How Good is Your Cybersecurity?
Cybersecurity is the practice of protecting computer systems from unauthorized access, theft, damage, or disruption. Some examples of cyber threats are viruses, malware, phishing attacks, hacking, ransomware, data breaches, identity theft, and denial-of-service attacks. Read on to learn which ones are most likely to affect YOU, and best practices for defending your digital castle...
Cyber Threats and Cybersecurity: What You Need to Know
A few years back, an AskBob reader told me "You're a translator for the technology impaired!" I liked that a lot, and always keep it in mind when trying to explain or discuss something geeky. So when I write about tech topics, I often start with some definitions. Let's dive into the world of cybersecurity with a refresher on some of the relevant buzzwords.
Viruses and Malware: What's the Difference? - Computer viruses and malware are both types of malicious software, but with a subtle difference. A computer virus, not unlike the kind that makes people sick, is software that has the ability to cause harm, replicate itself and spread to other computers. Among other malicious activities, a virus can damage or delete files, steal information, send email spam, or cripple a computer network by creating a flood of traffic. It can be a standalone executable file, or attach itself to a legitimate program.
Malware (malicious software) is a broader term, including including not just viruses, but adware, spyware, ransomware, trojan horses, zero-day exploits, rootkits, cryptominers, keyloggers, fileless scripting, and “time bomb” attacks. Malware can infiltrate a computer through email attachments, software downloads, or through vulnerabilities in the operating system or already-installed software. In addition to the nasty things mentioned above about viruses, malware can encrypt your files, monitor your keystrokes to steal passwords, or create "backdoors" for hackers to access the computer remotely. To sum it up, viruses are a specific type of malware that can spread and replicate, malware is a broader category that includes many types of malicious software that can harm computer systems and users.
One important thing to remember is that all forms of malware, once present on your system, can do anything you can do. To protect yourself from malware, your first line of defense is a good internet security tool. Some popular free options are AVG AntiVirus and Bitdefender. For the best protection, though, I recommend PC Matic, which uses a unique whitelist approach to protect against ALL of the above mentioned cyber threats.
What is a Software Vulnerablity? - Simply put, a software vulnerability is a security flaw discovered in a program that was previously thought to be safe and secure. Such a flaw can be used by hackers to bypass existing security measures, and gain access to a computer or network. An old version of a program may seem “good enough” but it may be constantly getting worse in terms of vulnerability to hackers and conflicts with more recent software. So it is essential to keep all your software (and your operating system) up to date. Unfortunately, that’s no easy task, unless you have some help. See Here's Why You Must Keep Your Software Updated (and how to do it for free)
Data Breaches, Identify Theft and Phishing
What is a Data Breach? - A data breach is an incident where data is accessed or disclosed without authorization. Typically this occurs when a hacker is able to use a vulnerability in an online system to gain access. In some cases, poor security practices are to blame. Other times, hackers use social engineering techniques to trick employees into handing over the keys to the kingdom. The stolen data is either held for ransom, or offered for sale on the dark web. High profile data breaches may impact millions of consumers, revealing sensitive data such as customer name, address, phone, social security number, email address, and even passwords. See this article for some tips on protecting yourself from the effects of a data breach.
What is Identity Theft? - Identity theft occurs when someone steals a person's information, with the intent to defraud or commit criminal activities in that person's name. Armed with the victim's name, address, and social security number, identity thieves can open new credit accounts, take out loans, or even file taxes. Personal information stolen in data breaches is the most common method to obtain this information, but identity thieves also may use phishing scams, or carelessly discarded paper documents. Identity theft is one of the most traumatic non-violent crimes to which one can fall victim. The impact on a person's reputation, employability, and credit is severe, and can last for years. So it's important to protect yourself against identity thieves. Read Have You Made These Identity Theft Mistakes? for my tips on avoiding identity theft.
What is a Phishing Attack? - A phishing attack involves an email or text message designed to trick the recipient into clicking a malicious link, revealing sensitive information or installing malware. Most people think they're pretty good at detecting a phishing attempt. We know to avoid entreaties from Nigerian princes, and emails with lots of typos and bad grammar send up red flags pop up right away. But phishing attacks are getting increasingly clever, and harder to distinguish from legitimate messages. See Here's Why Phishing is Getting Worse to learn what techniques scammers are using to get people to click, and steps you can take to harden your defenses against phishing.
Password Security Tips
What is Password Cracking? - Password cracking takes three forms. The first and least technical is using social engineering techniques to trick someone into revealing their password. (See phishing attacks above.) A second method is systematically trying combinations of characters until the correct password is found. Lists of known weak passwords, and combinations thereof, are attempted first. (See Is Your password on The Naughty List?.) A third method involves using specialized hardware and software tools to decipher passwords stored in hashed or encrypted password databases obtained in a data breach. It's important to use strong and unique passwords to protect your accounts, and make it harder for password cracking to succeed. See How Hackable is Your Password? for my tips on creating and managing strong passwords.
What is Multi-Factor Authentication? - Multi-factor authentication (MFA), also known as two-step verification, login approval, or login verification, adds an extra layer of security that makes it almost impossible for an unauthorized person to access your account, even if they know (or guess) your password. MFA requires users to provide more than one form of authentication to login, typically a password and a PIN code provided by an authentication app on your phone. Biometrics such as a fingerprint, facial recognition, iris scan, and voice verification may also be used. See [DIGITAL LOCKDOWN] Authenticator Apps Protect Your Accounts to get started with multi-factor authentication.
Do You Need Firewalls and Encryption?
What is a Firewall? - A firewall is software that acts as a barrier between your computer and bad things “out there” on the Internet. Inbound firewall protection blocks attempts by external entities (hackers or malware) to connect to your computer. See my related article Do I Really Need a Firewall? for my advice on inbound firewall protection. (Yes, you do need it, but you probably already have one.) Outbound firewall protection works in the opposite direction. It blocks attempts by software that resides on your computer to access the Internet, potentially stopping malware from sending stolen data to Hacker HQ. But they can have unintended consequences as well. My article Outbound Firewall For Extra Security? will hopefully convince you that you don't need one.
What is encryption? - Encryption is the process of converting data into a coded format to protect it while stored, or during transmission. An encryption key is used to effectively scramble the data, rendering it useless to anyone that does not have the key to decrypt the data. Fear of government, prying eyes, and hackers motivates some people to encrypt their data. Others want to be sure that personal or confidential data can travel safely over the Internet. See my article Is it Time to Start Encrypting Your Files? for some advice and tools you can use to encrypt data.
In summary, the best practices for cybersecurity are the use of a good anti-malware tool, keeping software up-to-date, being aware of data breaches, taking steps to avoid identify theft, using strong passwords and multi-factor authentication, being cautious of suspicious emails or messages, and using encryption when necessary.
How are you doing with YOUR cybersecurity? Do you have any tips to share? Post your comment or question below.
This article was posted by Bob Rankin on 21 Mar 2023
|For Fun: Buy Bob a Snickers.|
Should You X-Ray Your Computer?
The Top Twenty
Which is Fastest: Verizon, AT&T or T-Mobile?
Post your Comments, Questions or Suggestions
Free Tech Support -- Ask Bob Rankin
Subscribe to AskBobRankin Updates: Free Newsletter
Copyright © 2005 - Bob Rankin - All Rights Reserved
Article information: AskBobRankin -- How Good is Your Cybersecurity? (Posted: 21 Mar 2023)
Copyright © 2005 - Bob Rankin - All Rights Reserved
Most recent comments on "How Good is Your Cybersecurity?"
22 Mar 2023
I haven't had a problem or given security a thought since I installed PCMatic. Good stuff.
22 Mar 2023
One word: Malwarebytes.
PS: No worries.
22 Mar 2023
Thank you for your translations all these years (decade+?).
Do my chances of getting hacked go up, longer I haven't been? Or does it mean that I am doing something right? I minimize doing anything online. It has gotten extremely difficult to lead an unconnected life without smart -phone/-car/-doorbell/-vAssistant in 2023.
22 Mar 2023
No problems at all since your first translation of PCMatic.
Please continue with your awesome lessons Professor.
22 Mar 2023
I believe that my cyber security efforts have paid off. I have never suffered a malware issue since the late 1990s when I got a virus from a program I downloaded from a BBS site (accessed by dialing up the site's phone number - pre-Internet). After that, I started to scan everything I downloaded. Today, Windows 11 watches out for malware in my downloads for me (smart screen with MS Edge).
Even though Windows 11 has some very capable Internet Security features, there are more things I do to remain secure. I've had my credit frozen on six credit bureaus to thwart identity thieves. I keep Windows as up to date as possible by checking for updates in Windows Update every patch Tuesday (the second Tuesday of each month) and whenever I hear that there is a 'moment' or out-of-band security patch available. I use 'Patch my PC' to keep my apps up to date (I use it to check that they're up to date the first day of each month too). I practice Cognitive Security, which can be defined as remaining very skeptical of anything I see or read on the Internet, checking every link (both on websites and in email messages) BEFORE I Click, then if I have any doubts - I DON'T Click! Before I believe anything I read see or hear on the Internet (especially if it reenforces what I already believe), I fact-check it by searching for key words I find in the item in question to discover where it comes from. I NEVER trust any far-right or far-left sources. I'm in my 70s, and I have learned that extremists always have an agenda all their own that is never in my best interests. Then I use a few fact-check sites I have learned to trust (one is from the Associated Press, and another is factcheck.org, as well as a few others). Even then I take the item with a grain of salt and consider how much sense it makes to me. In the end, I like to make up my own mind about issues I hear about on the Internet. I use LastPass to manage my passwords because it alerts me to duplicates, and generates long, strong, unique passwords for me. I try to make all my passwords at least 12 character long, and as long as 20 characters where I can. I have used my password vault to go over all my Internet accounts to enable 2FA (Microsoft Authenticator) where it's supported. I found a few accounts for sites that don't support 2FA, so I deleted those accounts (If the site cares so little about my security that they do not support 2FA, then I refuse to trust them) as well as several I no longer use. After I am notified that my account is closed/deleted, I remove it from my LastPass vault. As for my LastPass account, I recently switched it from using Microsoft's Authenticator to use LastPass's (to keep my activity/information under its own roof).
That's about it. I hope some of what I do helps others to be safer on the Internet,
22 Mar 2023
This 'Oldster' has never used any other password manager than the ol' reliable (OpenSource) KeePass.
My 560+ entry database stays local and hidden from hacks. BobRankin has never recommended KP, but I would always mention KP as alternative in my replies... ;)
23 Mar 2023
@Bob K Malwarebytes used them on and off since their inception. Still have them in my Android where they failed abysmally to cure a virus intruder controlling Play Store and subsequently using the contents to download at every opportunity - cutting across all conversations and activities.
Then I remember BITDEFENDER - unfaithful me used them quite a few years ago and they helped be no-end then. This time - one quick scan using their FREE version - fantastic, unbelievable - in 5 minutes - I had a new phone hahaha. Just for info if it helps.
02 Apr 2023
Bob, in the paragraph from your article headed What is encryption?, you say "rendering it useless to anyone that does have the key". There is a "not" missing there. Should be "does NOT have the key".
EDITOR'S NOTE: Good catch, fixed now!