Back in the days when the Internet was just beginning to explode, the stereotypical hacker was often portrayed as a hooded guy, working on his PC in a dark room to steal your data. In the modern world things get a little bit more complicated: often, cybercriminals do not act as single persons, but as groups of people with different skills and knowledge.
Cybercriminals mostly fall in one of these categories:
With such vast gallery of rogues, it’s really important to properly secure your personal and organization data. Here are some of the best ways to do it:
Strong passwords are often hard to remember, so they should be stored in a password manager, for example KeePassXC. It’s often a good idea to randomly generate them. KeePassXC and similar tools have a build-in password generator that will show you how strong your password (it’s mathematical entropy) is. If you need a strong but rememberable password, then the best option is to pick a quote or slogan (should be a sentence, not a single word) and then mix some upper/lowercase characters, numbers, and special characters in it.
A strong password can even save you when a data breach occurs, because almost always leaked credentials are hashed (encrypted) and the malicious actor needs to first crack them before he can use them. The stronger and more complex the password, the longer it will take to crack it.
Image source: https://www.statista.com/chart/26298/time-it-would-take-a-computer-to-crack-a-password/
Some of them are:
To stay safe, make sure to follow these best practices to defend from password attacks:
Multi-factor authentication is:
In the context of IT security, social engineering is the psychological manipulation of people into performing certain actions or revealing confidential information.
Social engineering attacks include:
Unfortunately, there is no single good way to defend from social engineering. It is important to stay vigilant:
Many services let you check if your data was leaked. One of them is https://haveibeenpwned.com/, which shows you if your mail accounts were a part of some major data breaches and what data exactly was leaked. Additionally, you can configure an automatic notification for your accounts or even whole domains, so you can always stay up informed about the security of your data.
If you don’t want to use Haveibeenpwned there are other services like https://monitor.firefox.com/ which provide the same functionality.
It’s important to keep an eye on your private or organization network’s public visibility and keep it to a minimum. The best option would be to use some public search engines like Shodan (https://www.shodan.io/) or ZoomEye (https://www.zoomeye.org/). They use bots to scan and index publicly visible resources like IoT devices or servers with open RDP or SSH ports.
Additionally, you can use the Nmap tool (or Zenmap on Windows) to scan your public IP addresses to check what ports are visible and if your firewalls are configured correctly. Nmap can use a plugin that automatically checks if your servers or devices are vulnerable to some known exploits (it will automatically provide a link to the exploit descriptions + tips on how to protect against it).
While traveling, it can be difficult to keep an eye on your cybersecurity. Follow these rules to reduce the risk of attacks:
Special care should be taken when using public open WiFi networks. There is always a small chance that someone is using the network as a ground for cyberattacks like:
It’s generally a good idea to use a VPN when accessing private or organizational data on public WiFi networks. It creates an encrypted connection that hides your network traffic from other people in the network. If you don’t have access to VPN, you can simply use your phone’s cellular network (via hotspot or tethering) to create a private connection to the Internet.
Nowadays, keeping our data safe is becoming increasingly difficult. However, by using the information and advice above, you can increase your cybersecurity and significantly reduce the risk of successful attacks.
Jędrzej Boguszyński
IT System Administrator