Govt Spooks Say: Avoid These Security Mistakes
Cybersecurity agencies of the United States, Canada, and the United Kingdom have kindly compiled a list of the top poor “cyber hygiene practices” that allow hackers, crackers and even slackers to compromise a victim’s computer. The report identifies common exploits that may allow unauthorized person to gain access to a poorly secured system. The Cybersecurity Advisory was published as a joint effort of the FBI, NSA, the Canadian Centre for Cyber Security, the UK's The National Cyber Security Centre, and security agencies in New Zealand and the Netherlands. Read on to learn which security mistakes you must avoid... |
Cybersecurity Experts: These Are The Most Common Security Mistakes
Hackers and other malicious cyber-miscreants don't necessarily want to work hard to gain access to the computers or online accounts of their intended victims. And why should they, when they can exploit well-known vulnerabilities, weak security controls, and poor security practices that leave the proverbial barn door wide open?
Below are some the most common, and most problematic security errors mentioned in the joint Cybersecurity Advisory's “Weak Security Controls and Practices Routinely Exploited for Initial Access” report. I've selected the ones most relevant to home users, but if you administer a server or online service, you'll want to read the entire report.
Not Using Multifactor Authentication (MFA) - I've written about this technique, which adds another layer of security to your password proteciton. By using MFA (also commonly called 2FA, two-factor authentication, or two-step verification), even if an attacker has your username and password, they cannot login to your account! See [DIGITAL LOCKDOWN] Authenticator Apps Protect Your Accounts. MFA is critical, the spooks say, in mitigating malicious cyber activity, and is particularly important for remote desktop access, a common vector for ransomware attacks.
Software Not Up To Date - In my article Here's Why You Must Keep Your Software Updated (and how to do it for free), I state that the most common computer problems can be fixed or avoided altogether, simply by keeping all of your software up to date. Unpatched software in commonly used applications leaves a gaping hole for attackers to exploit known vulnerabilities. If you want to make it harder for creeps to gain access to sensitive information or take control of your computer, stay up to date with security patches for your operating system and installed software.
Failure to Use Strong Passwords - Malicious actors love to exploit weak, leaked, or compromised passwords to gain unauthorized access to a victim system. It's bad enough that massive data breaches can reveal usernames and passwords. But some of the blame is on users who are not careful to use strong passwords to protect online accounts. As password rules become more complicated and burdensome, some users cope by creating easily remembered passwords that comply with the rules, but reusing passwords on multiple online accounts, and updating them when required in minor, predictable ways results in LESS security. See my article
How Hackable is Your Password? for help with strong passwords.
Using Default Passwords - Many hardware products, especially routers and modems, come with vendor-supplied default login usernames and passwords, with the intention of making installation easier. Because these login credentials are readily available on the internet, it creates another opening for malicious activity. It's important to remember that your router has a username and password that is needed to login and change any network settings. One of those settings is the wifi password. You don't want either of those keys to be easily discovered or guessable. For details on how to lock down your router, see
[ALERT] Seven WiFi Security Mistakes to Avoid.
Open Ports And Misconfigured Services - Wouldn't it be funny if I had written an article titled Router Security: Close Unnecessary Ports in August of 2020? Oh, but I did. Read that article to find out how attackers are scanning for open ports to use as attack vectors, and how to close those holes.
Failure To Detect Or Block Phishing Attempts - A common way to gain unauthorized entry is through phishing. Emails with malicious links can lead to unsafe downloads, infected PDFs, or Microsoft Word documents with malicious embedded macros. Most users think they're pretty good at detecting a phishing attempt, but the numbers indicate otherwise. See Here's Why Phishing is Getting Worse to learn about the sneaky techniques that are being used to lure users into clicking.
Hmmm, are we starting to see a pattern here? Everything the global security experts are recommending has already been covered in my articles. Could it be coincidence? Maybe the feds are getting the AskBob newsletter.
Your thoughts on this topic are welcome. Post your comment or question below...
This article was posted by Bob Rankin on 18 May 2022
For Fun: Buy Bob a Snickers. |
Prev Article: Here's How to Clean Computer Clutter |
The Top Twenty |
Next Article: How Soon Will Your Hard Drive Crash? |
Post your Comments, Questions or Suggestions
Free Tech Support -- Ask Bob Rankin Subscribe to AskBobRankin Updates: Free Newsletter Copyright © 2005 - Bob Rankin - All Rights Reserved About Us Privacy Policy RSS/XML |
Article information: AskBobRankin -- Govt Spooks Say: Avoid These Security Mistakes (Posted: 18 May 2022)
Source: https://askbobrankin.com/govt_spooks_say_avoid_these_security_mistakes.html
Copyright © 2005 - Bob Rankin - All Rights Reserved
Most recent comments on "Govt Spooks Say: Avoid These Security Mistakes"
Posted by:
snert
18 May 2022
how do we know everything we download is doing only what they say it will do, and not spying and garnering every bit of info possible. another reason i still won't acquire a cell phone!!!
Posted by:
Ernest N. Wilcox Jr.
18 May 2022
I've read all the items you have referenced in this article, and I have been implementing most of them for a very long time. It is satisfying to know that the experts want everyone to do things as I do, and I'm no expert! :)
in addition to keeping my computers and their antimalware software up to date, I employ what I call Cognitive Security on the internet. I'll explain:
When I was little, my mom repeatedly told me "Don't trust strangers!", mostly because I was a very trusting little soul. As it has turned out, that was good advice for adults too. It is at the heart of my Zero Trust system security paradigm, which I call Cognitive Security (CS). CS is a way of thinking when interacting with anything on the Internet. At its heart lies the admonition "Don't trust strangers!" because everyone on the Internet IS a stranger, and they all have their own agenda, so anything you see, hear, or read on the Internet should be evaluated with a very healthy dose of skepticism, especially those things that seem to back up what you already think/believe. All the software you download from the Internet is developed by strangers too, so know the source of anything you install.
With CS in mind, always be skeptical of any hyperlink you encounter on the Internet or in email. Before you click any link, check the address it will take you to. As an example, the address for this article starts with "https://askbobranken.com/". Before I clicked the link to this article in my Ask Bob newsletter for today, I hovered my mouse over it to check where it would take me. A 'tool tip' dialog popped up above the link that contained the address (URL) in the link, and it starts with "https://askbobranken.com/", so I felt relatively safe in clicking on it. If on the other hand, the link looked more like some mysterious code that I could not decipher, or the first part of the web address did not make sense relative to the link's label, I would never have clicked it. If someone goes to the bother of creating a misleading or cryptic hyperlink, I'd rather not follow it, and avoid the possibility that it is taking me to some nefarious website that will upload malware to my computer. I used the link to this article as my example because as much as I trust Bob, I could not know that the Ask Bob newsletter email I received in my inbox actually came from him. The possibility exists that some cracker (black hat hacker) could impersonated Bob's newsletter to gain access to his reader's computers (one form of 'Social Engineering"), many of whom are ITs or businesspeople.
If we want to remain safe on the Internet, we must all remain skeptical at all times.
My2Cents,
Ernie
Posted by:
Peter Oh
19 May 2022
Passwords, for as long as they exist will be APITA.
I have maybe 100 plus & I can't remember any with certainty. Yes I use Last Pass but that makes simple tasks like logging into Google both time consuming & error prone. Also I have noticed that retrieving PWs from LP is itself can disappoint.
Just yesterday It appears LP has not recorded my Google PW .............. how can this be & anyway I wished only to post a comment .............nah give up I won't spent time investigating just to post a comment.
Posted by:
Gray
19 May 2022
Thanks, Bob, for making us think about things like security, which i easy to overlook because we use apps that remember our passwords. I am using a unique password for EVERY site I visit and without those apps that would be impossible. Good passwords are relatively easy to MAKE but not so to remember.
Maybe the solution is to go back to doing everything in person, paying all by check, and having to use overpriced stamps. If anyone writes in and asks "what are stamps" direct them to me. I will explain all that "old stuff".
Take care and keep us on our toes,
Gray
Posted by:
Frank Taylor
19 May 2022
Good article, thank you
Posted by:
Ernest N. Wilcox Jr.
19 May 2022
It looks as if my previous post to this article was determined to be advertising (it wasn't), or inappropriate for some reason (I can't see why this would be so) because when I submitted it, I received a notice that it was being evaluated (or some such thing). I had hoped that my suggestions about being skeptical about hyperlinks in addition to all that this article suggests would have been viewed as helpful. Perhaps in the future I will keep my opinions to myself. -- Ernie
EDITOR'S NOTE: Please don't be mad at the robot that filters the content here. He didn't know you were one of the good guys. Any post that contains a link will be flagged for human moderation.
Posted by:
Wild Bill
21 May 2022
Regarding "overpriced stamps", one should look at almost every other country in the world and then make that charge. Even in the current era our postage rates are lower and the service better than most others.
Posted by:
Bill Pfeifer
21 May 2022
A pretty good, but memorizable password consists of random words, with random numerals in between, like "Scarring5623Mimosas"
I'm not good at making up random words on the spot, so i go to:
https://what3words.com/
which is a site that assigns 3 English words to every 6-foot square area on the globe, zoom way out, click somewhere on that map, and get some pretty random words that way.