Jeannie Warner security manager at WhiteHat Security, has kindly provided us with a National Coding Week guest blog for Cyber Security Week.
When you go online, it’s a simple fact that you are putting your personal data at risk. With digitalization occurring globally, data breaches are becoming more common every day. According to Breach Level Index, more than 3,000 records are stolen each minute, which translates to more than 50 records each second. And the number of records stolen in just the first half of 2017 reached almost 2 billion.
We are just wrapping up National Coding Week, a holiday to recognize the importance of coding. As we celebrate software development and coding today, it’s important to reflect on how to protect yourself in our internet-driven world.
Companies need to implement better security testing efforts to protect against vulnerable targets, such as websites, databases, network connections, mobile applications and APIs. With that said, we as users need to be better at taking security precautions. Here are four strategies to protect yourself online, during National Coding Week and beyond.
1. Don’t use the same password for all sites and apps
If one site or app is breached, it’s possible that all of your accounts are now targets. At the very least, be sure to use a variety of passwords to minimize the impact. People naturally try to make their lives easier with fewer passwords to remember– which is understandable.
Unfortunately, when a website is hacked and passwords are stolen, attackers can use those passwords to target multiple websites online and steal valuable personal data. One way to protect yourself is through a password vault, where you can store and remember uniquely different passwords, accessed through one strong password. A second is to try to avoid using your main email address as a login if you can – the same login saves guessing time for hackers across multiple sites.
Finally, two-factor authentication can help protect users within any app or site that supports it. When used, adversaries must have another form of authentication such as your phone or email to verify the account, which is highly unlikely.
They may seem interesting or completely safe, but chances are, you’re putting your personal data at risk. Be careful not to trust links and attachments in emails, chats or texts.
According to Verizon’s 2018 Data Breach Investigations Report, the third most common data breach vector is a phishing attack. This is called ‘phishing,’ a simple way that hackers target people every day. Hackers often lure people into clicking malicious links to gain personal data, imitating people and businesses they regularly interact with as a facade.
Resist the urge to click the links and go directly to websites of companies that are promoting items via email; For instance, if LinkedIn sends a request via email for you to connect with someone. Instead of clicking the request via email, go directly to the website and verify that the request is real, and accept from there.
The Verizon 2018 Data Breach Investigations Report found that of the 53,000 incidents, 2,216 were confirmed data breaches. In addition, the report found that 73 percent of breaches are perpetrated by outsiders. It is unknown what percentage of the ‘malicious insider’ breaches are really outsiders with stolen login credentials.
Constant monitoring of your credit card and credit history is very important. Companies can breach your data, and it will be leaked. Even with precautions, you can be a victim.
By constantly monitoring your credit and enlisting a service that monitors it for you and checking in on your card/bank activity weekly or monthly, you’ll be alerted of anything malicious. It’s more advantageous to know quickly and then act upon it, then find out years later and have to face the implications.
There are many attacks which can be made against your phone and laptops’ Bluetooth connections. If you’re not actively using it to synch, i.e. with your car radio or to upload items, turn it off. Just do it. Bluetooth on in a coffee shop opens you up to all kinds of sophisticated attacks, including various forms of Bluejacking and Bluesnarfing which include ransomware, malware and spyware.