Online security, what I’ve learnt working in the cyber security industry and how to secure your data.

At the end of last year, I joined Bugcrowd’s design team. This was my first interaction with the cyber security community.

Among other things, I’ve picked up basic practical knowledge on how to keep your personal, financial and company data secure.

I’m going to try to explain some common ways your data can be compromised and then how you can mitigate these risks.


How you can be compromised…

Hacked

Probably the most notable compromise is when a company or service you have an account with, gets hacked. And depending on the data breach notification laws for where that company resides, you may or may not be notified of breaches.

This means a hacker could have access to your login details, enabling them to access your account and any information stored within those services. Or they can sell these account logins on places like the dark web.

However if the hacker is particularly entrepreneurial, they can check if these single login details match any other online services. This can be done with ease and speed using specialized software scripts.

The Linkedin hack brought home the scale of such data breaches. These hacks reinforced the need for Password managers, to help reduce lazy password reuse.

Brute-force attack

When a hacker tries to crack your password by calculating every possible option, and then testing them until it’s cracked. One similar method for longer passwords is called a Dictionary attack where by the hacker collects a list of words, trying combinations to crack the password. This is often improved by prioritizing commonly used words.

Strong passwords is a good solution for creating passwords resistant to brute-force attackers. Use tools such as password generators to help create strong passwords.

Phishing attack

These come in many forms and you will have almost certainly received one before. Phishing is the attempt to obtain data through disguised communications, commonly seen as email spoofing (e.g. the Nigerian prince email scam). Social media is now also being used, where fake accounts send connection requests in order to obtain private data.

Often communication attempts try to link you to a fake and replica site asking you to input details, or even download malicious software.

To avoid exposing private data requires diligence on your behalf. Checking the URL or email address of suspicious activity is a start. Attackers will use similar details to the target they are imitating, often missing or swapping characters. i.e. facebook.com change to facobook.com.


Staying safe

Tools and tricks to staying safe.

Two factor authentication (2FA)

As the name implies, 2FA requires users enter two forms of authentication when logging in to any service — usually your username and password, followed by a different method (e.g. via a mobile app, a text message or a phone call).

Support for 2FA is becoming the norm for a lot of tech companies, including Apple whose latest update included 2FA for iCloud.

2FA apps

Password manager

Why do you need a password manager? Unless you have memory like the likes of Stephen Wiltshire, with the extensive number of accounts we have these days, recalling randomly generated passwords for your accounts is impossible.

Password managers are well integrated into your work and personal life, with simple installs and plugins. These make it as easy as possible to create, save and manage passwords, and easily login to all your accounts.

Some provides are listed below.

Password generator

Most password managers can generate passwords for you, however if you don’t use one try a password generator.

Software updates

Make sure you install updates as they’re released. Software updates can cover multiple things including; new features, driver updates, bug fixes, and fixing security vulnerabilities. Dismissing these updates can leave you vulnerable to being exploited, so simply install updates when prompted.


Have I been pwned?

To give you an idea of the widespread nature of data breaches, Have I been pwned is a website which enables you to see if your private information has been exposed. I strongly suggest checking it out.


These words are my own, as a newb to security. I hope they help friends and family stay a little safer.

Feel free to share and help keep data safe. If you have security suggestions, tips or tricks please join the conversation.