The Four Foundations Of Cybersecurity

As Cybersecurity month is in full swing, ProTech wants to remind you of the core foundations of Cybersecurity.

Core One: Human Firewall: test end users at least monthly with simulated phishing emails and train users that fail.

Typically, when someone talks to you about your firewall, it is a physical device or software on your computer. A typical firewall is a device and/or software that blocks certain types of traffic from entering your network.

Recently, focus has been on creating what is being called “the human firewall”. Employees become your human firewall with training that helps secure your network. A team of well-trained employees can also help protect your network.

91% of all cyberattacks start with a phishing email. Employees who aren’t trained to recognize and screen out phishing attacks enable a pathway for attackers to get around your defenses.

Core Two: Update & patch software.

You’re hard at work on your computer or device and a message suddenly pops up saying, “a software update is available”. You’re busy, so you click “cancel” instead of “install”, thinking you’ll get to it later, but you never do. Sound familiar?

It’s easy to skip software updates. However, ignoring updates can open the door for hackers to access your private information putting you company at risk for identity theft, loss of revenue, and more.

Many of the more harmful malware attacks take advantage of software vulnerabilities in common applications like operating systems and browsers. These are big programs that require regular updates to keep safe and stable. Software updates are essential to protecting your data and your network.

Software updates can also include new or enhanced features for better compatibility with different devices or applications. They can also improve the stability of your software and remove outdated features.

Core 3: Use unique, complex passwords: ProTech recommends using password management software to generate unique passwords for each account login.

Passwords are cumbersome and hard to remember. Simple passwords are easily guessed and easier to be hacked. While we have fingerprint and face-scanning technology, neither are perfect. Many still resort back to a strong and yet still frustrating password.

You need a password manager. Password managers don’t just store your passwords, they help you generate and save strong, unique passwords when you sign up to new websites. Often, password managers come with browser extensions that automatically fill in your password for you.

Sounds risky? “What if someone gets my master password?” That’s a reasonable and rational fear. But assuming that you’ve chosen a unique and robust master password (that you’ve not used anywhere else) it is a near-perfect way to protect the rest of your passwords from improper access.

The sheer number of passwords we have to remember is daunting. It’s easy to use one password across the board. However, that makes “credential stuffing” easier. Credential Stuffing is when hackers take your password from one breached site and try to log in to your account on other websites. Using a password manager makes it easier to generate and store stronger passwords that are unique to each site.

When you are in a crowded or busy place, think of who may be around you. Typing in passwords can be copied and later used by nearby eavesdroppers. Using a password manager in many cases removes the need to type any passwords in.

Core 4:  Set up multi-factor authentication on all accounts.

Imagine waking up one morning and discovering your accounts have been compromised. Enabling a simple step in securing accounts and your data, lowers the risk of a breach. That step is called two-factor authentication which is a mechanism to double-check that your identity is legitimate.

When signing into accounts, you are prompted to authenticate with a username and a password. That’s the first verification layer. Two-factor authentication works as an extra step in the process and a second security layer that will reconfirm your identity. Its purpose is to make attackers’ life harder and reduce fraud risks. However, you shouldn’t expect it to work like a magic wand that will miraculously bulletproof your accounts. It can’t keep the bad guys away forever, but it does reduce their chance to succeed.

There are three main categories of authentication factors:

1. Something that you know: This could be a password, a PIN code, or an answer to a secret question.

3. Something that you have: This is always related to a physical device, such as a token, a mobile phone, a SIM, a USB stick, a key fob, an ID card.
4. Something that you are: This is a biological factor, such as a face or voice recognition, fingerprint, DNA, handwriting, or retina scan.

Time and location factors can also be used. For example, if you log into your account, and someone tries to log in from a different country ten minutes later, the system could automatically block them.

Cyber attackers have the power to test billions of passwords combinations in a second. What’s even worse, 65% of people use the same password on all of their accounts. Answers to security questions are easily obtainable. Especially now that we willingly share details about our lives on social networks. Anyone that interacts with us daily can find out the answers to common security questions, such as the graduation year, the city that you grew up in, or our first pet’s name. Even if you don’t give these out in your Facebook profile, some can be found through public records. They are available for anyone who cares to look.

Two-factor authentication offers you an extra layer of protection, besides passwords. It’s harder for cybercriminals to get the second authentication factor. This drastically reduces their chances of success. And after all, that’s all that we want. To keep our data safe and secure.

If you would like to know more or to schedule a meeting, contact us at info@psgi.net