Last month we scared you quite a bit with our cybersecurity talk, didn’t we?
After interviewing Jakub Růžička, Creative Dock’s own ethical hacker and cybersecurity expert, I began to worry. I even found myself mapping my attack surfaces.
But the fear paved the way for handson solutions!
Now, aware of all security risks, we are ready to kickstart our defensive plays. In this article, Jakub shares five simple, easytouse best practices that you can implement right now to harden your endpoint protection.
Welcome back: Jakub Růžička
1. IMPROVING YOUR PASSWORDS
When it comes to passwords, most websites differ in the level of complexity they require.
I recommend two things:
First, instead of using passwords, I advocate using passphrases.
Passphrases can be any random sentence, written as one word. Passphrases are longer and therefore harder to guess. However, it should be something original, not a current pop song refrain as these can be easily included in attackers' dictionaries.
Second, use a password manager.
This enables you to generate random, long and complex passwords, without the need to remember them. Basically, you got two options. The tradeoff lies between userfriendliness and security. You can go for an inbrowser solution, like LastPass, or a desktop one, like KeePass.
While LastPass is more userfriendly, the desktop solutions don't need to authenticate against any remote server and don't directly rely on the security of your web browser.
2. SETTINGUP MULTIFACTOR AUTHENTICATION
Wherever possible, activate multifactor authentication. It’s the second layer of security you can add without much effort. If your passwords get hacked, the attacker still needs another factor to access your account.
There are multiple options out there…
The most common ones are SMScodes, Google Authenticator, fingerprint scanners, facial recognition and a handy little tool called Authy. A less common one when it comes to personalas opposed to corporateuse (but more secure) option is the use of a hardware key, or token. I carry one with me all the time. The standard is called U2F. You don't need to retype any PIN but simply plug the key into your USB port or use NFC on mobile devices.
But there’s still a risk…
Even with multifactor authentication in place, you still need to watch out for social engineering, meaning fraudulent websites tempting you to enter your data.
3. SECURING YOUR WEB BROWSER
If I get access to your web browser, I likely get instant access to your crucial accounts.
Think about it, we spend 90% of our computer time using a browser. A huge part of our data (like emails, documents, photos etc.) resides in various online services. But do we ever log out of our accounts? Take Facebook, for example. Almost No one logs out after each session. And even if you do, your password is likely autofilled and you just need one click to enter.
Securing your web browser is crucial; it’s the gateway to your sensitive data.
The best way to protect your browser is to protect your computer. Never leave it unattended. Use fulldisk encryption and a strong passphrase in case your computer gets stolen. Moreover, make sure to update your web browser and doublecheck the reputation of browser extensions you install.
4. USING SECURITY BROWSER EXTENSIONS
There are a few useful extensions out there. I highly recommend using an ad blocker (even though I work in a marketingheavy field). Unwanted ads and popups are a common source of malware. An AdBlocker puts you in charge to decide which servers you trust or want to support by displaying their ads. On top of that, there's "Disconnect" that restricts thirdparty services that can track you and I would generally recommend anything from EFF like the "HTTPS Everywhere" extension.
When it comes to web browsing itself, security extensions installed or not, don’t ignore your browser’s warnings.
If your browser recommends you not to enter a certain page, you are better off following this advice. For example, if your browser says "Your connection is not secure" and the application's admin says "just click Proceed", he's actually teaching you bad security habits that are likely caused by someone's laziness to configure everything properly.
5. BACKING UP YOUR DATA
More often than being hacked, you can lose your data by deleting something by accident or simply by breaking your device. That's why I strongly advise you to backup your data. I even recommend turning it into a habit, like brushing your teeth. The loss of a device is bad, but nothing hurts more than losing your valuable data.
You always want to keep it in at least two separate locations.
You can use cloud solutions, like Google Drive, or "oldfashioned" external hard drives. At this point, you should be able to assess the different risks related to each of the two options.
These were five easy to follow practices to stay safe online and offline.
Like we said earlier, humans are, unfortunately, the weakest link in the cybersecurity chain. Therefore we know we should not rely too much on thirdparty solutions but focus first and foremost on our own security awareness in order to improve our security stance. Hopefully, this article shifted you in the right direction!