Improving Cyber-Security Hygiene: Nine Methods to Fight Off Intruders

There’s no question that hacked credentials and thefts of business data and personal information are on the rise. The number of breaches caused by compromised usernames and passwords rose 18 percent in 2016, according to Verizon’s 2017 Data Breach Investigation Report. Today, more than four out of five intrusions start from stolen credentials. There are actionable steps that everyone, from the individual to the major corporation, can take to protect themselves. This eWEEK slide show, using authentication security expertise from WWPass founder and CEO Gene Shablygin, offers nine of the most effective ways you can stop the most notorious criminals from stealing identities and wreaking havoc. Some of these we’ve heard previously, but they cannot be highlighted too often.

A major part of the problem is how we use passwords. If you can create and remember the credentials, a creative hacker with a few tools can obtain the login information with relative ease. Password managers ensure that passwords are long, randomized character strings that aren’t easy to crack. Since the owner only knows one master password to get in, the rest are safe from the worst types of attacks.

Most of the time, a hack is already underway when an organization discovers it. It could be too late to intervene and prevent damage by then. Setting up multifactor authentication (MFA), whether it’s an email confirmation or security token, will create an extra hurdle the hacker needs to get over to pull off the breach.

Use a password generator.  At the bare minimum, your passwords should adhere to the following rules: Use no fewer than 10 to 12 characters, a mix of upper and lowercase letters, a combination of letters and numbers, no personal identifying information and no identifiable words in any language. Anything less than this puts you at risk from password cracking, which has gotten much more effective as the technology has progressed.

Despite your best efforts, sometimes credential theft is beyond your control. Since usernames also function as an “online address,” multiple accounts can be at risk when one is compromised. Every password must be unique in order to stop the domino effect of account hijacking. At the very least, insulate accounts with sensitive data from noncritical ones by creating passwords (and usernames) that are solely used for each individual account.

Public WiFi is tricky: While convenient, you never really know who else is connected, or if the WiFi source itself is a trap. It’s best to avoid connecting your computer to any public network unless you absolutely trust the source. Either way, it’s best to keep your online activities to a minimum, especially if you conduct sensitive activities such as banking or checking your work email on public networks.

No piece of software is perfectly secure on Day 1, and researchers discover exploits for outdated software all the time. Viruses can easily infect these machines, as recently proven by the Petya ransomware attack. Security pack updates are vital if you want to seal these exploits. Always use up-to-date software before you ever connect your device to the internet.

Be wary of anyone who asks for your passwords through email, phone or texting. Even the savviest people have fallen for official-looking emails with doctored logos and origins. Almost every company responsible for storing your login credentials doesn’t do this for security reasons. In these circumstances, it’s better to follow the old motto “trust no one.”

IT departments can have their hands full trying to stay on top of exactly what’s going on with the computers for their team as well as everyone else on the network. However, keeping an eagle eye on software installations, suspicious web history and permission requests will make it much easier to notice anomalies that could be malicious software or an intruder. Be cautious when installing new software or apps; you should ensure new prompts for updates come from trustworthy authors. Only give administrative access to trusted executives to minimize the potential spread of malware.

Regularly backing up your data is IT 101. It’s no less important today than it was during the PC boom of the ’80s, but this simple step can fall to the wayside as a lower priority among other fire drills IT has to handle. You can easily recover from any breach, including the Petya attack, if you can restore the system to a pre-hacked state. Creating encrypted backups should be a part of your IT team’s routine.