What can you do to protect yourself from being hacked? For one, you can start thinking like a hacker and acting like a security pro.
The hacker mindset is not just for criminals. Sure, we all know the basics of keeping our data secure: using strong passwords, not clicking on suspicious links in email. But it’s time to take a deeper look at where your vulnerabilities may lie, both online and offline, and then take your security up a notch.
Be aware that there are some cybersecurity practices hackers hope you’ll overlook in protecting yourself and your company. Here are a few of the things cyber criminals love.
An Open-Door Policy
“The average attacker is looking for the low-hanging fruit,” says professional social engineer Chris Hadnagy, who tests the network security of a wide range of organizations.
This can go beyond an easy “in” led by a single individual opening an attachment from an unidentified source or clicking on an unfamiliar link to include the offline world as well. Hadnagy describes a time when he ended up in the president’s conference room of a company just by saying that he was there doing a quote for pest control services. If he could get into the company conference room, imagine what he could do in an unattended employee office.
Similarly, Hadnagy instructs businesses to make sure their security personnel are diligent about such things as checking badges―this includes big groups of people coming back into the office after lunch. “So-called ‘tailgaters’ have been known to tag along to big groups to avoid suspicion from security guards,” he says.
Whether you’ve landed a new job, gotten some new digs, or just want to post a cool selfie, chances are you’ve shared about your life on social media. Sharing what you’re doing might seem innocent enough, but your friends and followers aren’t the only ones taking notice. Social media hackers are also paying attention to your updates to see what they can exploit. The more you share, the easier you are to hack.
“Once information is posted to a social networking site, it is no longer private,” warns Efrat Cohen, a private investigator and certified identity theft risk management specialist with Global Intelligence Consultants. “The more information you post, the more vulnerable you may become. Even when using high security settings, friends or websites may inadvertently leak your information.” she says.
The Kryptonite Complex
Falling into the trap of thinking you won’t become a victim of cybercrime may be human nature, but it isn’t the kind of thinking you want to adopt. In business, you need to always be mindful of other companies with whom you work closely, and ensure those companies also do their due diligence around cybersecurity. Hackers will go after the weakest link in the supply chain.
On the personal front, thinking you’re invincible can get you in trouble as well. If an email offer looks too good to be true, the prices on a website seem abnormally low, or you receive an unsolicited phone call offering computer support, use your common sense. Even the simplest offer could be a scam, and you could fall victim if you’re not careful. Always look for the padlock when using secure online services and thoroughly question phone solicitors.
Think back to a situation when you may have had to register on a site to get information and knew you would never visit that site again. Did you still use your regular email address because it was quick and easy?
Hadnagy suggests taking a little extra time to set up a new email account for use in these types of scenarios. That way, companies can’t spam you with useless information or sell your real address to other parties who may not have the best of intentions.
When it comes to staying cyber safe, Hadnagy also recommends implementing some level of paranoia consistent with the level of data you are trying to protect.
“Don’t be afraid to be someone who tries to remember a password made of 16 random characters and doesn’t store it in a password manager. The safest security box for your passwords is your mind. If you opt to use a password manager, make sure it doesn’t store your passwords in the cloud or on the web,” he adds.
Going back to your email Inbox (which can be a great playground for hackers), think about how easy it would be to first hover over a link in a message before just simply clicking on it. For people who live life in the fast lane, taking the extra measure might seem like time not well spent. When, in reality, this is a smart way to make sure the address matches the URL you think you’re about to visit—because sometimes it won’t. Wouldn’t it be better to be safe rather than sorry?