These days, it seems like every time we turn on the news, we hear about another cyberthreat or recent attack that has occurred. There are dozens of different types of attack vectors that are used by hackers including phishing, malware, brute force, and ransomware attacks, just to name a few. Each time a hacker launches an attack, their intention is to gain unauthorized access to information that is meant to be private. For example, hackers often perform brute force attacks to attempt to gain access to private accounts. A brute force attack is a cryptographic hack that leverages technology to guess thousands of different possible combinations of usernames and passwords. If guessed correctly, a brute force attack will allow a hacker to access a private network or account. Once they have access, an attacker can act as if they are the account owner and will have all the same privileges an account owner typically has. These privileges can include the ability to make changes, copy data, view account balances, etc.
Now that we have established a technical understanding of brute force attacks, as well as their capabilities, let's plug the concept into real-world scenarios to get a deeper understanding of the application of the attack.
One scenario could be a hacker brute forcing into the platform that an ice cream facility uses to order the ingredients needed to make their ice cream. What type of damages could be done with having access to that type of account?
Another scenario to consider is a hacker brute forcing in to gain the credentials for your bank account the week before you are scheduled to leave on the trip of a lifetime. What type of effects could happen in these scenarios?
I think it is fair to say that cybersecurity can be a bit overwhelming to wrap your head around, especially when it concerns the online security of our personal accounts. To add to the fire, the stories we hear about on the news involve companies that have million-dollar cyber security budgets and are equipped with the most cutting-edge technologies as well as fully trained IT security professionals.
Well, I believe the best remedy for fear is education. Below I have listed some key points that will help increase your personal security hygiene.
The most important thing to understand with cybersecurity is whether it be a large corporation, a university, or personal account, there will always be a level of risk involved. Risk cannot be eliminated and will always be part of the security equation. Cyber security professionals use mitigation techniques to lessen the amount of risk associated with unauthorized access of assets. Assets can be anything from a computer to a personal account to a database which stores large amounts of information.
The good news is mitigation techniques can be applied when protecting our personal privacy online.
Below are the 6 most important security measures that I recommended you implement. These mitigation techniques will help to increase your personal security and decrease the chances a hacker will successfully gain access to your personal accounts. I have included the three factors of authentication which are something you know, something you have, and something you are. A user’s risk level is dramatically lowered when two or more authentication practices are required for access.
- “Something You Know”- Strong Passwords
I cannot stress the importance of strong passwords. A strong password is one that uses a variety of different characters such as letters, numbers, and symbols. It is helpful to use upper-case and lower-case letters as well as incorporate numbers throughout the password rather than adding them at the end. Strong passwords are also unique. A unique password is only used once. Reusing the same password for multiple accounts increases the risk associated with account access.
A great example of a strong password is Can0L!i2Ja8er whereas a password such as BayPath123 is much weaker due to the fact that it is easy to guess.
- “Something You Have”- MFA
MFA stands for multi factor authentication and luckily today most providers today are offering it as an additional security feature. Multifactor authentication increases security because it requires not only a username and password, but it also requires authentication from a separate device such as a cell phone. When a hacker attempts to login to an account that requires MFA, they won’t be able to successfully login because they don’t have access to the additional device needed for account verification.
I strongly encourage you to enable MFA whenever possible. You may need to access your settings in order to enable it.
- “Something You Are”- Biometrics
Biometrics security is becoming more and more popular. It includes identity verification measures above and beyond traditional credentials, such as fingerprint and retinal scans. As you can imagine, it is difficult for a hacker to gain access to an asset that requires biometric verification.
- Change Passwords every 6 months OR as necessary
Changing passwords is important because it guarantees that anyone who may have had illegal access to your account will no longer have access once the credentials have been changed. We all know that changing passwords can be a hassle, but it is crucial. I also added “as necessary” because if a device is stolen, passwords should be changed at this time as well.
- Don’t save your passwords to your browsers
Saving passwords to browsers, what a breeze, right?! Think again. If it makes life easy for you, it also makes life easy for a hacker. Let’s say you have all your login information saved to your browser so you can pull up a website and log in instantly. That sounds amazing. Okay now let’s say a hacker breaks into your computer, pulls up your browser history, and logs into every account you own because the computer thinks it’s you who is making these requests. That paints a very different story. Can you see how saving passwords to your browser can increase associated risk
- Password Manager
Finally, a solution for our problems! A password manager is a type of software that can be used to keep passwords in a centralized location. A password manager encrypts our passwords and stores them in an encrypted format. This means that if a hacker accesses our computer, they will not be able to access our password manager unless they have the unique code. But now that we know how to create strong, unique passwords, we have the tools we need to fight off hackers. It also means that we only have one password we need to remember versus passwords for all our accounts.
There are many free password managers available that offer the same functionality as their pay-for-service counterparts. LastPass is a great free resource available at https://lastpass.com/create-account.php.
Now, it is up to you to take the knowledge you have learned today and apply it to protecting your privacy online.