When you are interested in learning a new skill or obtaining new information, who do you turn to? Typically, you look for someone who has experience and has “done it before”. Even if you turn to the internet, the articles or videos you likely watch were written or feature an expert in the subject matter you are interested in. Should learning about hacking, and how to prevent getting hacked, be any different? Nope.
We took some time to gather tips and insights from actual Hackers. Some are ethical hackers that are hired by organizations to find vulnerabilities, and some are convicted hackers. In both situations, they know their stuff, and you might want to listen to what they have to say.
Be Careful What You Post
Social media is like a treasure chest for hackers. Even fun company photos can provide hackers with information that you never intended to share. Take, for example, a photo of your company bowling team at the bowling alley. As harmless as this may seem, this photo provides insight into which people within your organization might be susceptible to a phishing email indicating a change to your team’s bowling schedule. And, if it is coming from another bowling teammate, what would the harm be in downloading the new schedule, or clicking the link to find the updated dates/times. A LOT. Because malicious malware, or a malicious payload was just added to your device.
Stop Sharing Your Security Badge Photos
Often, new hires or interns are so excited about their new role that they want to share it with the world…they are. When a security badge is shared on social media, potentially with a fun hashtag like #newintern or #mynewjob and the company name, guess what hackers can do? Recreate the security badge for that company, add a fake photo and name, and waltz right through the door! True, they may not be able to “scan into” any secure places, but if they can walk through the door, they have access to visible information. Things like Wi-Fi passwords on white boards, sticky notes with passwords or other important information and laptops that show the type of security software being used. Seeing these tidbits can give a hacker just enough information to tailor an attack on your company, through custom-malware, for example.
Your Complaint May Cause More Damage Than You Think
Let’s say you want to vent about a bad day or situation at work, so you take to social media or other job posting websites and air the dirty laundry. On the surface, the only harm is giving potential new employees a reason not to apply, but more damage could take place. A hacker may find the information (not too hard) and use it to reach out to employees with a solution through a phishing email. Suppose an employee complains about the layout of the office. A hacker may then grab that information and share an email with employees announcing the new floor plan layout. But alas, that email is malicious, and an attack begins as soon as the PDF is opened.
Use Better Passwords On Your Phone And Other Devices
That four-digit password on your phone is basically an invitation to get hacked. If a hacker sees you in a coffee shop and notices you tap in four digits, you could have just made yourself a target. Instead, use a longer password that includes letters and numbers. The same applies to your other devices as well. Laptops, tablets, routers…use complex passwords that incorporate upper and lowercase letters, numbers, and symbols.
Don’t Reuse Passwords
It may be convenient for you to use your passwords for more than one login, but it’s also convenient for hackers too. When you reuse your password, you open up the opportunity for a hacker to access everything connected with that password – email accounts, social media, bank accounts. Don’t reuse passwords!
Delete Emails With Sensitive Information
Sure, it may be nice to keep emails with sensitive information, but if you happen to get hacked, that sensitive information is in the hands of the hacker. Hackers will exploit that sensitive information, especially if it is login or password information.
Stop Using Public Wi-Fi
Let’s say you’re at your local coffee shop enjoying a pumpkin spice latte, and you randomly get kicked off the public WiFi. FYI, it wasn’t random. You might be in the company of a hacker who intentionally kicked everyone off, just to get you to log back on. But this time, it’s a fake Wi-Fi network with the same name. And once you log on, you’ve also opened the opportunity for a malicious payload to be delivered. In general, avoid public Wi-Fi.
Enable Two-Factor Authentication
Turn this on for anything that requires a login. This gives you more protection and makes you less of a target. Hackers tend to go for the easiest route. Two-factor authentication creates a roadblock, and that is your goal, to make it harder for hackers.
Patch It Up
Off the shelf software (vs. custom) can be a bit more secure because it is typically security audited at the source. If, however, a security issue is identified, patches are deployed. Implement these patches. Think about it. Once a patch is announced, hackers know there is a potential issue. Those that do not implement the patch are giving hackers the green light to target them.
Be Suspicious
Keep your guard up when it comes to things that are online, or come near your devices. Emails, PDFs, thumb drives, public Wi-Fi – they could all be entry points for hackers. View everything with a critical eye, and do not let your guard down. Having a bad day? Don’t let your guard down. Just heard great news? Don’t let your guard down. It sounds kind of depressing, but it’s a good way to protect yourself, your company, and your loved ones. Be ready and try to think like a hacker to prevent yourself from being hacked.
Stay Calm If You Get Hacked
If you are hacked, stay calm. You’ll need a calm mind to ensure you do the right things, and not the wrong things, which can lead to more trouble. Consider using this “you’ve been hacked cheat sheet” as a guide.
The insights and tips captured above stem from Joanna Rutkowska, Stephanie Carruthers (SNOW), Kevin Mitnick, and Greg Hoglund.
The post Hackers Tell-All. Get The Inside Scoop appeared first on Intivix.
