Phone Number +1-202-802-9399 (US)
The Lockdown

Thycotic’s Cyber Security Blog

Protect Yourself at Work and Home to Avoid Becoming a Victim of Cyber Crime

Written by Joseph Carson

October 15th, 2020

Cybersecurity is no longer simply a technology challenge. It’s a challenge for everyone who interacts with technology. The protection of work and personal life are no longer separated. They’ve become intertwined thanks to social networks, the Internet of Things, and unlimited connectivity.

This means cybersecurity is no longer solely the responsibility of a company IT department, but the responsibility of every employee.

Cyber-criminals don’t care about demographics. They attack regardless of the victim’s identity. They’ll attack a 10-year old child playing computer games at home or an employee reading emails a work.

Today, the line between work and personal time is blurry. With millions more people working from home and at least 70% of American schools shifting to online learning, that line is less clear than ever.

Cyber risk is increasing for personal information and enterprise data

Throughout the day business users switch between personal and business applications and even between devices they use to access them. Seventy percent of internet users are increasing their mobile device usage as a direct result of the coronavirus outbreak, connecting to work-approved and third-party applications, often via unsecured personal devices. As a result, cyber risk is increasing both personal information and enterprise data.

Cyber-criminals like to target business users—they have identified them as a vulnerable channel to enter an organization’s IT systems. IT teams work hard to ensure security solutions and policies are in place to protect sensitive data and systems.

Business users are on the front line in the fight against cyber-crime. Threats can start from your personal social footprint, potentially corrupting your photos or stealing your money, and all to use you as a mule to gain access to your workplace.

A people-centric cybersecurity approach is critical to reducing cyber-crime. October (National Cyber Security Awareness Month) is the ideal time to review your online behavior to make sure you’re doing all you can to keep your organization safe.

Protect your passwords to reduce the risks

At least 37% of data breaches leverage credentials to infiltrate an organization’s IT environment, according to the 2020 Verizon Data Breach Report. Protecting credentials is the most effective way to reduce the chance of a cyber attack and contain the damage if an attack occurs.

During National Cyber Security Awareness Month, take the time to review your password habits.

Start with your social media passwords. Social media does not do a good job telling you how old your password is, how weak it is, and when it’s a good time to change it. It is your responsibility to protect your social media accounts. Make sure you use a strong password that is unique to each account—and change it regularly. The average age of a social password today is years. When was the last time you changed yours?

Password cyber fatigue starts to set in after only five passwords

Typically, people are asked to remember an average of more than 30 passwords. Cyber fatigue starts to set in after only five passwords resulting in poor password choices, reusing passwords, or simply adding a “2” at the end of an existing password. Cyber-criminals know this and have smart algorithms that can guess and use brute force techniques to crack predictable passwords.

For personal passwords, such as Netflix, social media, or bank accounts, use a password manager built for consumers. A password vault will help track the age of each password, what additional security controls have been applied, and generate complex passwords so you won’t have to type or remember them. You will only need to remember one strong password, reducing cyber fatigue, and making your life easier and more secure.

Start using “passphrases,” a combination of words you know plus a few special characters, like “?%&@!,” which can be placed anywhere in the passphrase. A passphrase should be more than eight characters. A strong passphrase combined with multi-factor authentication is tough to crack—trust me, as an ethical hacker, I try!

Change these passphrases at least every nine months to one year. Don’t wait for news of a hack before you change your passphrases.

You can learn more about strong passwords and check the strength of your passwords with Thycotic’s free Password Strength Checker.

For work-related passwords, make sure you take advantage of enterprise tools your IT team puts in place to store and manage passwords. IT teams are moving away from asking users to create, update, and change passwords. For example, a credential vault that offers complex password creation and rotation, such as Thycotic Secret Server, saves you time and increases security.

Enterprise password managers are different from consumer-grade password vaults. While they are just as easy for business users, they also include approval workflows and auditing capabilities that IT teams need to meet compliance requirements.

Resist the urge to store passwords in your browser

Browser-stored passwords may make it faster and easier to log in to online resources, but they’re notoriously easy to steal.

If you use the same password for personal and business applications and a cyber-criminal steals it, the danger increases exponentially. A stolen password can provide the keys to your organization’s entire IT network or your home.

To avoid the risk of relying on browser-based passwords, enterprise password management tools include the ability to manage credentials for web and browser-based applications. Users can easily access tools with the permissions they need while IT teams maintain central visibility and control.

Limit the use of social logins

Where possible, use unique accounts rather than social logins. If accounts get compromised or stolen cyber criminals could cascade to all your accounts using the stolen social login. Many online services, apps, or games encourage you to utilize the social login, also known as Single Sign-On (SSO). This means you can sign up using your Google+, Facebook, Twitter, or LinkedIn accounts, etc. While this solves the issue of remembering multiple passwords, it raises a much greater security and privacy issue in the background.

Some apps request FULL ACCESS, meaning access to everything

When using SSO, most apps request read/write access or request access to your basic information. Some apps request FULL ACCESS, meaning access to everything including emails, calendars, location information, friends and family, etc. You really want to think twice about clicking ‘Yes’ to using your social login.

Review what apps or accounts you have allowed social logins and get into the habit of reviewing on a regular basis to disable those you are no longer using. Again, rather than using social logins use a password vault for sensitive accounts containing personal information.

Be careful on public Wi-Fi

Always assume someone is monitoring your data over public Wi-Fi. Don’t access your sensitive data such as financial information over public Wi-Fi. Don’t change your passwords, and beware of entering credentials while using public Wi-Fi.

Whenever possible, don’t use a public Wi-Fi network without a VPN. Rather, use your cellular network (4G/LTE/5G). If you have a mobile device with a personal hotspot function, use this over public Wi-Fi.

If you are using public Wi-Fi, ask the vendor for the correct name of the Wi-Fi Access point and whether it has security. It’s common for criminal hackers to publish their own Wi-Fi SID with similar names.

Make sure you disable Auto-Connect Wi-Fi or enable Ask to Join Networks. It’s not unusual for hackers to use Wi-Fi access points with common names like “Airport” or “Cafe” so your device will auto connect without your knowledge.

Don’t select to remember the Wi-Fi network.

Use the latest web browsers as they have improved security for fake websites. This prevents someone from hosting their own website that looks like Facebook, waiting for you to enter your credentials.

Use standard user credentials for browsing

If you have two sets of credentials—an administrative user and a standard user—make sure you log in as a standard user while browsing the web, as this will significantly reduce the possibility of installing malicious malware.

Think before you click

We are a society of clickers. One-third of people will click on malicious links. Don’t click on suspicious links even via social chats, and beware of advertisements that could direct you to compromised websites. Always be cautious of receiving any message with a hyperlink and ask yourself: Was I expecting to receive this? Do I know the person who is sending it?

Securing devices at home and at work

Full-time remote work isn’t going away anytime soon. As people have adapted to the new normal over the past months, they’ve been figuring out ways to create boundaries between work life and personal life.

Maybe you’ve got a sign on your door when you’re in a video call. Maybe you’re blocking time on your calendar for lunch with your family.

This month, add best practices for cybersecurity to your list of actions to keep home and work separately. Never use the same passwords for work and home. Use personal tools for personal systems and enterprise tools for enterprise systems. Creating those boundaries will help reduce cyber risk and keep sensitive data and systems safe.

FREE Cybersecurity for Dummies ebook

FREE Cybersecurity for Dummies ebook

Show your employees how to protect themselves and your organization

 

Like this post?

Get our top blog posts delivered to your inbox once a month.

SHARE THIS