NCSAM—Week 1: Simple Steps to Online Safety
The Lastline Daily Dose program supports National Cyber Security Awareness Month (NCSAM) with daily tips and advice to help individuals and organizations detect and prevent malware-based cyberattacks. Throughout October, Lastline will offer a daily dose of advice via Twitter (@Lastlineinc), LinkedIn, Facebook, and other social media channels, aligned to the weekly themes established by the Department of Homeland Security.
Simple Steps to Online Safety
The theme for week 1 of NCSAM is Simple Steps to Online Safety. Here are our daily doses of advice for October 2-6.
Tip 1: The best defense against ransomware is a current backup that has “versioning,” which avoids restoring encrypted files.
Criminal can demand ransoms because victims are worried about losing their data. But if you have your information backed up, then the criminals lose their leverage. What makes this a bit tricky is that some of your files may already have been encrypted by the ransomware and then backed up, so if you simply restore everything from your most recent backup, some files will still be encrypted. Versioning enables you to restore earlier versions of your data, before anything was encrypted. Learn more about versioned backups.
Tip 2: Don’t be a whale–Use email gateway to flag keywords used in Business Email Compromise attacks like “payment” and “urgent”
In the Business Email Compromise (BEC) scam, criminals spoof the email of an executive to instruct someone lower in the organization to do something that benefits the criminal, like wire funds to the criminal’s account. The emails typically have a similar tone, urging secrecy and expedience. So, flagging key words, such as “payment”, “urgent”, “sensitive”, or “secret” can help to detect this scam.
The scam also depends on spoofing the executive’s email address, typically with a domain name that is very similar to the real one, for example:
- “123abccompany.com” instead of “123abc-company.com”
- “abccornpany.com” instead of “abccompany.com’ (can you spot the difference? – using “r” and “n” instead of “m”).
Simply double checking with the executive who is making the request, by typing their email address, not replying to the original email, is the best way to foil this scheme. Learn more about the BEC scam.
Tip 3: Avoid default, weak & reused passwords–Use a password manager to create unique, strong passwords for every account
It only takes one password, particularly if it belongs to a privileged user, to start an attack sequence that can lead to the capture of thousands or even millions of user accounts and records.
The list of the most popular passwords hasn’t changed much over the past 5 years, with “123456” (and similar number sequences), “password” and “qwerty” still at the top. Criminals know this, and they use these to compromise accounts. And people often reuse passwords, so compromising a less sensitive account, such as an online meeting service, could lead to compromising a bank account.
Password managers can automatically generate unique, strong passwords without requiring the user to remember each one.
Tip 4: Adding 2FA to the services that you use every day will reduce the risk of having your account compromised
This adds another level of security to yesterday’s tip about avoiding weak passwords. Two-factor authentication (2FA) is a method of computer or account access control in which a user is granted access only after successfully presenting a second piece of evidence to confirm their identity, and has been demonstrated to decrease the risk of a system or personal account being compromised.
A password typically is the first factor, and the second factor is something the user knows (e.g. answer a question about where you were born), something they have (e.g. provide a code texted to your smartphone or a code generated by a token), or something they are (e.g. biometric identity such as a fingerprint or voice scan).
If you’re curious about what companies support 2FA, twofactorauth.org maintains a list online.
Tip 5: Keep email protection high on your priority list–Most breaches are caused by malicious email attachments
Fifty-one percent of data breaches are caused by malware, and sixty-six percent of malware is installed via email attachments. So, email is an attack vector that must be secured.
The best and most efficient way of detecting malicious emails is to implement technology that analyzes each email and attachment to identify any suspicious or potentially malicious behavior. For example, there’s no reason why a benign attachment to an email would be programmed to change security settings or try to avoid being detected.
A recent article describes ten specific malicious email threats to help you understand how criminals are using email, and therefore what you need to do to defend yourself.
Follow Lastline on Twitter (@Lastlineinc), LinkedIn, or Facebook to automatically receive your Daily Dose of advice throughout the month of October. Or go to www.lastline.com/DailyDose where we’re compiling all of the daily advice throughout the month.
More CyberAware Tips—NCSAM—Week 2: Cybersecurity in the Workplace is Everyone’s Business
Latest posts by John Love (see all)
- Lastline Co-founder and CTO, Dr. Giovanni Vigna’s Malware Expertise Featured at Enigma 2018 - January 9, 2018
- Lastline’s Top 10 Blogs of 2017 - December 29, 2017
- Lastline’s Unparalleled Threat Visibility and Context Now Integrated with the Phantom Security Automation & Orchestration Platform - December 14, 2017