge for everybody who uses and interacts with technology daily.

The protection and security of both your work and personal life are no longer separate—they have been intertwined with evolving trends of social networks, the internet of things, and unlimited connectivity. Because of this, cyber security is no longer just the responsibility of the company IT department; now it’s the responsibility of every employee. And not just to protect your work assets, but your personal data as well.

Cyber-attackers do not care about age, gender, race, culture, beliefs, or nationality. They attack based on opportunity or target victims for financial gain, irrespective of who the victim is. It could be an eight-year boy at home playing computer games or an employee sitting in the office reading emails.

If you’re connected to the internet, chances are high you’ll become a target of a cyber crime

Everyone is now responsible for cyber security, and cyber security starts with you. If you’re connected to the internet, then the chances are very high that you will become a target of a cyber crime, or may have already been a victim of a data breach. The reality is that we must become a better cyber aware society if we are to become more resilient to cyber-attacks.

Just like a virus, if someone in your social sphere is infected the chances of you becoming infected significantly increases. This means that the best way to defend against cyber-attacks is to work together and become more resilient together.

For organizations, business users have the potential to form an effective front line of defense against cyber-attacks. IT teams are working hard to ensure they have useable security solutions in place to protect sensitive data and systems, and that employees are prepared and educated on how to detect potential threats.

Due to complex security processes and lack of security awareness, the online behavior of business users has traditionally been one of the weakest links in a company’s cyber security program. Business users are measured on their ability to get a job done well in as short a time as possible. Sometimes, that means finding the fastest way to access and share information rather than taking the extra steps required to make sure access and data are properly protected.

Cyber-criminals count on this behavior and often target business users as a channel to enter an organization’s IT systems, pretending to be a legitimate service and abusing the trust of the employee.

People are in the front-line of cyber security attacks and threats. It starts with your personal social footprint—including your personal data and devices—and can end up corrupting your family photos or stealing your money in order to use you like a mule to gain further access.

When business users know what red flags they must look out for, they can stop cyber-attacks in their tracks

It is time to balance technology and people; to increase our cyber security awareness so we can protect and secure both our personal assets and our company assets. The time for a people-centric approach to cyber security has arrived, making cyber security everyone’s responsibility. When business users know what red flags they must look out for, they can stop cyber-attacks in their tracks. Not just at work but also at home.

National Cyber Security Awareness month (NCSA) is a great time to review your online behavior to make sure you’re doing all you can to keep your organization safe.

Of the many new devices being connected, stop and think about what risks each new device introduces to your work or home. Have you or your employees adopted any smart devices?

Think about voice-activated speakers, home automation, connected cars, game consoles, automated ventilation systems, smart vacuum cleaners, and connected security systems. These all make great targets for attackers wanting to take advantage of this ever-growing landscape of new devices. If it’s connected to a network then you are going to have to take the right steps to protect it and ultimately everyone in your social sphere.

Protect your passwords

Password security should be the bedrock of any organization’s cyber security awareness program. Yet a staggering 92% of companies have cloud credentials for sale on the dark web according to McAfee’s latest Cloud Adoption and Risk Report. Business users must be guided to do their part in keeping your organization’s credentials from ending up in the wrong hands.

92% of companies have cloud credentials for sale on the dark web

We must move away from having humans choose and decide on the next strong password. For most business users it starts with a capital letter followed by a simple dictionary word and ends in a number—and that favorite special character. Yes, the most used character in passwords is the “!” exclamation mark.

Check out one of my favorite clips from Michael McIntyre on why you should probably change your password!

The best and strongest passwords are those that are not created by humans

Allowing users to manually generate passwords is already a poor practice; expecting them to manually manage dozens—or even hundreds—of passwords results in cyber fatigue and risky behaviors.

The solution lies in reducing the number of accounts and passwords users need to manage, and yes, that means choosing a usable password management solution. For individuals, a simple password manager tool will do the job, but for businesses, a strong Privileged Access Management solution is the answer.

Focus on teaching users how to create one strong password by using the passphrase technique, and leave the rest of your accounts and passwords to be managed automatically.

Take full advantage of the enterprise tools your IT team puts in place to store and manage passwords. A credential vault that offers complex password creation and rotation, such as Thycotic Secret Server, saves you time and increases security.

Resist the urge to store passwords in your browsers

Browser-stored passwords may make it faster and easier to log into online resources, but they are notoriously easy to steal.

  • Browsers typically don’t use strong encryption for passwords
  • Inspector tools make it easy to reveal browser-stored passwords and require zero programming knowledge
  • Password recovery tools can easily find these passwords
  • Browser-stored passwords are rarely monitored or changed
  • Once your device account is compromised so are all the passwords stored in your browser

If you use the same password for multiple websites or applications and a cyber-criminal accesses it, the danger can spread. If you have local admin rights on your computer, a stolen password could be just a few steps away from the attacker elevating to having full domain privileges, typically known as the keys to the kingdom, which means your organization’s entire network.

Enterprise password management tools provide the ability to manage credentials for web and browser-based applications, so you avoid the risk of relying on browser-based passwords.

Block attacks on your devices

Through devices, business users are susceptible to phishing, social engineering, malware, ransomware, and various data extraction techniques.

Two-thirds of companies are compromised by exploits that originate with a user workstation.

The volume of attacks on user devices is rising, as is the cleverness of attacks. There’s a marked spike in cyber-criminals using advanced persistent threat (APT) techniques: an attacker uses one compromised endpoint to move laterally throughout a network by taking advantage of known vulnerabilities, elevating privileges, and persistently hacking once they’ve managed to get inside. These techniques were previously used only by state actors but are going mainstream.

With most cyber-attacks, the motive is financial. The attacker is looking for ways to make a profit and will use any means possible to reach that goal.

Malware (including viruses and other rogue programs) installed on a device may cripple it or grant an unauthorized user access to it. Non-malware attacks exploit vulnerabilities in programs or applications that may already be installed on a computer, such as a word processing program or web browser.

The sheer variety of user devices—desktop computers, laptops, mobile devices—all with different operating systems, versions, and browsers, adds complexity to security management and oversight. Not to mention the ever-growing variety of smart devices and wearables. And with BYOD (bring your own device, sometimes referred to as bring your own disaster) becoming the norm and a significant percentage of users working from home, remote management introduces even more complexity to cyber security.

An IT team can use central security solutions to prevent users from installing a suspicious program on company-managed devices. But business users must be made aware of their part in your organization’s cyber security, and pay more attention to links. Take time to stop and ask:

  • Is this expected?
  • Do I know the person who sent it?
  • Is the link taking me somewhere that I know?
  • Am I logged in as an admin account or standard user?
  • Does the message raise any potential red flags, such as spelling mistakes or urgency?

Smart devices need cautious users

It’s true, with the ever-expanding choice of internet-connected devices the majority of users have more connected devices than they could have ever imagined. Think about all the devices that ultimately end up connected to the network: laptops, tablets, wearables, home automation, health, entertainment, and the security all of these devices, and understand that if you connect it you must protect it.

Not all devices come with security built in or turned on. It’s up to you to take the extra steps to turn your home network or your business access system into one that reduces the risk of a cyber criminal stealing your data, emptying your bank account, or locking your company’s sensitive data. Before connecting your next device to the network take a moment to learn about its security features and how to change its default passwords, and make access a bit more difficult for cyber-criminals.

Business users are essential partners in the fight against cyber crime

Use National Cyber Security Awareness Month as an opportunity to strengthen your defenses. IT teams should make business users aware of the importance of their role as cyber defenders. Provide users with security awareness training on password management and threat prevention, and give them appropriate access to enterprise software to help them protect your sensitive data and systems.

Browser-stored passwords make it easy for hackers to get inside your network.

Pinpoint risky stored passwords in minutes

Our free Browser-Stored Password Discovery Tool finds those sneaky passwords

 

Like this post?

Get our top blog posts delivered to your inbox once a month.

SHARE THIS