Poka Lambro – The Cyber Security Basics

Passwords

Passwords provide the first line of defense against unauthorized access to your computer or device. The stronger your password is, the more protected you will be from hackers and malicious software. Make sure you change your passwords regularly, have different passwords for each account, and have strong passwords for all accounts. There are many websites you can visit to check your password’s strength before making it official. If possible, use a two-factor authentication for added security. Two-factor authentication is the second measure, in addition to your password, that makes it more difficult for attackers to gain access to your accounts. Some examples include a PIN, ID card, security token, fingerprint, and a verification e-mail.

A strong password…

• Is at least eight characters long.

• Does not contain your username, real name, or company name.

• Does not contain a complete word.

• Is significantly different from previous passwords.

• Contains an uppercase letter, lowercase letter, number, and a symbol.

Avoid these common passwords…

123456 Dragon 111111

Password Monkey 123321

Qwerty Master Abc123

Football Login Passw0rd

Baseball Starwars Welcome

Secure Wi-Fi Tips

• Be sure that your home network uses encryption and a password to prevent others from accessing it.

• Be careful when using Wi-Fi in public places like restaurants and airports. Only sign into known networks; like those operated by the establishment.

• Public networks are often less secure than private ones. Avoid banking, shopping, or doing anything confidential when using public Wi-Fi.

Safe Downloading Tips

• Always purchase entertainment, software, and other downloads from a reputable source.

• Beware of FREE music, and other FREE downloads, where harmful viruses and other malware can easily be disguised.

• Make sure your anti-virus, anti-spyware, and other security software is up to date.

• Set-up home or company computers to require credentials for installations and updates so that children and employees can’t download harmful files.

Phishing Emails

Phishing is the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers.

Tips to guard against phishing…

• Be cautious and treat all email requests for personal or company information with suspicion.

• Look for errors in the message. Phishing emails often contain poor phrasing, typos, and grammatical errors.

• Attacks often include threatening language and urgent calls for action.

• Hover over the link to see the actual URL to double-check its legitimacy.

• Look closely at the “from” line of the address. It might resemble a legitimate address but contain slightly different characters.

• Don’t open an email, or the links within it, if you don’t know the sender or you didn’t expect the email.

• Type the known URL to check for verification rather than clicking the link

• When in doubt, throw it out.

Ransomware

Ransomware is a type of malware that thieves use to digitally extort money from businesses and individuals. Hackers scramble file contents or lock computer users out of their systems and then demand payment to restore access to networks or programs.

Defend against ransomware…

• Ensure that operating systems, applications, virus detection software, and firmware are updated with the latest versions of the software.

• Understand the phishing techniques in the previous section and how to spot them.

• Keep web browsers updated and disable browser plugins (such as Java, Flash, and Silverlight) to prevent them from running automatically.

• Review network access and security policies to limit access to critical infrastructure to only systems and users who need it.

Trojan Horse

A trojan is a malicious computer program which misrepresents itself to appear useful or routine to persuade the victim to install it. Trojans are generally spread by some form of social engineering, where the victim is tricked into filling out an inconspicuous form or clicking to download an “update”. Most trojans act as a backdoor, which gives the sender unauthorized access to the affected computer. A backdoor gives the attacker the ability to run your computer, open your files, see your history, view your passwords, and more.

Many of the same rules that apply to guarding against phishing and ransomware will also help you defend against a trojan. Keep your software up to date and be cautious when downloading any file or update. Double check to make sure it is authentic. Be especially suspicious of files that end with the extensions .exe, .vbs, and .bat. These extensions can all execute a trojan.

Secure Websites

A secure website is one that is free of malware and viruses and encrypts all data going through it to protect your personal, financial and medical information. There are several ways to ensure a website is safe.

HTTPS://

Check to see if the URL in the address bar of your internet browser starts with “https://” before entering personal or private information on a website. The letter “S” indicates that the website is using Hypertext Transfer Protocol Secure (https), a protocol for secure communication. Don’t enter any personal information if the page is not secured by https.

The Lock Icon

Click on the lock icon (usually left of the URL) in the address bar of your browser to see if a website is secure. A pop-up will appear showing you website permissions, security certificate information, and other related details.

Badge Verification

Click on the “Secure and Verified” or similar badge at the bottom of a website if there is one. A page will pop up displaying the certificate and verification information. If the information does not match the website you’re visiting, it’s not legitimate and likely not secure.

Website Privacy Policy

Websites are legally required to protect a customer or client’s privacy. A website’s privacy policy contains information on how your data is collected from the website, how it is used, and what security measures the business will take to make sure your private data is safe. Keeping your data safe is not only the responsibility of the website but yours as well. Take precaution before sharing your information.

• Poka Lambro is not liable for any damage caused by Cyberattacks. This guide is intended to be a tool to help defend against some of the most basic forms of Cyberattacks. It is not all-inclusive, as the security landscape is always changing.