Five tips to be aware on Cyber Security Month
Updated: Oct 11, 2018
By: José Calimano
CompTIA Security+ Certified
October 1 marks the day of National Cyber Security Awareness Month (NCSAM), a collaborative effort that began in 2004 as part of a joint campaign of the National Cyber Security Alliance and the U.S. Department of Homeland Security (DHS). This initiative formed and driven by the EU, Cyber Security Month seeks to create awareness of cyber-security threats, promote cyber-security among people and organizations and provide resources and information to help people and organizations protect themselves online through sharing information. Rock Solid Technologies takes part in this initiative this year. Here are the top five cyber security tips.
First, and most importantly, people need to be aware of and protect against phishing attacks. Phishing is a technique used by the bad guys to try to convince you to give up some personal information. This might be a username and a password. It might be some personal information like a credit card number or social security number, but it is all a mixture of social engineering and a little bit of spoofing. Emails appear to be from a recognized source and aim to trick you into giving them things like your bank details or login credentials to valuable data sources. These attacks are becoming more and more sophisticated over time. You can stop yourself from falling victim by:
Looking at the sender’s address – they are good at spoofing addresses so that they appear to be from a legitimate source but the address is usually not 100% correct. For example, there is a spelling error or it comes from email@example.com rather than firstname.lastname@example.org.
Look for bad spelling and grammar – phishers they don’t spend time on the quality of the content in their emails and it is often easy to see by the language, wording, spelling and grammar that it’s likely not from your bank or telco provider (which does spend a lot of time on its content).
– Hover over links before you click on them to check if it’s a legitimate site – if it isn’t, don’t click on it to check – just delete it.
If you’re unsure whether an email asking you to confirm your credentials or verify your identity or re login to your account (and so on) is legitimate, call the sender and ask if they sent it to you – if you can’t reach them – just delete it. Most banks and the like will never ask you to login from a link in an email, so that alone should be a warning sign.
2) Mobile security
We use cellphones every day. Given the amount of personal (and company) information we keep on our phones, everyone needs some security in place. Our mobile devices are advanced pieces of technology. In addition, they have many different ways to connect themselves to the outside world. One of the most common ways to connect our mobile phones is through a cellular network. This would be our mobile devices, such as our cell phones, being able to communicate over this wireless network that’s separated into different segments called cells. We have an antenna inside of our mobile device, and it’s able to communicate to the antennas that may be in our local area.
Another common way to connect our mobile device is over a local Wi-Fi network. It obviously would have exactly the same security concerns as any other device on that Wi-Fi network, so we have to be sure that any data that we’re sending back and forth is encrypted.
Check your apps – a lot of them, even the legitimate ones, are full of spyware, which captures your data and shares it in the background without your knowledge. Before you download an app look at the permissions, it is requesting. If it is a calculator, for example, does it really need access to your contacts and photos? Checking that the permissions requested are only what is needed.
Passwords have been around for ages. We all use them, and reuse them. That we reuse them is part of the problem. If your password is compromised on one site, like Facebook, for example, and you have used the same password on other sites, attackers now have access to your profiles wherever you’ve used that password. This has become such a problem that many companies are reintroducing PINs as they believe they are more secure.
If you battle to remember a long line of random numbers, or numbers and letters (and who doesn’t?), you might find a passphrase easier. A passphrase can be a favorite line from a movie or book. Not something obvious like ‘Luke, I am your father’, but something that appealed to you and hasn’t made its way into pop culture history. Make the phrase more secure by swapping letters for numbers. For example, ‘Troy fell’ can become Tr0y f2ll. There are millions of books and movies so you can use a different phrase for each account you have.
4) Public and private Wi-Fi
If you can rather avoid using public Wi-Fi, it may be convenient but there is no way to be sure if it’s safe. On a public Wi-Fi network you have no idea if you connecting to someone else’s computer who is harvesting your information with each click and keystroke.
When it comes to your private, home Wi-Fi make sure you give your router a proper password. Many people take the router out the box, set it up and leave the username and password set to admin. Likewise, don’t call it Joe’s router, everyone in your street will be able to see it, and know it’s yours. Rather give it an obscure name, and change the username and password to something specific, and not easy to guess.
5) Be aware of social engineering
Social engineering is on the rise. This is the art of using normal conversation to manipulate people into giving up information on themselves or their companies that hackers can use to access personal and valuable data and systems. Social engineering is a very low tech form of a security attack. In fact, that doesn’t involve any technology at all. It involves someone else who’s trying to gain access by using social engineering techniques.
You never know exactly what the bad guys are going to come up with next. They’re always using different stories and different ideas to try to gain information from you, using these social engineering techniques.
The bad guys use phishing emails or face to face or telephone conversations, pretending to be a customer or a person wanting to do business with you to extract information they can use. If you get calls like this, take it to your IT team, who can investigate who they are talking to and why they need that specific information.