Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

// // //
11:30 AM
Joseph Carson
Joseph Carson
News Analysis-Security Now

Simple Steps to Online Safety for Cybersecurity Awareness Month

National Cybersecurity Awareness Month is a great time to give your users a new list of security tips.

Why do we continue to see so many cyber breaches? If we look at why many of the breaches in recent years have occurred, we can identify three major culprits: The Human Factor, Identities and Credentials, and Vulnerabilities.

As a digital social society, we are sharing more information publicly, ultimately causing ourselves to be much more exposed to social engineering and targeted spear phishing attacks. The ultimate goal of these attacks is to compromise your devices for financial fraud, or to steal your identities in order to access the company you are entrusted with protecting. This has the potential to damage your own personal data in the process. Once your identity has been stolen the attacker can easily bypass the traditional security perimeter undetected. And if that identity has access to privilege accounts, they can easily carry out malicious attacks under your name.

As people -- or businesses -— power up devices and connect to the Internet to access online services, they risk becoming a target of cyber criminals and hackers. It is critically important to know how cyber criminals target their victims, what you can do to reduce the risk, and make it more challenging for the attackers who steal your information, your identity or your money.

Cyber threats can come from attackers using many different techniques, though what is clear is that people are on the frontline. It's crucial that you can identify the threats or know what to look for to determine if something is authentic or suspicious. It's important to learn these techniques -- being able to quickly identify a threat can make the difference between the destruction of your sensitive data and averting a major catastrophe. Yes, you can be the hero that prevented a cyber catastrophe so let's help you be prepared.

Tips on how to stay safe online and avoid becoming a victim of cybercrimes:

#1 Back up your files:
Make sure you take regular backups of your important files as this is the fastest and best way to recover from nasty malware like ransomware that encrypts all your files and makes them unavailable until you pay bitcoins. Having a backup will help you quickly get back up and running with little impact to your digital life. #2 Keep applications and systems up to date
Allow your applications and systems to get those much-needed security updates, and then allow your system to restart. This is one way to keep common cyber threats from easily accessing your devices and stealing your information, your digital identity and your money. #3 Use $rOng3r & 5m@rt passwords and passphrases
When choosing a password/passphrase, make sure you choose a strong password that is unique to that account, and change it when you suspect suspicious activity. The average age of a social password today is years, and social media does a lousy job of reminding you how old your password is, how weak it is, and when it's a good time to change it. It's your responsibility to protect your account so protect it wisely. If you have many accounts and passwords use an enterprise password and privileged account vault to make it easier to manage and secure them. Never use the same password multiple times. #4 Use two-factor or multi-factor authentication
Make it difficult for cyber criminals to easily access your online accounts and steal your information by enabling and using two-factor or multi-factor authentication. Do not let a password be the only security control stopping cyber criminals. Two-factor and multi-factor deter cyber criminals end encourage them to move onto an easier target. #5 Beware of hyperlinks
We are a society of clickers; we like to click on things. For example, hyperlinks. Always be cautious of messages with a hyperlink and ask yourself: Was I expecting this? Do I know the person who is sending it? If in doubt, ask the person if they actually sent you something before clicking on a link which might be malware, ransomware, a remote access tool or something that could steal or access your data. Nearly 30% of people will click on malicious links, so be more aware and cautious. Before clicking, stop and think. #6 Be aware of what you do over public WiFi
It's better not to use a public WiFi network without VPN. Rather use your cell network (3G/4G/LTE) when security is important. When using public WiFi ask the vendor for the correct name of the WiFi Access point and whether it has security. It is common for hackers to publish their own WiFi SID with similar names.

Disable "auto connect WiFi" or enable "ask to join networks." Hackers will use WiFi access points with common names like "Airport" or "Cafe" so your device will auto connect without your knowledge. Do not elect to remember the WiFi network.

Use the latest web browsers as they have improved security for fake websites. This prevents someone from hosting their own look-alike websites, like Facebook, waiting for you to enter your credentials. Do not click on suspicious links even via social chats, like videos that have your photo, and beware of advertisements that could direct you to compromised websites.

Use a least privileged user or standard user while browsing, as this will significantly reduce the possibility of installing malicious malware. Use a VPN service. Always assume someone is monitoring your data over public WiFi. Do not access your sensitive data like financial information over public WiFi. Do not change your passwords and beware of entering credentials while using public WiFi. If you have a mobile device with a personal hotspot function use this over public WiFi where possible.

Stay safe online with these best practices and avoid becoming the next victim of cybercrime.

Related posts:

&emdash; Joseph Carson is Chief Security Scientist at Thycotic and a Certified Information Systems Security Professional (CISSP).

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
Everything You Need to Know About DNS Attacks
It's important to understand DNS, potential attacks against it, and the tools and techniques required to defend DNS infrastructure. This report answers all the questions you were afraid to ask. Domain Name Service (DNS) is a critical part of any organization's digital infrastructure, but it's also one of the least understood. DNS is designed to be invisible to business professionals, IT stakeholders, and many security professionals, but DNS's threat surface is large and widely targeted. Attackers are causing a great deal of damage with an array of attacks such as denial of service, DNS cache poisoning, DNS hijackin, DNS tunneling, and DNS dangling. They are using DNS infrastructure to take control of inbound and outbound communications and preventing users from accessing the applications they are looking for. To stop attacks on DNS, security teams need to shore up the organization's security hygiene around DNS infrastructure, implement controls such as DNSSEC, and monitor DNS traffic
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2023-05-26
Craft is a CMS for creating custom digital experiences. Cross site scripting (XSS) can be triggered by review volumes. This issue has been fixed in version 4.4.7.
PUBLISHED: 2023-05-26
Django-SES is a drop-in mail backend for Django. The django_ses library implements a mail backend for Django using AWS Simple Email Service. The library exports the `SESEventWebhookView class` intended to receive signed requests from AWS to handle email bounces, subscriptions, etc. These requests ar...
PUBLISHED: 2023-05-26
Highlight is an open source, full-stack monitoring platform. Highlight may record passwords on customer deployments when a password html input is switched to `type="text"` via a javascript "Show Password" button. This differs from the expected behavior which always obfuscates `ty...
PUBLISHED: 2023-05-26
Craft is a CMS for creating custom digital experiences on the web.The platform does not filter input and encode output in Quick Post validation error message, which can deliver an XSS payload. Old CVE fixed the XSS in label HTML but didn’t fix it when clicking save. This issue was...
PUBLISHED: 2023-05-26
GDSDB infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file