Cyber Security is a very hot topic and with more than 3.5 billion Internet users worldwide. That includes, 6 billion email accounts, 2 billion smartphones, 1 billion apple users, 1 billion Gmail accounts, 1.7 billion Facebook accounts, and 300 million Twitter accounts who tweet 7,350 times per second, send 2.5 million emails per second, and transfer 1.5 billion GB of data per day through the internet. All of which are strong opportunities of attack for hackers to exploit.
If we look at all of the cyber breach reports in the past year – we can see that it has been a busy time for cyber criminals, with public reports describing more than 500 data breaches and more than 500 million records exposed in 2015. So why do we continue to see so many cyber breaches? If we look at why many of the breaches in the past year have occurred it comes down to three major factors that can be categorized into Human Factor, identities and Credentials, and Vulnerabilities. With the digital social society, we are sharing more information, ultimately causing ourselves to be much more exposed to social engineering and targeted spear phishing attacks with the ultimate goal to compromise our systems for financial fraud or to steal our identities in order to access the company we are entrusted with protecting. When our identities are stolen it provides the attacker with the ease of bypassing the traditional security perimeter undetected, and if that identity has access to privilege accounts, they can easily carry out malicious attacks.
Every day billions of people power up their devices and connect to the internet to access online services so they can get the latest news, shop for the best deals, chat and connect with friends, stream music and video’s, get advice for health, latest trends, look for jobs, share their thoughts and access their financial information. As more and more people and business’s use online services they quickly become a target of cyber criminals and hackers. It is critically important to know how cyber criminals target their victims, what you can do to reduce the risk and make it more challenging for the attackers who steal your information, your identity or your money.
Everyday when using services like social media you are sharing more and more of your personal identifiable information about your physical and digital identity with information like full name, home address, telephone numbers, IP address, biometric details, locations details, date of birth, birthplace, and even family members. The more information that you make available online the more a cyber criminal can use that personal information to easily target you to being the next victim of cyber crime. Cyber criminals and hackers spend up to 90% of their time performing reconnaissance of their target before acting meaning that they typically have a complete blueprint of the target by using many online resources for example social media, Google “dorking” and other search engine resources to gather as much personal information as possible.
The next time you are about to go online follow the National Cyber Security Alliance’s (NCSA) online security campaign and Stop, Think and then Connect by following these eight best practices below to stay safe online.
1.) Limit Personal Identifiable Information on Social Media:
Whether you are about to create a new social media account or if you already have an existing account make sure that you only enter the basic information required to get the account activated and not to put excessive information that could put you at risk. Many social media services will try to tempt you to put more information like date of birth, home address, location details and mobile numbers to make it easier for other people to find you but in fact this increases cyber security risks and cyber criminals can also find this information. If you have already added this information set them to hidden or remove them from your profile.
2.) Enable Privacy Settings and increase the default security settings:
Many social networks are open by default, privacy is basic or turned off, and security is optional. Make sure to review what privacy and security options are available and enable them, make your account less visible and make sure the security is sufficient for the data or services you plan to use the account for. If multi-factor authentication is available use it preferring to use an Authenticator application like (Google, Microsoft, Symantec, Authy) to SMS. Make sure to enable alerts and notification on your accounts so you get alarmed on any suspicious activity, make sure to limit and get notified when anyone if attempting to tag you.
3.) Use $tr0ng3r passwords and change them often:
When choosing a password make sure to choose a strong password, unique to that account and to change it often. The average age of a social password today is years and social media do not do a great job telling you how old your password is, how weak it is, and when it is a good time to change it. This is your responsibility to protect your account so make sure to protect it wisely. If you have many accounts and passwords use an enterprise password and privileged account vault to make it easier to manage and secure them. Never use the same password multiple times.
4.) Do not use social logins and limit use of application passwords:
Where possible use unique accounts rather than social logins as it those accounts get compromised it means that cyber criminals could cascade to all of the accounts using the social login.
5.) If possible, use and have multiple Digital Identities:
Create multiple accounts to de-risk your information, for example setup multiple email accounts, one used for communication, one used for subscribing to for example different online newsletters, airport Wi-Fi and other services that require an email address and then another that is used to resetting passwords which has higher security settings. This helps de-risk the information and also limit your risk of having all you eggs in ne basket.
6.) Limit what you do over Public Wi-Fi and use the following best practices:
Better not use a public Wi-Fi network without VPN. Rather use your cell network (3G/4G/LTE) when security is important. When using public Wi-Fi ask the vendor for the correct name of the Wi-Fi Access point and whether it has security, it is common for hackers to publish their own Wi-Fi SID with similar names. Disable Auto Connect Wi-Fi or Enable Ask to Join Networks, It is common that hackers will use Wi-Fi access points with common names like “Airport” or “Cafe” so your device will auto connect without your knowledge. Do not select to remember the Wi-Fi network. Use the latest web browsers as they have improved security for fake websites, this prevents someone from hosting their own websites like Facebook waiting for you to enter your credentials. Do not click on suspicious links even via social chats like videos that has your photo and beware of advertisements that could direct you to compromised websites. Use a least privileged user or standard user while browsing, as this will significantly reduce the possibility of installing malicious malware. Use a VPN service. Always assume someone is monitoring your data over public Wi-Fi. Do not access your sensitive data like financial information over public Wi-Fi. Do not change your passwords and beware of entering credentials while using public Wi-Fi. If you have a mobile device with a personal hotspot function use this over public Wi-Fi where possible.
7.) Limit on how often you like a status or follow a page or allow an application to access your social media profile:
When using social media on a daily basis be aware of the risks of liking, following pages or allowing different applications to access your profile as when access is provided many people do not have a good cyber hygiene on cleaning them up when no longer required. Note that information is shared and unless they get revoked they will continue to have access to your profile data for example, name, email, address and likes friends etc. On occasion go into your account and review what you have approved access and decide whether it would no longer have access and revoke them.
8.) Before “clicking” stop, think and check if it is expected, valid and trusted:
We are a society of clickers; we like to click on things for example hyperlinks. Always be cautious of receiving any message with a hyperlink and ask yourself was this expected, do I know the person who is sending it and on occasions ask the person did they actual sending you something before clicking on something which might be malware, ransomware, a remote access tool or something that could steal or access your data. Nearly 30% of people will click on malicious links and we need to be more aware and cautious. Before clicking, stop and think.
Stay safe online with these best practices and avoid becoming the next victim of cyber crime.