Don’t Forget About the Basics! – The Cybersecurity Easy 8

There are some simple things you can do that can vastly improve the foundation of your cybersecurity security posture and lessen the chances of a major malware infection on your network or system(s). They are all easy steps and should be common sense these days, but they remain essential basics in today’s dangerous digital world which can’t be overlooked. Cover 95% of potential problems right out of the gate with just a little effort, and we can then of course help you focus on the other problematic 5% of nasty cyber threats out there.

Antivirus/Antimalware Software – If you don’t have some kind of reliable antivirus software always running in the background, you should consider yourself already compromised. In fact, chances are very good that an intruder has access to your system and/or data right now. There are even free solutions like Avast and AVG which prevent many common threats, so there is absolutely no excuse to not have at least minimal protection. Whatever antivirus/antimalware solution you use, set it up to accept automatic updates (very important) and schedule it to run scans daily. This step alone will protect you from over 90% of the threats out there.

Beware of Phishing and Spear Phishing Emails – A phishing email looks like it comes from a well-known organization, like PayPal, Amazon, or a national bank, containing a malicious attachment or a link for you to click which will open the door to an infection, or worse. Hackers blast phishing emails to thousands or millions of email addresses hoping someone clicks. Spear phishing campaigns, on the other hand, are targeted and designed to make them much more effective against a specific organization, or even an individual. Hackers will often do extensive research to make their email very convincing, using personal or business information acquired from social networking sites like Facebook, LinkedIn and Twitter, or other publicly available information. They will usually make them look like they are coming from a trusted source, like family, friends, or internal personnel or departments. Sometimes they’ll be disguised as a notification from within the organization for an incoming fax, a scanned document, or a voicemail message, all designed to look “trustworthy” enough to entice the target to open an infected attachment or follow a link to a malicious site. The primary rule concerning email is question everything. Don’t follow links in any email to check an account or verify the “problem” you are being notified about, and don’t download and open attachments you are not absolutely sure about. And don’t be afraid to make a phone call to whoever just sent you an unexpected email to verify it came from them. But don't use the phone number included in the email - hackers set up boiler rooms to receive those calls! Also look for bad English and grammar, as many of these campaigns originate in foreign countries where prosecuting offenders is much more difficult. This is also the most common and successful vector for the scourge of ransomware to be introduced to networks and systems.

Web Habits – Some common sense goes a long way. Illegal download sites for software, games, music and movies are notorious conduits for hackers to deliver viruses and other dangerous malware, so always consider the source. If you have doubts, run a check on the URL to see a little of their history. We've even made a handy tool for you to use that leverages Google’s massive resource base.

Pop-ups – Whenever you're browsing the Web and see a pop-up message appear, exercise extreme caution: pop-ups are a favorite means of delivering viruses. Even clicking the close button or the “x” may be enough to get you into hot water. A favorite tactic of hackers is generating messages that pop up and look legitimate, like your browser or media player is out of date and needs an update, prompting you to click for the update. DON’T DO IT. And never trust a pop-up that says you’ve been infected with something and to “click here” to get rid of it. Go to the source yourself with valid URLs you are sure about.

Keep all software and applications up to date – A favorite exploit vector for hackers is out-of-date software, or even worse, End of Life (EOL) software and utilities that are so old they are not even supported by their manufacturers anymore. Operating systems like Windows, and popular browsers like Chrome and Safari are in use every day on billions of systems and devices worldwide, and that’s a numbers game hackers just love to take advantage of. So when your system or software tells you an update is available or that something is no longer supported, take care of the update/upgrade right away. And remember to beware of pop-ups informing you about updates, as discussed above!

USB Sticks/Flash Drives – Small, convenient and with tremendous storage capacity, USB storage devices are a great way for hackers to get their foot in the door and even move past air gaps to more sensitive areas within an organization. It’s a common practice for hackers to load them with a virus and then leave them laying around in smoking areas, waiting and break rooms, or even on subway or park benches, hoping someone will pick it up, plug it in and deliver the malicious payload. With a little thought and ingenuity in selecting “drop-spots,” it’s also a favorite method for hackers to target specific organizations or individuals. Never plug in any USB storage devices from questionable or unknown sources. You may just want to see what it is so you can return it, but the “reward” you may get is not anything you want. And beware of freebies and gifts. Gifts like these can keep on giving – your data to hackers.

Passwords – Using the same password for everything is a very dangerous habit, and unfortunately, an all too common practice that hackers rely on. Create strong passwords (a mix of letters, different case, numbers and special characters) and change them regularly. And don’t use the same login credentials across platforms. Using the same password(s) for many things makes it easy for a hacker to turn one stolen password into a skeleton key of sorts, allowing them to compromise a target on multiple fronts.

Two-Factor Authentication (2FA) – Put simply, two-factor authentication is an easy way to add an additional layer of security for user access to an account. With two-factor authentication, you'll need to not only provide login credentials, but also prove your identity in some other way to gain access. By far, the most common form of 2FA is to set up an account to text a code to your mobile phone which will be required to complete the login process. This would mean an attacker would not only need to have access to your login credentials, but also access to your mobile device. It’s obviously a lot easier for a hacker to steal or crack credentials from their lair than for them to also gain physical access to your device. But 2FA is not only limited to this form, some 2FA measures are more high-tech, like biometric fingerprint or retinal scans for instance, but they all have the common thread of being a second form of ID that make it much harder to gain unauthorized access.  Multi-factor authentication (MFA)  is an even more robust approach to this concept, requiring 3 or more forms of “ID” for access.

There are a lot of cyber threats out there for sure, and GDF can help you across the entire cybersecurity spectrum, from professional vulnerability assessments and penetration testing, to application testing, emergency incident response and regulatory compliance. But when it comes to these easy 8 cybersecurity basics, you don’t have any excuses to wait.

For all your cybersecurity needs, call GDF at 1-800-868-8189 today, or fill out the form below and we’ll contact you.

*Global Digital Forensics is a recognized industry leader in the fields of computer forensics, cybersecurity and emergency incident response, with years of experience assisting clients in the government, banking, legal, healthcare, education and corporate arenas. For a free consultation with a Global Digital Forensics specialist, call 1-800-868-8189 about tailoring a cost-effective plan which will meet your unique needs, without wasting resources on solutions you simply don’t need. Emergency responders are also standing by 24/7 to handle intrusion and data breach emergencies whenever and wherever they arise. Time is critical if a cyber incident has occurred, so don’t hesitate to call 1-800-868-8189 for immediate help. For more information, visit GDF's cybersecurity page.