Cyber Security In Depth
Security in Depth is what’s needed in today’s Internet Connected World. Security is a mindset. You need to protect your privacy at all costs. The difficult decision is choosing between Ease of Access and being Extremely Secure. I recommend being secure over convenience.
Protect your Home Network – Router
Your Router is the gatekeeper to your home network. A person who has access to your wireless network can easily view your web traffic. They can do some information gathering with Freely Available Tools to analyze your traffic and get your Usernames and Passwords.
Change your router’s default username and password. This will ensure people can’t easily gain access to your internal network. On the back of your router, there will be instructions on how to login with the default username and password.
The default credentials to every router is available online http://www.routerpasswords.com/ hence why you should change the defaults.
- Also choose WPA2 for the encryption. ONLY WPA2!!!
- Turn off WPS
- Use a strong password for your router. Example: H7&y*12Ffgw^10
- Check all connected devices and if you don’t recognize one, then kick it off your network.
- Setup a Guest Network for your visitors.
Protect Your Computers
Computers are extremely insecure out of the box. It doesn’t matter what Operating System you use. Windows PC’s, Apple Macs and Linux can all be hacked. There are a few things you can do to secure them.
- Strong Login Password
- Encrypt your computer
- Don’t plug in unknown USB’s or devices. They may contain malicious code.
- Keep your computer, applications and software up to date.
- Don’t download software from websites you don’t trust. Also question why you trust a website.
- Use multiple Antivirus and Antimalware software and make sure you properly configure your firewall.
- Don’t visit speculative websites. Free Movie Websites are known to infect people’s computers with what’s known as Drive by Downloads. Some are set to auto run which means you might not be aware that it’s actually being installed since you’re distracted watching that must watch movie for free. Just get a Hulu, Netflix or Amazon Prime Account. The quality is better and you will be safer.
Protect all your Online Accounts
Websites get hacked, accounts get hacked, the question is what can you do to protect yourself?
- Use a Password Manager like Dashlane https://www.dashlane.com/en/cs/FzSQlO5Kz8rQ this link is a discount link for their Premium Service but they also have a free service as well.
- Make your passwords as difficult as possible. Multi character and over 14 characters.
- Unique passwords for every online account.
- Use Two-Factor Authentication https://support.google.com/accounts/answer/1066447?hl=en this will ensure that even if a person gets your password, they will still need an extra form of authentication. This is like having two types of locks on your house.
- Free Wifi can be very dangerous. Use with Caution. If you do use Free Wifi, then use a VPN Service to encrypt your web traffic.
- Also when browsing online, use the HTTPS Everywhere browser extension for added security https://www.eff.org/https-Everywhere
- Change your passwords every few months. This will help ensure your online security. If a website’s database gets hacked, they may be able to retrieve passwords. If you change yours often, then your security is enhanced.
- Short List of Major Websites that have been Hacked:
- LinkedIn – https://blog.linkedin.com/2016/05/18/protecting-our-members
- Yahoo – https://yahoo.tumblr.com/post/150781911849/an-important-message-about-yahoo-user-security
- Dropbox – https://www.dropbox.com/help/9257
- There are many websites that have been hacked!
- Careful with email links. Don’t click on suspicious looking links. It’s trivial for a hacker who knows how to create a website to create a duplicate website to your bank with a url that looks legit but in fact is meant for you to put in your username and password and now the hacker has your info. They get you to visit the site with an email that looks official stating that suspicious activity has been seen on your account and you must login to verify recent transactions. They will provide the link to the fake website that looks just like your bank’s site.
Protect Your Smart Phone, Tablets, Smart Watches & Laptops
Mobile devices are easy targets, so make sure not to let them out of your site. Keep them up to date and only use trusted applications on these devices. Also make sure to lock them with a secure password or pin.
Free Wifi Can Be Expensive!
I already touched on this topic earlier but I want to share a quick piece of advice with you. Don’t use Free Wifi! It is extremely easy for someone to create a wifi access point that looks like your favorite coffee spot wifi. If you connect to their wifi connection, then they can view your web traffic and capture your credentials to the sites you visit. They may even create a login page to access the wifi and have you click on a link that states connect here. All of a sudden you get a download to your computer and then you’re done. Just use your cell phones wifi as a hotspot for your extra devices or purchase a mobile hotspot and use that instead.
Hotels are major targets for attackers. Their wifi connections are easy to access since the pin codes they use can be cracked in a matter of minutes. So use your own hotspot and bring your own laptop. Don’t use the business center to log into any of your accounts.
Backup Your Data
Having a backup of your data is important. If you ever get hacked, then you can just do a Clean Installation from a known trusted backup. If possible, make multiple backups and keep them in secure locations. Also don’t forget to encrypt your backups.
What is Social Engineering?
One of the easiest ways for someone to gain access to your accounts is by using good old fashion charm. Being a Con Person and convincing you to give them your username and password.
You might be thinking that this can never happen to you. Well it happens every single day. It isn’t that difficult for a person to do their homework on you by visiting your various social media channels and learning as much as they can about you. Dumpster diving is also one tactic a person can use to gather information. Hence why you should spend a few bucks on a Quality Shredder.
A Social Engineer may impersonate someone from your Internet Service Provider ISP, Bank, Google etc and call you to validate (provide) some information.
Unfortunately, we freely provide a lot of information about ourselves. We divulge our:
- favorite foods
- sports team
- home location
- pet’s name
- mother’s maiden name might be listed on your Facebook page in the family section
- Our high school
- Our college
- Our best friends name
Notice anything about that list? They are typical reset questions for website accounts.
We often post when we are going on vacation on social media like “Yay, Just, 3 more days before I go to Italy”. This information is valuable for someone looking to break into your house. Besides stealing your valuables, they can get your computer or install some spyware on your computers.
A person might even spend some time interacting with you online. Joining groups that you’re a member of. Over time you might start trusting that person and they can lead you into what may seem as an innocent conversation that is really about information gathering.
Encryption is a touchy conversation with some wanting to weaken Encryption Algorithms and others looking to provide End to End Encryption and Strong Encryption for devices.
I believe that your data on your devices and online accounts is an extension of your brain. Therefore, they should be guarded and protected.
Encrypt your computers and use strong encryption when browsing online by using a VPN Virtual Private Network, HTTPS Everywhere and secure email.
Who would want to hack little ole me?
Often, people aren’t directly targeted. Software is used to find insecure computers, devices and networks that can then be enlisted in a Botnet. A botnet is a collection of computers used to attack other systems. A Zombie Computer is one that is being used as part of a botnet.
One computer alone isn’t that powerful, but thousands of zombie computers being used by a botnet can target larger systems with automated attacks and this happens daily. Your computer can be used as part of a large scale cyberattack. Also, your neighbor might be using your network for illegal activities, hence why you should guard your network with strong encryption and authentication.
What to do if you’re hacked?
Disconnect the infected computer from your network, turn off your network connection and then reset your router to factory defaults, then go through the process of changing your network credentials. Scan all your devices for any malware or viruses. Hopefully you have a backup that you can use to do a clean restoration. Make sure to scan your backup before doing a restoration.
Change every password on every account that you have. If someone has been sniffing your web traffic for a while, it’s likely that they gathered all your usernames and passwords.
Again, make sure you change your networks credentials. Sign into your router via the online web portal and check your settings and all connected devices. Take note of all connected devices and whatever you don’t recognize, kick off.
If your online accounts have been hacked, then make sure to immediately contact customer support. Obviously these companies have to protect against people trying to get unauthorized access to your account so some form of verification will be needed. Hence why your email accounts need to be guarded with EXTREMELY STRONG PASSWORDS and TWO FACTOR AUTHENTICATION!
Then do some reflection to find out how and why you were hacked and how can you prevent it from happening again. Note: hackers are smart. They will often infect your system today, but you won’t notice anything for a while. They may lay dormant for a month or more. The reason for this is if your computer gets infected today and tomorrow everything is showing signs of the infection, it’s easy for you to trace your steps and recall what you did in the past few days. It’s not so easy to recall what you’ve done a month ago.
Call for Help
Maybe all this is just too much for you, if that’s the case then contact a local Cyber Security Expert and have them come in and analyze the situation. An expert can help you identify how you were hacked and what you can do to prevent it from happening again.
Just remember, every system can be hacked, it’s your job to make it extremely difficult for an attacker to get in.
You should take Cyber Security seriously. Unfortunately, people don’t take proper precautions until it’s too late. Hopefully you found this article helpful. If you did then don’t forget to share with your friends and family.
An Ounce of Prevention is better than a Pound of Cure!