top of page

Search Results

2 items found for ""

  • Gone Phishing - Protecting Against Phishing Attacks

    What is Phishing? Phishing is a term in Information Technology and Cybersecurity that refers to the malicious practice of using hyperlinks to break into a user's internet/intranet connected device. The goal of this practice can vary from information harvesting to extortion for money and much more. The use of hyperlinks is generally to download a script or executable program file into your computer that would give access to a malicious actor or run a program automatically that would do the same. Depending on your work history, you may have had some educational classes that inform you about what phishing is and how to spot it. A limitation for classes like this can be that they are not staying current with the evolving hacker practices. Phishing was historically an email specific practice in the early days of mass adoption of the internet. In the time since, phishing has evolved to include text messages with links and more recently QR codes also. There isn't a limitation with where this could eventually go from here. How can you Spot Phishing? As scary as it sounds, protecting your smartphones, laptops, computers and other internet connected devices can be a simple repetitive practice by you and any others in your family or organization. Everyone falls victim to this kind of attack eventually. The common occurrence for when phishing is successful is when you are exhausted, overwhelmed and/or emotionally pressed. In order to protect yourself, you need to be aware and incredulous about communications that are being sent to you. Some historical indicators were email addresses, bad punctuation and an urgent need to respond to the sender. A sense of urgency, much like the high-pressure sales person at a car dealership is a quick indicator that you need to review the message carefully before clicking any links. Some consideration of whether you were expecting the message and likely to be asked to do something is important to think about also. You have probably read a lot of high fantasy about AI or artificial intelligence. At this time, this is not important to consider as it doesn't exist currently. What you and many others may mistaken for AI is a combination of data harvesting your personal information and targeting you by your personal indicators such as age, interests, race, shopping habits and more. Sometimes it can be challenging to spot the difference between a real Amazon email and a fake one from a malicious actor. When in doubt, go directly to the source of your assumed sender such as Amazon if the email says Amazon and login directly through their website without clicking on any links in the message. This is the most secure method of verifying the message without interacting with it. How can you respond to Phishing Attempts? What can you do to protecting against phishing attacks? Well that is a complex answer. There are many different steps to protecting yourself beyond scrutinizing your email box. A great first step is to be careful what you click for. Verify with the source outside of the message when in doubt such as calling the source with a number you have before the message is received, send an email or login directly with a link you have used before. Targeted phishing campaigns rely on the gathering of your information sold via breaches and on the data brokerage market. As this is the increasingly common version of phishing attack, you need to be prepared. A strong approach is to remove your personal information where possible online first. The following steps will help you with that. Credit Locking One approach you can take is to lock your credit to prevent any unsolicited credit offers from being sent to you via mail, email and text message. This cuts down on the clutter coming to you, making it easier to spot what is important. It is a free service that all three major credit bureaus, Equifax, Experian and TransUnion are required to provide thanks to legislation from the United States federal government. You may need to do an internet search with the name of each provider and credit freeze to find it. The bureaus hide this option to sell services to you that you could be getting for free. The links to each are here, but they could become out of date. Please send us an email and we will update this article accordingly. Equifax: https://www.equifax.com/personal/credit-report-services/credit-freeze/ Experian: https://www.experian.com/help/credit-freeze/ TransUnion: https://www.transunion.com/credit-freeze Data Brokerage - Personal Data Removal A second approach that may depending on the quality of the service or if you do it personally is to request the removal of your public information from data brokerage companies online. Pretty much search your name and go through each company with your information and submit a request to remove your information. This will take time, generally in the months range, but if you keep at it, your information will disappear online and be sold less - resulting in your information getting stale and less valuable to send phishing attempts to. Social Media to Private This may sound more like a privacy breakdown, but making all of your social media accounts private, friends view only is another way to reduce the likelihood your posting information is used against you, and also reduces the likelihood of a social engineering attack (more on this one in the future). If you need assistance with changing your account to private or verifying that it is, search the name of the company and private view only and you should find instructions directly from the company's site about how to do so. Wrapping Up - Protecting Against Phishing Attacks It hasn't been mentioned in this article up to this point, but a strong personal security approach in your personal life makes for a more reliable and informed worker in an organization. We bring our habits into the workspace, whether they are good or detrimental. Information is key to staying on top of your personal cybersecurity. As we reach a point where daily life is virtually impossible without at least one computer, it is imperative that you take some time out of your regular routine to ensure you are staying on top of your security. You need to remain aware when checking messages from any source and ensure that they are expected to arrive and are from a trustworthy source. It is not a bad habit to be vigilant in a quickly changing landscape for information technology even if you don't work with it directly. As the imposter from Harry Potter and the Goblet of Fire book, who impersonated an auror - dark wizard catcher, Constant Vigilance! The irony here is not lost on the relevance of this in cybersecurity. Check out our article about password security to increase your data protection for access to your accounts. Additional Sources for Reading National Institute of Standards and Technology (NIST) Phishing information for businesses https://www.nist.gov/itl/smallbusinesscyber/guidance-topic/phishing Cloudflare Introducing Cloudflare's 2023 phishing threats report https://blog.cloudflare.com/2023-phishing-report/ Cybersecurity & Infrastructure Security Agency (CISA) Recognize and Report Phishing https://www.cisa.gov/secure-our-world/recognize-and-report-phishing

  • Enhance Your Security with Basic Password Practices

    Software is the platform that everyone operates on the internet in their day to day operations. Most interactions require logging in to verify who you are and to pull up data you have stored with a particular application. When this happens, you have become a critical point of risk both for the software and your own data. This is where practicing good habits for password creation and management can benefit for protecting your information and all other users of the same software. Hackers find the most success for breaking into systems through the use of login information. In the vast majority of cybersecurity incidents weak and reused passwords are the most common point of failure. Taking a few basic steps can make a major difference in improving the protection of your business infrastructure and protect your personal accounts at the same time. If you are in doubt, take a look at this report 1 from Norton about the statistics of passwords used across the internet. Basic Password Security Practices There are five building blocks of basic password security practices you should follow to greatly improve password security. They are increasing the complexity of passwords, not re-using passwords for different accounts, increasing the length of passwords, storing passwords in a secured vault and when possible enabling multi-factor (or two factor) authentication. Let's step further into how each helps you: Complexity Many password creation tools now require a mixture of upper and lower case letters, numbers (also called digits) and special characters. The more of these that are used, the longer it can take to randomly guess what the password could be. Also not using some of the most common passwords can help greatly also. This article 2 by Cybernews goes into greater detail and could surprise you about what people use as their password! Unique A reoccurring behavior by people is the reuse of the same password for multiple different logins. This is very risky as when it gets stolen or guessed by a hacker, they will then try to login with the same information for other accounts that are associated with you. Always use a unique password for each account. You can use a vault (further below) to store them since remembering passwords is becoming increasingly difficult. Longer Length is a single greatest measurement of protection for a password. For each character over 16 you can exponentially increase the safety of your login information. This is because cracking a password increases in complexity by the number of characters that make it up. If you create a password of 26 characters or more, the password becomes harder to crack than one that is 12 characters and follows a uniqueness rules above. Mathematics is quite impressive when it comes to applying cryptography for protecting information! Vault Stored We all have a difficult time applying these rules and remembering more than five unique passwords. I myself have more than 400 unique logins for different accounts. A virtual safe should be holding all of your passwords for when you need them. A password vault will require one password to unlock it, which will allow you to access and use your login information for other accounts such as servers, email and more. This is trusted and secure process that allows you to protect access to your information without having to type out, write down or remember all of the prior password suggestions mentioned above. *Remember to verify the provider you chose is a trustworthy company for protecting your information and that it can be used for all of the technology you are using. Multi-factor (or two factor) Authentication The last step is one you are likely familiar with in some capacity. This is to add a second method of verification for logging in. It could be a text message to your phone, a code from a code generator or a request to approve and enter a code through an authentication application. These protect account theft by requiring users to complete a second verified login action. In this way even if your password is stolen or somehow guessed, it will slow down or prevent access to the account until you are notified and able to change the password. Think of this as a backup protection for your accounts. Where possible you should set this up and ensure that a backup code is stored physically in a safe to prevent loss of access to your account in the future. Wrapping Up In software development, we always aim to be the most restrictive in terms of access to information. We also strive to eliminate vulnerabilities or weaknesses in the code. We always ask our business customers to consider upgrading the security of their information technology networks as software security can only be as strong as the servers and company's cybersecurity defense behaviors. This is in the best interest of all parties as a better protected network means business continues to operate and make money for everyone involved. Always remember that when you stop striving to improve, you fall behind. Keep learning and applying what you learn to the best of your abilities. References Stouffer, C. (2024, March 26). 139 password statistics to help you stay safe in 2024 . Norton. https://us.norton.com/blog/privacy/password-statistics Masiliauskas, P. (2023, November 23). Most common passwords: latest 2024 statistics . Cybernews. https://cybernews.com/best-password-managers/most-common-passwords/

bottom of page