Secure Your Data by Tightening Your Weakest Links
October 15, 2019
The old adage “you’re only as strong as your weakest link” is spot-on when it comes to safeguarding your computer systems from cyber attack. In the second of four articles for National Cybersecurity Awareness Month (October), FTI Cybersecurity presents essential best practices for fortifying basic barriers that secure your most sensitive data.
Imagine a vault holding your most valued assets protected by a security system worth millions of dollars. Would you trust the system if you knew that anyone could penetrate it simply by lying to a door guard or by punching in “1234” on a keypad lock? Of course you wouldn’t. Yet companies (and individuals) often put themselves in a similar position through poor end-user cybersecurity practices that leave their assets vulnerable to hackers. Here are three areas everyone can tighten that address common cybersecurity weak links.
Passwords have a deceptive simplicity about them. They are easy to create but are incredibly important as they are often the only thing standing between an attacker and valuable data. Unfortunately, many users rely on the same weak password for multiple accounts out of convenience, leaving their accounts vulnerable to dictionary-based and brute force attacks.Tighten the Link:
You can reduce the likelihood of systematic guessing of your passwords by strengthening their complexity and uniqueness. One way is by utilizing passphrases — these are sentences you develop with uppercase and lowercase letters, numbers and added symbols. An example might be the phrase C0mputer Police Ice Te@ COOK!E which you would type with all the spaces and symbols included. It’s easier to remember than a random collection of letters, numbers and symbols and yet is complex and unique. Another excellent way to shield your passwords from being guessed is by utilizing an online password manager, which requires you to memorize only a single master password to access your vault or websites. Many of these managers are free or low-cost.
While a strong password is essential, it can still end up in the wrong hands through phishing attacks or social engineering (manipulating your trust) by nefarious actors. These attacks are ploys designed to trick end users into divulging sensitive information or downloading malware via email hyperlinks, phone calls or text messages that appear legitimate. An example might include an attacker masquerading as an IT professional who emails a targeted victim and requests they enter their work credentials to perform a software upgrade. The attacker can tailor the message to include the target’s name and work position and refer to company-specific information, which adds a quality of realism to the request. Through this ploy, attackers can harvest user credentials with little effort.
Tighten the Link:
To avoid this issue, always pause and think before clicking on, or downloading, anything you receive unsolicited. If you’re unsure about a request, confirm its legitimacy through a phone call. Additionally, learn to look for obvious signs of phishing, such as a URL that appears familiar but is in fact slightly off. For instance, “coompany.com” masquerading as “company.com.”
While a well-crafted phishing email can deceive a user into disclosing a password or other information, multifactor authentication (MFA) will make the stolen information almost useless to an attacker. MFA is the second of a two-step process (the first is a password) needed to gain access to an account and is typically a temporary numeric code. Because MFA requires a physical device in possession of the user — such as a phone — to receive the code, it provides an additional layer of security.Tighten the Link:
Most MFA solutions are convenient and simple to use, requiring only the downloading of an app on a mobile device, or turning on the two-step authentication on a website and entering your mobile phone number to receive the numeric code via text.
The cyber cat-and-mouse game between malicious attackers and security professionals is constantly evolving from new threats that arise, but one thing remains consistent: The end user represents the weakest link in the security chain. A few simple and positive changes can tighten the link and make you and your company far more resilient.
Read the first article in our series: Keep Your Phone Close — And Your Data Closer
© Copyright 2019. The views expressed herein are those of the authors and do not necessarily represent the views of FTI Consulting, Inc. or its other professionals.
About The Journal
The FTI Journal publication offers deep and engaging insights to contextualize the issues that matter, and explores topics that will impact the risks your business faces and its reputation.