Posts

Password Hygiene Best Practices

,

According to a report by Verizon, 80% of data breaches are caused by weak or stolen passwords. In addition, the report found that 60% of users reuse the same password across multiple accounts, making it easier for hackers to access multiple accounts with a single stolen password.

Maintaining good password hygiene is essential to protect against these threats and keep your accounts secure.

Weak or compromised passwords can be easily cracked, allowing cybercriminals to gain access to our data and steal our information. Here are a few password hygiene best practices to consider,

Use Strong Passwords

Using strong passwords is one of the most crucial steps in maintaining good password hygiene. A strong password is one that is long and complex, using a combination of letters, numbers, and symbols. Avoid using easily guessable passwords, such as “password” or “123456,” and avoid using personal information, such as birth dates or names.

Update passwords or revoke access when employees leave the organization

Changing passwords regularly is another essential step in maintaining good password hygiene. It is recommended to change passwords every 90 days or sooner, depending on the level of security required. Passwords need to be updated regularly and access to data has to be revoked when employees are no longer authorized to access it. However, this important step is often overlooked. This is especially an issue in SMBs where the staff is pretty busy and turnover is high. They are too busy to remember to change the passwords once a staff member quits, leaving their data vulnerable. So, next time the new intern finishes their stint with you, make sure you change the password and revoke their access.

Enable Two-Factor Authentication

Two-factor authentication adds an extra layer of security to your accounts. It requires you to provide a second form of identification, such as a code sent to your phone, in addition to your password. Two-factor authentication makes it harder for hackers to gain access to your accounts, even if they have your password.

Don’t Reuse Passwords

Sometimes people find it difficult to remember multiple passwords for various files and applications, so they use a single good, strong password everywhere. Using the same password for multiple accounts is a common mistake that can compromise the security of all your accounts. If one account is compromised, all accounts using the same password are also at risk. Using a unique password for each account decreases the amount of damage that can be inflicted in the event that one password is compromised.

Avoid Writing Down Passwords

Writing down passwords is a risky practice. It is easy to misplace or lose the paper where you wrote down your passwords. Avoid writing down passwords, and if you must write them down, keep them in a secure place, such as a locked cabinet. This applies primarily to an office environment, where desks, files and notepads are in open view and available to all.

Don’t share your passwords

Never share your password. If you need to give data access to multiple people, make sure each one of them has their own access credentials. This creates an audit trail and helps trace the data breach back to its origin if it occurs.

Be Wary of Phishing Scams

Phishing scams are a common way for hackers to gain access to passwords. Phishing scams involve sending an email or text message that appears to be from a legitimate source, such as a bank or social media site. The message typically asks you to click on a link and enter your password, giving the hacker access to your account. Before you click on any link, it is essential to verify if the links are genuine.

/by

So, what, exactly, is Malware

Listen to the news? Read the internet? You know cyber crime is a very big business. Hackers and criminals are out there doing all sorts of nefarious things. Most generally, you hear that malware is some kind of virus that attacks your software programs, infects your hardware, and bungles up your network. But there are many different types of malware, just as there are many types of criminals–each with their own MO and bad intentions. In this e-guide, we will run through some of the major categories of malware, and then suggest 7 different ways you can work to protect your business from malware.

Malware defined – Malware is a generic term that covers all manner of software that is designed to attack your devices, applications, programs, and networks. It is software that has bad intentions. Malicious + Software= Malware. Hackers and criminals create malware for an array of reasons. Some may create it just to attack massive amounts of machines just to show that they can disrupt the cybersphere. Other malware may be created for political reasons. The major reason criminals create malware? To make money without earning it. Yes, stealing. Either by directly pulling money out of accounts, or improperly acquiring data that ultimately provides access to funds. Example: Stealing your SSN and setting up a credit card to use that info, or convincing you to provide the password to your checking account. Others will snatch your organization’s data and hold it for ransom. As usual, it is all about money.

FUN FACT: Before the internet, passing around malware to infect a PC meant a criminal had to find a way to infect a floppy disc and trick users into inserting it into their computer. One of the first was created by a high schooler in the early 80’s. It was relatively benign and just created a pop-up with a Seuss-like poem

“The program with a personality
It will get on all your disks
It will infiltrate your chips
Yes it’s Cloner!
It will stick to you like glue
It will modify RAM too
Send in the Cloner!”

Unfortunately, most viruses now have far more nasty intentions, and the internet has made it much easier for criminals to break in. No waiting for you to insert a disc drive to steal your data, disrupt your internal business operation, or take down your website. One bad click and you’re in trouble.

Malware is a general term and there are several types.

VIRUS – Like the pathogen we associate with human disease, a virus is a “piece of code that is capable of copying itself and typically has a detrimental effect, such as corrupting the system or destroying data.” Source: https://languages.oup.com/google-dictionary-en/.

A characteristic of a virus is that it requires the user to take some action for it to infect your hardware, software, network, etc. For example, inserting an infected thumb drive or clicking on a link found in an email.

ADWARE -Adware is less a type of malware than a symptom created by the infection. Adware invades and then drives the user crazy with endless pop-up advertisements.

WORMS – Similar to viruses, worms replicate and attempt to cause damage but they don’t require a user action. Worms find vulnerabilities or holes in code that allows them access.

TROJAN HORSE – Yes, named after the Greek myth, Trojans trick you into accepting something you want, but inside it has bad intentions. A trojan refers to the method the cybercriminal uses to get you to download a virus or other infected program, rather than the nature of the specific virus.

KEYLOGGERS – This is malware that can track your keystrokes. This particular malware’s goal is to track your keystrokes and identify passwords or credit card information, and then log into your accounts.

RANSOMWARE – If there was any malware that gets more media attention, we aren’t aware of it. And it deserves everyone’s attention. Unlike some other forms of malware, once this has invaded, there is very little you can do to eliminate the virus. Ransomware sneaks in, snatches your data and holds it for ransom. Unless you choose to pay the ransom fee, usually in some cryptocurrency, you are out of luck. In the specific case of ransomware, prevention is the key. Having clean backups of your data which are kept continuously up to date is about the only way to sidestep a ransomware attack on your data.

/by

Everyone loves cookies–even cybercriminals

When you visit a site, probably for the first time or from a new device or browser, you will see an alert that mentions the site uses Cookies to offer you a more personalized experience and asks you if you are okay with it. Let’s admit it. A lot of us don’t even bother to read what the notification says before we click “Accept” and move on with our browsing.

Cookies are tiny information packets that store data related to your interaction and behavior on websites. It is like walking into your favorite local diner and having them serve up the “usual” instantly. Cookies, track your digital footprint on a website and allow the site to offer you a more personalized browsing experience. For example, let’s say you visited Amazon.com and looked at some cameras, perhaps you put one into your cart as well, but never checked out, or added one to your wishlist on the site. The next time the camera is on a sale, Amazon app sends you a notification about the price reduction. That happens with the help of cookies. And, that’s just one example. Cookies are not necessarily limited to shopping sites.You know how sometimes you can save your password for some sites, so you don’t have to type it or log in every time you visit the website? You are able to do that because of cookies. Any site can have cookies, though shopping and banking sites can’t function without them. These are known as session cookies and are absolutely indispensable, while some like persistent cookies make your web browsing experience more pleasant and the third party cookies, while not very pleasant, are used basically to facilitate online advertising. How do cookies become a security threat, then?

Cookies become a security threat when hackers get access to them. If hackers hijack your cookies, they can get access to your session, your passwords and other related online activities. Hackers sometimes create “Super Cookies” and “Zombie cookies” to steal information from authentic cookies. Such cookies are difficult to identify and delete and sometimes work like worms replicating themselves, thus making it more difficult to get rid of them. Hackers can also steal your cookies if they get access to your network or to the server of the website you are visiting. For example, if your bank’s or shopping website’s server was hacked into, chances are, the hacker has access to your cookies and thereby all your account details.

If you liked what you read, then check out our whitepaper, The cookie monster is coming for you, for a more detailed account of the threats posed by cookies and how you can manage them better.

/by