Govt Spooks Say: Avoid These Security Mistakes
Cybersecurity agencies of the United States, Canada, and the United Kingdom have kindly compiled a list of the top poor “cyber hygiene practices” that allow hackers, crackers and even slackers to compromise a victim’s computer. The report identifies common exploits that may allow unauthorized person to gain access to a poorly secured system. The Cybersecurity Advisory was published as a joint effort of the FBI, NSA, the Canadian Centre for Cyber Security, the UK's The National Cyber Security Centre, and security agencies in New Zealand and the Netherlands. Read on to learn which security mistakes you must avoid...
Cybersecurity Experts: These Are The Most Common Security Mistakes
Hackers and other malicious cyber-miscreants don't necessarily want to work hard to gain access to the computers or online accounts of their intended victims. And why should they, when they can exploit well-known vulnerabilities, weak security controls, and poor security practices that leave the proverbial barn door wide open?
Below are some the most common, and most problematic security errors mentioned in the joint Cybersecurity Advisory's “Weak Security Controls and Practices Routinely Exploited for Initial Access” report. I've selected the ones most relevant to home users, but if you administer a server or online service, you'll want to read the entire report.
Not Using Multifactor Authentication (MFA) - I've written about this technique, which adds another layer of security to your password proteciton. By using MFA (also commonly called 2FA, two-factor authentication, or two-step verification), even if an attacker has your username and password, they cannot login to your account! See [DIGITAL LOCKDOWN] Authenticator Apps Protect Your Accounts. MFA is critical, the spooks say, in mitigating malicious cyber activity, and is particularly important for remote desktop access, a common vector for ransomware attacks.
Software Not Up To Date - In my article Here's Why You Must Keep Your Software Updated (and how to do it for free), I state that the most common computer problems can be fixed or avoided altogether, simply by keeping all of your software up to date. Unpatched software in commonly used applications leaves a gaping hole for attackers to exploit known vulnerabilities. If you want to make it harder for creeps to gain access to sensitive information or take control of your computer, stay up to date with security patches for your operating system and installed software.
Failure to Use Strong Passwords - Malicious actors love to exploit weak, leaked, or compromised passwords to gain unauthorized access to a victim system. It's bad enough that massive data breaches can reveal usernames and passwords. But some of the blame is on users who are not careful to use strong passwords to protect online accounts. As password rules become more complicated and burdensome, some users cope by creating easily remembered passwords that comply with the rules, but reusing passwords on multiple online accounts, and updating them when required in minor, predictable ways results in LESS security. See my article
How Hackable is Your Password? for help with strong passwords.
Using Default Passwords - Many hardware products, especially routers and modems, come with vendor-supplied default login usernames and passwords, with the intention of making installation easier. Because these login credentials are readily available on the internet, it creates another opening for malicious activity. It's important to remember that your router has a username and password that is needed to login and change any network settings. One of those settings is the wifi password. You don't want either of those keys to be easily discovered or guessable. For details on how to lock down your router, see
[ALERT] Seven WiFi Security Mistakes to Avoid.
Open Ports And Misconfigured Services - Wouldn't it be funny if I had written an article titled Router Security: Close Unnecessary Ports in August of 2020? Oh, but I did. Read that article to find out how attackers are scanning for open ports to use as attack vectors, and how to close those holes.
Failure To Detect Or Block Phishing Attempts - A common way to gain unauthorized entry is through phishing. Emails with malicious links can lead to unsafe downloads, infected PDFs, or Microsoft Word documents with malicious embedded macros. Most users think they're pretty good at detecting a phishing attempt, but the numbers indicate otherwise. See Here's Why Phishing is Getting Worse to learn about the sneaky techniques that are being used to lure users into clicking.
Hmmm, are we starting to see a pattern here? Everything the global security experts are recommending has already been covered in my articles. Could it be coincidence? Maybe the feds are getting the AskBob newsletter.
Your thoughts on this topic are welcome. Post your comment or question below...
This article was posted by Bob Rankin on 18 May 2022
|For Fun: Buy Bob a Snickers.|
Here's How to Clean Computer Clutter
The Top Twenty
How Soon Will Your Hard Drive Crash?
Post your Comments, Questions or Suggestions
Free Tech Support -- Ask Bob Rankin
Subscribe to AskBobRankin Updates: Free Newsletter
Copyright © 2005 - Bob Rankin - All Rights Reserved
Article information: AskBobRankin -- Govt Spooks Say: Avoid These Security Mistakes (Posted: 18 May 2022)
Copyright © 2005 - Bob Rankin - All Rights Reserved