25 May 2017
Home » BLOG » Tech » 7 PRACTICAL TIPS TO PREVENT CYBER ATTACKS

7 PRACTICAL TIPS TO PREVENT CYBER ATTACKS

This article may include partner links. If you click, visit or buy from these links, we will receive a fee or products from the companies mentioned in this post. Please read our disclosure policy for more details.

THE REALITY

 

Wannacry, Google Phishing, Docusign Breach, Denial of Service Attacks; the headlines go on and on.

 

These are just some of the news that captured our feeds the past couple of weeks.

 

In light of all these events involving hacking, cyber intrusions, and cyber-crime, one has to ask the question, what does it have to do with me? Or can it even happen to me?

 

In our internet connected world where high-speed connectivity is the norm; along with the convenience of quickly being able to access our favorite internet resources, also comes the risk of opportunistic cyber criminals who are just a click away; ever watching, preying on the insecurity of our networks and data.

 

It’s not a matter of can it happen to us,  but a question of when?

 

 

HERE ARE TIPS THAT CAN HELP YOU AVOID BEING THE NEXT CYBER VICTIM;

 

 

PRACTICE AWARENESS:

 

Always be on guard.  Wherever you are, be conscious of your surroundings and practice healthy paranoia. Here are some tips on how to do just that;

 

  • When you’re up and about, at the store, grocery or your favorite coffee shop, beware of ‘shoulder surfing’ or the practice of people looking over your shoulder trying to glean info on your phone, laptop, or any password that you enter on your device.  Keep an eye over your shoulder to see if someone is indeed looking and take steps to cover your phone, tablet, or keyboard to avoid being a victim.

 

  • When reading emails, since not all emails are safe, as you skim through your inbox, check for suspicious or unexpected subjects; pause for a second and hover your mouse (without clicking) over the from address; this will usually show you the email address of the sender.  Also, don’t immediately open emails and accidentally infect your machine, pause a litle and make sure they’re safe and from reliable sources.

 

TIP: If you prove that the email is spoofed and malicious, you can help the effort by forwarding these SPAM or PHISHING emails to the address ‘phishing-report@us-cert.gov’ where the US-CERT (US Government Computer Emergency Readiness Team) collects and analyze phishing emails from all over the world to provide effective quarantining defenses for the public.

 

  • When you’re using your credit card or ATM – check the machine terminal by physically shaking the card slot to test if there’s a ‘skimmer’ installed or not.

Cyber criminals target mom and pop stores, gas stations, even legitimate bank machines by installing their own card skimming contraptions to collect data off ATM cards.

 

So a little shake on the hardware is a practical way for checking if the terminals are compromised or not, a small annoyance by remembering to do it, but totally worth having peace of mind.

 

PRACTICE SAFE BROWSING HABITS:

 

Most of us take things for granted as we browse the internet in the safety of our home. But you just don’t know who’s looking at your ‘packets’ (techie way of explaining the traffic coming out of your computer).

 

Here are some ways of making sure your data is protected;

 

  • Get a VPN service, such as Torguard, which will anonymize your connection so that if criminals are snooping on your network traffic, all they’d see are meaningless info back and forth.

 

  • Make sure you clean your browser cache regularly, you can do this by going to your browser settings – history – clear ALL Cache.  What this will do is clear any browser cookies or any info that associates your machine to any website.

 

Web sites collect browser information that includes your IP and MAC address (basically identifying information that can be used to impersonate your machine); and the intent is to conveniently save your info for your next visit to make the page load faster; the bad thing is, if websites are hacked and are compromised, they would have easy access to your cached info and have free access to your credentials and identifying information.

 

*** Here’s a great article about website caching that would give you some more juicy info.

 

  • Try NOT TO connect to ‘FREE Wifi’ hotspots even if it’s at a reputable spot like a Starbucks or Target– I know I know, the sound of FREE is so tempting, but sometimes it could be set up as a trap, well not by Starbucks or Target, but by cyber crooks who spoof legitimate looking sites to entice folks to connect; where they can then collect login and machine ID information in order to use that for illegitimate uses.

 

 

A good hint that you’re connecting to one of these spoofed hotspots is that after connecting and seeing that you have enough signal strength, you still can’t get online.

 

That would usually be a good indication that the network you’re connected to is a spoofed one and has already collected your machine’s IP address, and login info.

 

 

 

 

  • Implement 2 Factor authentication for email logins, financial account logins, and every other important account you have. It’s very simple to do, Google has a good step by step info here on how to do that if you’re on Gmail; and Microsoft has theirs here. Your bank should also have that info, if not you can always call their 800 number and ask. I know it will be time-consuming and may even be confusing but it’s important that you add this layer of protection just in case cyber criminals start knocking on your digital door.

 

 

BACK-UP YOUR DEVICE:

 

It sounds easy to do but most of us, myself included tend to forget this. I recently got reminded to do it after the Wannacry scare, where if you got hit with the malware, it would have encrypted your machine, and the only way to get it off was to pay an equivalent of $300 to the cyber crooks or reinstall your OS,  effectively wiping all the data.

 

It’s no big deal if you had a backup, but if not it would have been painful, so you pay or lose data. Hence the term ‘ransomware’.

 

  • Use online backup services like carbonite which is fast, convenient and easy to use. It basically involves installing a backup client on your machine, set your backup frequency, and the service will do the rest.

 

  • Another option is to do Physical backups – head on over to BestBuy and get you a good external USB hard drive which would also normally come with its own software, just plug it in, install software and run your backup.

 

  • Backup your Phone as well – run iTunes or android backups at least once a month just in case it crashes or God forbid you lose it.

 

***The rule of thumb is to backup once a week, but it’s totally up to you how often you need to, the bottom line is you do.

 

 

RUN SYSTEM UPDATES:

 

 

One of the things that make cyber-attacks possible is due to the fact that most of commerical software currently in production environments are inherently insecure. The bad guys know this just as much as the Windows and the Apples of the world do. And  It’s a constant cat and mouse game of who can find the vulnerabilities first.

 

An exploit that is discovered by cyber criminals before anyone can ever get a fix, is what’s known as a ‘zero day’ vulnerability. It essentially is a weakness in software where the crooks can have free reign on a system since in essence, they are still undetected by the software manufacturers.

 

To help protect your machine, be sure to enable or run system updates constantly;

 

  • If you use a Windows PC, make it a point to run Windows System Updates at least once a week. You can find that in the Control Panel – Windows Update settings on Windows 7 or in Settings – Update and Security for Windows 8 and higher

 

  • For MACs – always check system updates by going to the Apple logo – About this Mac – and clicking on Software update 

 

 

By doing so, you can be assured that holes are patched on the OS side and would make it difficult for hackers to get into your machine.

 

 

INSTALL ANTI-VIRUS /ANTI-MALWARE/FIREWALL:

 

One thing that’s always a necessity is to make sure your machine has an anti-virus or anti-malware to protect your machine in the event you mistakenly click on a compromised email or website.

 

  • One of my favorites is Malwarebytes and I’ve been a fan since 2008. By having this all in one solution, you will be protected from every known virus or malware strain out there. It has a robust scanning engine that I think is superior to other products in the market today. Of course, you can also visit the McAfees and the Symantecs and the Kasperskys and test them out, and it’s totally up to you to find the best solution.  The main thing is to have this added layer of protection against possible intrusions.

 

 

Microsoft has a free solution called Windows Defender, and you can enable this for your machine as a last resort if you can’t afford any of the paid anti-virus solutions, something is absolutely better than nothing.

 

 

 

 

  • If you’re on a Windows machine, don’t forget to also enable Windows Firewall as another layer of protection, what it does is monitor network traffic and automatically blocks suspicious IPs from bad websites.

 

 

LOCK YOUR DEVICE:

 

The way that we practice locking our doors at our physical homes, should also be the same habit we apply to locking or passwords protecting our phones, tablets and desktop devices.

 

  • On our phones, it’s as simple as going to settings and enabling password protection.

 

  • Same thing goes for tablets; since they have similar settings our phones.

 

  • For desktop or laptop computers though, it might be slightly different, you can find Windows settings under Control Panel – User Accounts, and on the MAC, you can check out System Preferences – Users and Groups and enable password control there.

 

And finally, last but not least…..

 

 

CHANGE DEFAULT PASSWORDS:

 

It’s so easy to overlook but we all do it. Leaving the default username and password on our devices is a sure fire way to make the bad guy’s jobs easier.

 

 

Check out this report from last year’s massive DDOS (denial of service) attacks which took down major websites like Amazon and Twitter.  This attack was caused by a botnet that looked for and enslaved IoT (internet connected) appliances to reflect huge amounts of traffic to overwhelm and take down target websites.  The way they were able to do it, was they were able to take over unsecured devices which were wide open due to having default credentials or no credentials at all.

 

 

  • in WIFI routers, webcams, and IOT devices, check the settings page and change the user name, usually from admin, and change the password. Rule of thumb is to use complex characters made up of numbers, letters, and characters for both username and passwords, but it’s totally up to you, the important thing is for you to change them.

 

 

TIP #2: Head on over to the haveibeenpwned site to check if any of your email addresses OR usernames have been compromised and make appropriate steps to change your credentials,  pronto.

 

 

WRAPPING UP

 

If you see or suspect that something is suspicious,  it probably is; so trust your intuition, the proverbial “better to be safe than sorry” rings true now more than ever.

 

By investing in these safe online habits, you not only protect your data privacy but ultimately save yourself time, frustration and money in the long run.

 

 

Do you have any other recommendations for online security? Do you have questions or need help with Information Security? Please do share by leaving a feedback or comment below, or emailing us at thedebtfreejourney@gmail.com.

 

P.S. – If you love our content, won’t you also consider subscribing to get updates in the future.

 

Peace and Blessing to you All.

 

 

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.