We live in a totally technology-dependent society and now more than ever people and companies in the West can be victims of large-scale cyber attacks.
At CARDEI STUDIO we want to highlight this situation and, in addition to offering some basic advice, we invite you to investigate further on this matter to be as protected as possible.
There are no infallible formulas to protect your computer, your mobile or your cloud accounts, but by following a few basic tips you can make it difficult for attackers.
1. Become aware of the situation, the risks and the impact on you or your organization in the event of being hacked.
2. Prepare a basic prevention plan and carry out all the necessary actions to protect yourself. This plan may vary if it is a company or an individual but the principles are the same.
3. Have a recovery plan in place in case things finally go wrong.
1. Identify potential weak points
2. Act as soon as possible
Any electronic device in the home or office must be fully up to date. System updates can be annoying but they are essential as many fix security holes. You must also have an antivirus and antimalware that are endorsed by the community when it comes to detecting malicious files.
Activate the firewalls of all devices and block all ports on both computers and network devices such as routers, modems, etc.
Most modern operating systems offer the possibility of hard drive encryption which adds a lot of security in the event that a device is lost or stolen.
Neither the name of our children, nor that of our pet, nor the favorite football team, nor dates of birth, etc. Of course, do not put only numbers and that they are related to the password of another type of account, such as the bank account.
You always have to combine numbers, uppercase letters, lowercase letters and symbols. In this way it is more difficult to obtain them and that they do not appear in standard password dictionaries used by hackers. Implement a strong password policy and never use the same password across multiple sites.
We can keep talking about strong passwords all week, but if your password somehow gets leaked, it means nothing. Choose carefully how and where you store passwords and educate everyone in your family or organization to adopt a common policy on security and use of strong passwords.
What you can do is make sure that your password is not the only thing between any user and the access point by trying to add two-factor authentication and/or biometric components, whenever possible.
Always act with safety in mind. Always try to identify possible weak points and establish their correction as the highest priority within your home or organization. Knowledge is power.
Always acting based on security protocols is an essential step, otherwise tasks such as opening an email or transferring files to a server can become completely vulnerable. If data is also accessed or sent through unknown sources or untrustworthy sites, the cyberattack is being facilitated.
In a suspicious situation: If you are not sure, do not act... Find out and ask for help before acting!
Check the authenticity of links and profiles on social networks. It is very common to suffer attacks through phishing by means of which an attempt is made to acquire confidential information fraudulently, usually through email. Nowadays, false profiles are created on social networks to capture this data, especially through unofficial company accounts in order to deceive.
These techniques are becoming more and more elaborate and due to their constant evolution and development it is not always easy to detect fraud.
When you are away from your home or office, limit the connection time of your devices and use mobile data whenever possible instead of connecting to third-party Wi-Fi networks. Always use VPN when you have to connect to third-party Wi-Fi and try to keep the connection limited in time and avoid transferring sensitive files.
As part of your security strategy, adopt a policy of authentic and up-to-date software and content as the only option.
On the net there are many options to download software or multimedia files with the best music or movies. They are a propitious source to try to place malicious programs on the system and thus be able to carry out an attack. Even if the download is legal, it is necessary to check beforehand that the website is not suspicious.
Mainly on social networks and also on any type of web page that is not trusted. It is recommended to only use them when it is essential. Large companies have suffered the theft of their customers' information, so there is no maximum security for this issue. We must also be aware of who we share our information with on the network, whether through images or text.
Hackers use personal information to carry out very complex social hacking attacks, being able to put several companies at risk at the same time.
While social hacking used to be limited exclusively to social interaction with the victim, the current concept of social hacking is much broader. This includes intensive research on people on the Internet. In this way, the attacker can create a personal profile of his target person or group, which facilitates the preparation of subsequent attacks.
Social hacking is, in principle, a successive form of attacks that begin in the digital sphere but often go to the next level when hackers who have previously studied the victim's profile approach the victim disguised as potential friends and/or with. common interests.
It is essential! If we suffer some type of attack or have a problem, we can always recover the lost information. At first you may be lazy to do it but in the long run it is appreciated to have that support.
Make regular copies both in secure environments in the cloud and on encrypted hard drives dedicated exclusively to this purpose.
Educate all members of your family or organization about cybersecurity risks and prepare them to act correctly and safely. Limit access to the entire digital infrastructure within your organization to people who have not been previously educated and informed about cybersecurity and about the policies and measures implemented by the organization.
Whenever we find content that is not appropriate or a page that could pose a risk to the user, it is best to report it to the police or institutions in charge of this type of process.
Given the current scenario of war in Ukraine, the cybersecurity councils warn: "No service or technological system is free of risk" - This is the warning from the National Cyber Security Center of the United Kingdom that, like the rest of the homologous entities in all countries, it has issued warnings to companies and institutions to strengthen their defenses on the Internet.
International agencies ask companies and entities to double their defenses and those of the United States warn of the threat of intrusions through the Windows 365 environment.
Some of the evidence of an attack, according to US agencies, are: frequent failed authentication attempts, access from different usernames or from different IP addresses, the use of the same IP for several accounts, detection of users who start a session from addresses evidencing a significant geographic distance in a short time, abnormal password resets, domain control attempts, or activity from accounts that were inactive or infrequently used.
From CARDEI STUDIO we recommend hiring additional services such as Cloudflare that block many large-scale attack attempts and allow complex firewall configurations to help protect web pages.
Act as soon as possible and stay protected!
If you use WordPress, we recommend you also read the article Five tips to improve the security of your WordPressto try to improve the security of your website.
Thanks for reading the article. Prevent a cyber attack
Written by M. Catalin Cardei, on Friday 25 February 2022, in the category Security