10 Common IT Security Tips which are Abused by Hackers

Secure Click News 10 Common IT Security Tips which are Abused by Hackers<br />

10 Common IT Security Tips which are Abused by Hackers

1)  A Padlock means a Website is Safe

Users are frequently advised to make sure that a padlock appears in the navigation bar of their browser. However, most users are not told just how easily a hacker can deploy a fake SSL certificate on a fraudulent website. Such a certificate which will also makes a padlock reassuringly appear in your browser’s navigation bar. Users need to be informed that a padlock icon in their browser's navigation bar does not always mean a secure site.

2) Verify the Identity of a Caller

Users are told to verify the identity of a caller using their phone’s caller ID. Users, however, are not told just how easily telephone numbers from their head-office, their bank or their IT support company can be spoofed. The trust imbued by a familiar or Google verifiable number can result in users revealing email account passwords or dispensing information which could be used to carry out invoice fraud. Users need to be informed just how easy it it is to fake a number. Users also need to know that just because a certain number appears to be linked to an organisation in Google's search results - it does not make it safe.

3) Change your Password if you Suspect you’ve been Hacked

Users are frequently told to change their password if they suspect they’ve been hacked. Hackers exploit this advice with gusto. A substantial number of phishing emails try to shock users into believing their email or some other cloud-based service has been hacked and conveniently provide them with a (bogus) weblink. This link invariably either leads them to a malware-infected site or a phishing site.

4) Change your Password if you Suspect you’ve been Hacked…Part 2

And on the topic of password changes, users are advised to immediately change their passwords after a suspected compromise. However, this advice is rarely suffixed with the caveat that password change should never be performed on the device which has been compromised. A password change should always be performed on a non-compromised device. This is because, if a hacker has installed some data-stealing malware or password-logging software on your device, the new password could be easily stolen.

5) Backup your Data

Users, and especially remote workers, are told to have a local backup of their data. However, users are less frequently informed that their backup should be disconnected from their system while not in use. This is because crypto-ransomware or data-wiping malware often propagates to attached storage and could eviscerate a USB-connected or LAN-connected backup in a matter of seconds. The attacks on WD MyBook Live NAS storage devices which resulted in hundreds of Irish users having their data wiped is a case in point.

6) Connecting to Secured Wi-Fi Connections is Safe

Users are told only to connect to secure Wi-Fi connections. Most users interpret this as a network which requires a password. However, even if a Wi-Fi connection is encrypted with WPA2-AES256, it does not automatically make it safe. Because on a “strange” Wi-Fi network, you just never know who is performing packet sniffing on the network.

7) A VPN is Safe

And speaking of wireless networks, users are frequently advised to use a VPN when accessing a strange wireless network. Yes, that is partially good advice. But only if the VPN app they use is genuine. There are tons of fake VPNs apps floating around cyberspace often emulating those which are advertised on TV and promoted by vloggers. What’s more, there are tons of so-called “free VPNs” which will actually attempt to access your sensitive data and leak your real IP address.

8) Trusted Senders are Okay

Users are often told only to open up email attachments and links from trusted senders because trusted senders don’t propagate threats such as malware. However, the reality is that so-called trusted senders like colleagues, friends and even your boss can get their email account taken over by a hacker. This can result in malware getting installed onto your computing device or your own email account becoming compromised.  

9) Check your Password Robustness with a Password Checker

Users are often told to check the robustness of their passwords by using an online password checker. However, some online password checkers will check the entropy of a password while not taking into account pre-computed ready-made passwords used by some hackers in brute-forcing attacks. For example, some online password checkers indicate that a password like “january2016” would take a month to crack. This can give users a dangerous sense of false security.  

10) MFA is Safe

Users are often told that multi-factor authentication (MFA) is safe. They are less frequently told that if, for example, their SIM card gets cloned in an SS7 attack, MFA codes protecting their email or bank accounts are about as secure as a leaky barrel of petrol in welding plant. Users need to be informed that SMS authentication messages can be fake and authenticator app codes can be stolen. They also need to be informed of the tell-tale signs of sim-clone attack.

Got a question?

If you would like to make an enquiry about any of our services click the "Contact Us Now" button and fill in your details.