SOAR Platform / Blog / 8 Small Changes To Your Cybersecurity That Make a Big Difference

8 Small Changes To Your Cybersecurity That Make a Big Difference

8 Small Changes To Your Cybersecurity That’ll Make a Big Difference:

Small changes to your cybersecurity are crucial when it comes to preventing a cyberattack. Many of us fail to realize that our information is readily available and hackable at a moment’s notice. Just like the locks on our homes protect us, we must take decisive action to protect ourselves and our personal information from the burdensome ramifications of a cyber attack. Later in the article, we’ll discuss a few small changes to your cybersecurity that will help you protect yourself.

Part of living in the digital era is understanding that our private information is more vulnerable than ever before. News stories about ID theft and data breaches abound – the effects are felt by millions of consumers. While companies and institutions are constantly working to protect themselves with increasing security measures, you can play a role in this fight as well by understanding the role of cybersecurity.

What is cybersecurity?

The word can be categorized into two different words. Cyber means “stuffs directly or indirectly related to computers” and security means “protecting kinds of stuff from getting misused”. Terminologies like computer security or IT security are an alias for cybersecurity basics. Cybersecurity basics are steps taken to protect vital information from any theft or damage to hardware, software as well as information contained in them.

Cybersecurity is the practice of protecting our electronic data by preventing, detecting, and responding to cyber-attacks. With each convenience that technology has brought into our lives, the level of inconvenience has also been elevated by making it easier for hackers to obtain our personal and private records, and in turn, making it more difficult for us to prevent it from occurring. Simply withdrawing money from an ATM, electronically filing our taxes, or refilling a prescription online can put us at risk for being hacked.  With several recent and high-profile examples of cyber attacks, we have all become more aware of this growing problem and, unfortunately, become either a victim or know someone who has experienced this rising epidemic of crime.

Types of hackers

There are three different types of hackers: white-hat, black-hat, and grey-hat hackers.

  • White hat hacker: White hat hackers choose to use their powers for good rather than evil, driven by honorable motivations or honorable agendas. Also known as “ethical hackers,” white hat hackers can sometimes be paid employees or contractors working for companies as security specialists that attempt to find security holes via hacking. White hat hackers employ the same methods of hacking as black hats, with one exception – they do it with permission from the owner of the system first, which makes the process completely legal.
  • Black hat hacker: The term “black hat” is a way to describe these hackers’ malicious motivations – they’re the bad guys of the hacking world. Black hats are talented but unethical computer users motivated by money, fame, or criminal purposes. They may steal data to sell it or attempt to extort money from system owners. They can also be involved in cyber espionage, protest, or perhaps are just addicted to the thrill of cybercrime.
  • Grey hat hacker: These types of hackers are not inherently malicious; they’re just looking to get something out of their discoveries for themselves. Often, they will look for vulnerabilities in a system without the owner’s permission or knowledge. If they find any issues, they report them to the owner, sometimes requesting a small fee to fix the issue. If the owner does not respond or comply, then the hackers will post the newly found exploit online for the world to see. This type of hacking is illegal because the hacker did not receive permission from the owner prior to attacking the system.
Role of cybersecurity

We use cybersecurity in a wide array of disciplines. For example, communication systems, like email, phones, and text messages use cybersecurity. Transportation systems, like traffic control, car engines, and airplane navigation systems all rely on cybersecurity. Government databases, financial systems, medical systems, and educational systems are the same way.

Given its prevalence across all mediums, here are the 8 small changes to your cybersecurity that will make a big difference.

1. Online security 

Cybercriminals are very creative about their malicious methods. Take phishing for example. It’s an attempt to gather sensitive information (usernames, passwords, card details, etc.) by impersonating a trustworthy entity. Attackers can pose as your bank, your Internet provider, your insurance company, etc. Basic online security settings can help you keep safe:

  • Regularly updating OS and apps updates
  • Reviewing bank statements on a regular schedule
  • Double-checking the info in the potential phishing email with the issuing entity
  • Monitoring your account regularly
  • Avoiding clicking through emails – potential phishing traps
  • Changing your passwords regularly and make sure to use a strong password always
  • Accessing your accounts from a secure location such as using Firefox rather than internet explorer
  • Not listening to an email/SMS/phone call promising a reward for providing your personal information
  • Making sure you use only official bank sanctioned apps

Online shopping safety is important. Make sure you don’t shop from a device that isn’t yours, or on a network you don’t own; your data could be copied and harvested by cybercriminals. Also, make sure you’re the only one spending your money by using a safe network, employing strong passwords (password managers FTW!), and being careful about which websites you shop at. Never save your card details to an online account, and verify your transactions weekly to make sure there’s nothing fishy going on.

2. Ignore unexpected/suspicious warnings

Ignore unexpected warnings from sources you don’t trust. Known as scareware, fake security software warnings may be sent to you through email, or they may pop up in a new browser window while you’re surfing the web. Claiming to find a problem on your computer, they actually aim to infect it instead.

This is why two-factor authentication is important – use it everywhere you can. Two-factor authentication, also called multiple-factor or multiple-step verification, is an authentication mechanism to double-check that your identity is legitimate. Set it up to receive authentication codes via SMS or an authenticator app. 

3. Trace your digital steps

Do an inventory of your digital footprint. Follow these steps to do so:

  • Step 1: Make a list of online accounts.
  • Step 2: Set strong passwords for them. All of them!
  • Step 3: Delete the accounts you haven’t used in the past 6 months.

Decluttering feels good!

4. Check before you click

Employees clicking on email attachments they believe are from trusted sources is one of the largest threats for organizations. Check if a link is safe before you click it; websites such as VirusTotal, TrendMicro, and Zulu can help with this. If you use a reliable antivirus solution, this may also help you detect if a website is dangerous to your security and/or privacy. Potentially harmful links may come to you via email, instant messaging apps, spam, and more. Here are some important elements you should watch out for:

  • Serious websites will never display your email address in the subject line.
  • Check the sender’s email to verify the validity of the email.
  • Don’t get pressured into clicking on anything, even though the email may seem urgent. Always check links before you click. If you aren’t certain, contact the sender through a different means of communication.
  • Dangerous links could infect your phone or your computer with malware, compromising not only your data but that of your friends and family.

So, why do cybercriminals prefer spam as a cyberattack vector? Although they don’t lack creativity when it comes to modifying malware strains to become more powerful, attackers still rely on spam campaigns because of several factors:

  • Spam reaches the potential victim directly. It’s every cybercriminal’s dream to hit their potential victims (with a cyberattack) as close to home as possible. A simple email can trick someone into clicking the link inside the email or download the attachment. These actions usually trigger a malware infection.
  • Spam emails can include attachments and links. One click on the link and the victim redirects to a rogue website that downloads malware onto the system. Just by downloading the attachment and opening it, and you can become infected with anything from spyware, ransomware, and more.
5. Home security

It’s a good idea to start with a strong encryption password as well as a virtual private network. A VPN will encrypt all traffic leaving your devices until it arrives at its destination. If cybercriminals do manage to hack your communication line, they won’t intercept anything but encrypted data. It’s a good idea to use a VPN whenever you a public Wi-Fi network, whether it’s in a library, café, hotel, or airport.

  • Wi-Fi has always default password at an initial stage of installation. Change the default password of Wi-Fi. A password should be strong having an alphabet (both upper and lowercase), numeric, special characters and should be of at least eight characters.
  • Always turn-on compatible WPA2 (Wireless Protected Access) / WEP (Wired Equivalent Privacy) encryption for Wi-Fi. It is better to use some encryption rather than using none.
  • Change the default network name.
  • Enable MAC address filtering. This mechanism allows Wi-Fi to work only of the registered MAC address.
  • Do not auto-connect to open Wi-Fi networks
  • Turn off the network during extended periods of non-use.
6. Social media cybersecurity

Use caution when you click on links that you receive in messages from the unknown sender. This is because links may redirect to a phishing website. You should also know what you’ve posted about yourself. Some people post confidential details such as personal contact numbers or addresses on social networks such as Facebook, Twitter, WhatsApp, which can be dangerous.

It’s also important to do a Facebook security check every once in a while – it’s a simple and useful tool offered by Facebook. It’ll help you log out of unused apps (which can compromise your data), get login alerts (so no one else gets into your account), protect your password (by making it stronger).

If you have regrets over tagging your Instagram photos with their location, there’s a way to reverse it. Also, do not allow social networking services such as Facebook, Twitter, LinkedIn, etc to scan your email address book. Additionally, type the address of your social networking site directly into your browser instead of by clicking on the link since it may be a phishing site waiting to gain your confidential details. Be selective about who you accept as a friend on a social network; adding an unknown person on a social network could be the entry point of hacking.

small changes to your cybersecurity

Choose your social networks carefully. Understand the privacy policies. Be careful about installing add-on applications on your sites since this add-on may be Trojans that might gain access to your system.

7. Data encryption

Without these small changes to your cybersecurity, there are risks in businesses losing different types of data. Once businesses realize this, they can employ the best practice data protection – attaching security directly to the data itself, using multi-factor authentication and data encryption, as well as securely managing encryption.

Once you’ve done this you can then practice data protection – using multi-factor authentication and data encryption, managing encryption keys, and attaching security to data. By doing this, you’ll make it useless for hackers to steal encrypted data.

8. Educate the staff

Hackers are becoming very clever at using personal information gleaned from social media and other sources – so-called social engineering – to convince employees that emails are from people they know. Educating staff about this threat should be a priority.

Once you begin following these 8 small changes to your cybersecurity, you’ll be better prepped for a future where hackers are increasingly prevalent.

Stay tuned to CyberSponse’s blog, for the latest cybersecurity news, expert incident response advice and the latest updates with the CyOPS SOAR platform.

By Senior DevOps Engineer, Purna Kapa

Leave your comments