The Lastline Daily Dose program supports National Cyber Security Awareness Month (NCSAM) with daily tips and advice to help individuals and organisations detect and prevent malware-based cyber attacks.
Throughout October, Lastline will offer a daily dose of advice aligned to the weekly themes established by the Department of Homeland Security on the Information Age website.
The theme for week 1 of NCSAM is simple steps to online safety. Here are our daily doses of advice for October 2-6.
The best defense against ransomware is a current backup that has “versioning,” which avoids restoring encrypted files.
Criminal can demand ransoms because victims are worried about losing their data. But if you have your information backed up, then the criminals lose their leverage. What makes this a bit tricky is that some of your files may already have been encrypted by the ransomware and then backed up, so if you simply restore everything from your most recent backup, some files will still be encrypted. Versioning enables you to restore earlier versions of your data, before anything was encrypted – Learn more about versioned backups.
Don’t be a whale–Use email gateway to flag keywords used in Business Email Compromise attacks like “payment” and “urgent”.
In the Business Email Compromise (BEC) scam, criminals spoof the email of an executive to instruct someone lower in the organisation to do something that benefits the criminal, like wire funds to the criminal’s account. The emails typically have a similar tone, urging secrecy and expediency. So, flagging key words, such as “payment”, “urgent”, “sensitive”, or “secret” can help to detect this scam.
>See also: Cyber security climbs the political agenda
The scam also depends on spoofing the executive’s email address, typically with a domain name that is very similar to the real one, for example:
• “123abccompany.com” instead of “123abc-company.com”.
• “abccornpany.com” instead of “abccompany.com’ (can you spot the difference? – using “rn” instead of “m”).
Simply double checking with the executive who is making the request, by typing their email address, not replying to the original email, is the best way to foil this scheme – Learn more about the BEC scam.
Avoid default, weak & reused passwords–Use a password manager to create unique, strong passwords for every account. It only takes one password, particularly if it belongs to a privileged user, to start an attack sequence that can lead to the capture of thousands or even millions of user accounts and records.
The list of the most popular passwords hasn’t changed much over the past five years, with “123456” (and similar number sequences), “password” and “qwerty” still at the top. Criminals know this, and they use these to compromise accounts. And people often reuse passwords, so compromising a less sensitive account, such as an online meeting service, could lead to compromising a bank account.
Password managers can automatically generate unique, strong passwords without requiring the user to remember each one.
Adding 2FA to the services that you use every day will reduce the risk of having your account compromised. This adds another level of security to yesterday’s tip about avoiding weak passwords.
Two factor authentication is a method of computer or account access control in which a user is granted access only after successfully presenting a second piece of evidence to confirm their identity, and has been demonstrated to decrease the risk of a system or personal account being compromised.
A password typically is the first factor, and the second factor is something the user knows (e.g. answer a question about where you were born), something they have (e.g. provide a code texted to your smartphone or a code generated by a token), or something they are (e.g. biometric identity such as a fingerprint or voice scan).
If you’re curious about what companies support 2FA, twofactorauth.org maintains a list online.
Keep email protection high on your priority list – Most breaches are caused by malicious email attachments – 51% of data breaches are caused by malware, and 66% of malware is installed via email attachments. So, email is an attack vector that must be secured.
>See also: Policing cybercrime: a national threat
The best and most efficient way of detecting malicious emails is to implement technology that analyses each email and attachment to identify any suspicious or potentially malicious behaviour. For example, there’s no reason why a benign attachment to an email would be programmed to change security settings or try to avoid being detected.
A recent article describes ten specific malicious email threats to help you understand how criminals are using email, and therefore what you need to do to defend yourself.