Jazz Networks Blog 180723

According to Gartner, 90% of insider incidents are due to human error—employees without malicious intent with potentially damaging actions. If humans are the weakest link of an organization’s security, how can you be confident you’re not a part of the statistics?

You need to protect both your company’s and personal accounts and devices to avoid any leaks.

6 steps to increase your security

Increasing your security is easier than you think. Just follow these simple steps:

  1. Never reuse a password. You can use a password manager, such as LastPass, 1Password, or Apple’s Keychain Access, to generate and remember unique passwords each time you create a new account. Google Chrome has this capability within the browser. Most password managers are free and offer various features. If one of your accounts is breached, you only need to change your password in one place.
    Tip: You can check if any of your accounts have been compromised at haveibeenpwned.com. If there has been a breach, change the password as soon as possible. If you used the same login credentials for any other accounts, change the password for these, too.
  2. Enable multi-factor authentication/two-factor authentication (MFA/2FA) everywhere. Websites like Facebook, Apple, Google, Instagram, LinkedIn, Twitter all offer this security feature (see a full list of providers at Two Factor Auth List). Less than 10% of Gmail users enable 2FA, even though it significantly increases security, according to The Register. Most applications integrate with Yubikey (hardware authentication device), Google Authenticator (app), or your phone (text message). It is worth mentioning that SMS-based authentication has its limits (Krebs on Security). Remember to have more than one authentication method, in case you lose one. If someone obtains your password, they still won’t be able to log in.
  3. Keep your software up to date to ensure you don’t miss out on major security patches. Better yet, set your devices to update automatically or overnight to reduce the impact on your workflow.
  4. Check email addresses and link addresses before clicking on anything in an email. Hackers are experts on social engineering. Spear phishers will research you in advance to optimize their chances of you sending them sensitive information, e.g. your bank password. If you receive an email that you suspect is spam, report it as spam/phishing and delete it immediately.
  5. Back up your data periodically. This is good practice in case something happens to your device. Backups can be automatic using a cloud storage provider, such as Google Drive or Dropbox. However, if you back up your data to cloud storage, ensure the files are read-only from the computer. This way, if you’re victim of ransomware, the files cannot be encrypted and/or deleted.
  6. Be wary of unsecured networks. Everywhere we go, we search for Wi-Fi networks to avoid using our mobile data. But we quickly forget we’re connected to an untrusted and potentially hostile network. Although HTTPS (seen in the website address) offers protection, and things are improving with HSTS (The Akamai Blog), downgrade “Man-in-the-middle” (MITM) attacks are still present in the wild. These attacks allow a third party to eavesdrop on your communications and see the passwords and other information you enter when browsing the web. The third party can then modify what you say and misrepresent you or the person you are talking to. In addition, be wary of your file sharing settings when on public networks, and on untrusted networks only use secure communications. For example, use your mobile data when you need to connect outside of the company network, or a company VPN (remember to keep it up to date!).

What do people want to get their hands on?

There are threats out there—both for individuals and organizations.

An individual’s sensitive personal information and files are targets for outsiders. Personal information can be used to steal your bank details, open bank accounts, and destroy your credit, or sell your information to third-party, doxing, and blackmail. Files can be stolen, changed, or destroyed. In addition, unauthorized users can install malicious software (known as malware) on your devices. As soon as you connect your devices to the internet, outsiders can use your errors against you to gain unauthorized access.

Some common targets in an organization are intellectual property, sensitive employee information, and high-value customer information.

Security is everyone’s responsibility

Demystifying cybersecurity is important. Making security easier to understand by default makes it simpler to improve (which is what we’re trying to do at Jazz Networks). It’s no longer acceptable to have no security policies in place—either in your professional or personal life.

Modern computers can’t handle today’s increasing cybersecurity threats alone—we all need to take the steps to increase our security today.

Sources:

  • Gartner, “Market Insight: Go-To-Market for Advanced Insider Threat Detection”, June 19, 2018
  • Krebs on Security , “Reddit Breach Highlights Limits of SMS-Based Authentication”, August 1, 2018
  • The Akamai Blog, “Ensure secure browsing with HTTP strict transport security (HSTS)”, August 1, 2018
  • The Register, “Who’s using 2FA? Sweet FA. Less than 10% of Gmail users enable two-factor authentication”, January 17, 2018
  • Wikipedia, “Doxing”