Simple, yet powerful Cybersecurity practices you MUST follow.
While computers, smart phones and people gets hacked everyday, most of the hackings are based on social engineering. Chances of you getting hacked from the server side or from a security vulnerability found in an application is considerably low. Most of the web services now use HTTPS and SSL certificates for communications between servers and clients, mostly because, if they don’t, they suffer badly in Google search rankings. So, everyone is very keen on using the most modern security practices when it comes to client - data.
I guess you wanna know what I meant by “Social Engineering” before diving into this right? Don’t worry, I got your six. 😉
What I meant by Social Engineering was the malicious activities accomplished through various day to day human interactions. Social Engineers use psychological manipulation to trick users into making security mistakes or giving away sensitive information.
*All they need is your dog’s name, favorite color and your birthday. Just like that, they can crack most of your passwords. Scary thing is, these things can be picked up by having a friendly conversation with someone. That’s why we always ask users to use special characters in their passwords. Thinking why? Special characters lowers the chances of your password being guessed*
Back in the early 2000s and onwards, people got hacked mostly because of technical problems that occurred on software’s and web applications we used. Nowadays it happens mostly because people’s unawareness of basic cybersecurity practices. It’s funny a little thing like clicking on a rogue URL or leaving your work computer unlocked while you use the bathroom can leave you open for all kinds of attacks from a Cybersecurity standpoint. Being aware not to click any unknown link can save a world of trouble for you. Nobody takes this subject seriously until it happens to them.
The most common saying I get is “Who’s gonna hack me? There’s nothing to be hacked here”.
Today I will give you a number of very simple tips, you can use to be on the safe side when it comes to security.
1. Make sure to lock your computer before leaving your desk, while in the office. No matter how quickly you’re going to get back, you should always make sure to lock your computer.
*By doing so, you will cut off the possibility of someone installing a malicious software or a key logger in your PC while you’re not there. With something like a key logger, one can capture the keystrokes made by you. Even something like your username and password.*
2. Keep your Operating System and all the softwares in it, up to date. Out of date software can have vulnerabilities that can leave you open to cyber attacks. A software update can contain patches to a new security vulnerability found by the vendor. So it’s always a good idea to keep all your applications up to date. (Same rule applies for mobile applications. iOS, Android and Windows)
*Please do your best to avoid cracked software*
*Please make sure to download your Android apps through Google Play Store and iOS apps only from Apple App Store.*
3. Make use of MULTI FACTOR AUTHENTICATION when you’re provided with the option. (If it’s a service worthwhile using, you will get the option to enable this option)
4. Install an Anti-Virus software and keep it up to date.
5. Avoid clicking unnecessary links and links you get in emails. Be sure to double check the URL of a website and the file format of an email attachment before downloading it or clicking it.
*If an alleged PDF attachment appear to be a file with an .exe file extension. My friend, that is not a PDF file.*
6. Any major email service or social media site sends you an email if there was a suspicious login attempt to your account. They will ask if that was you via E-mail. Make sure to read these emails and act accordingly.
*If you get an email like this and the login attempt is not made by you, it’s a good idea to change your password in that account ASAP*
7. If you’re uploading sensitive images and documents to a cloud service (Not Recommended), make sure to enable multifactor authentication to that cloud service. This will add an another layer of security to your account. (Make sure to keep the secondary device you add to this service with you at all times. Or the person who has the device will get the One-Time password)
8. For passwords, use a password manager like “Bit warden (Open-Source)” or “Lass pass(Paid)” to generate and save passwords for each and every website you visit. With this handy tool, you’re only going to have to remember one password which is called the MASTER PASSWORD. Once you provide this password, you can access any password or username you added.
With a tool like this, users tend to generate a complex password for each and every account they may create. Thus avoiding the grave mistake of using the same password for every account. Ease of remembering is not a valid reason for this. (Available for mobile and desktop devices)
9. Backing up your data or at least uploading the most important files and documents to a cloud service is a good practice. That way even if the local copies of the files are compromised, you can always get the backed-up version. (For this you can use Google drive and you can choose a folder to be synced to the cloud real-time.)
*Working Internet connection is required*
10. If you have a Wireless LAN (WLAN), always make sure to use MAC filtering. And stop broadcasting your SSID.
Most importantly, the WLAN router or the switch(s) of your LAN, shouldn’t be physically accessible to anyone else BUT YOU. The sys Admin.
For some reason, the physical location of the switch is out of your reach. Make sure to enable PORT SECURITY on that switch and filter every connection by MAC address. (For this, you need a manageable switch).
11. If you’re a System Administrator in charge of a fleet of computers, you’re gonna have to create a whole new security policy suited to your office environment.
Educating the employees on basic cybersecurity practices is a MUST.
Creating a password policy and enforcing it, should be a part of that policy. Since you’re the Sys Admin, you can always control the way the passwords are chosen using the directory service you administer.
*You should never know the passwords of other users.*
Creating an internal website on the LAN and providing good documentation for the policy is always a good idea. You can always host the website on the the server you administer or on the company GitHub Page.
Being 100% protected from cyber attacks isn’t practical.
But we can mitigate the risk of being vulnerable by following these simple habits. And this is not going to cost you a penny. So just follow these rules and be SMART and VIGILANT.