Read on Twitter
So its the first day of #CyberAware month; Time for real talk.
Being secure online is all about performing the basics, or a cyber hygiene routine as I like to call it. Its about forming habits and developing situational awareness. Let me share some of the simple techniques 1/n
Being secure online is all about performing the basics, or a cyber hygiene routine as I like to call it. Its about forming habits and developing situational awareness. Let me share some of the simple techniques 1/n
#1 Look at your Digital Footprint:
Ever actually googled yourself? Looked at the information you are sharing? Know where all your online accounts are?
First step is to do what an attacker would spend some time searching your name, email, other info.
Ever actually googled yourself? Looked at the information you are sharing? Know where all your online accounts are?
First step is to do what an attacker would spend some time searching your name, email, other info.
#1 <Cont>
There are some tools you could use to help with this...
https://rocketreach.co/
http://192.com
https://www.truepeoplesearch.com/
https://usersearch.org/
Search engines Google, Duckduckgo
Google: intext:<yourname> or <username>
Google: filetype:pdf <yourname> etc
There are some tools you could use to help with this...
https://rocketreach.co/
http://192.com
https://www.truepeoplesearch.com/
https://usersearch.org/
Search engines Google, Duckduckgo
Google: intext:<yourname> or <username>
Google: filetype:pdf <yourname> etc
2# Dreaded Passwords
The average person has like 20+ odd online accounts, and unless you're using a Password Manager or storing your passwords in a spreadsheet its likely they are similar
1) check https://haveibeenpwned.com
2) Create a strong Phrase
3) Use PW Manager
More...
The average person has like 20+ odd online accounts, and unless you're using a Password Manager or storing your passwords in a spreadsheet its likely they are similar
1) check https://haveibeenpwned.com
2) Create a strong Phrase
3) Use PW Manager
More...
2# <cont>
Its really important to understand that an attacker will search leaked and breached credentials online, there are about 15 odd billion out there. So it's likely the password you are using right now could be known by an attacker.
More...
Its really important to understand that an attacker will search leaked and breached credentials online, there are about 15 odd billion out there. So it's likely the password you are using right now could be known by an attacker.
More...
#2 <cont>
Long is Strong- yes but its also about your personal threat model here..
Password manager will give you ability to generate 100 char password for every account, its also one single point of failure. Some people think password book is terrible, but do what is best 4 u
Long is Strong- yes but its also about your personal threat model here..
Password manager will give you ability to generate 100 char password for every account, its also one single point of failure. Some people think password book is terrible, but do what is best 4 u
3# Multi Factor Authentication - its important!
Even if you have an amazing password, an attacker could still obtain this MFA will protect your accounts further.
1. SMS worst
2. App better
3. Ubikey :)
check out the awesome https://2fanotifier.org
MFA is simple, helps protect u
Even if you have an amazing password, an attacker could still obtain this MFA will protect your accounts further.
1. SMS worst
2. App better
3. Ubikey :)
check out the awesome https://2fanotifier.org
MFA is simple, helps protect u
3# <cont>
It is really important to note that you should think about enabling MFA on all your online accounts, this will help reduce your personal attack surface. Do also be aware that attackers can phish these, so don't think its the silver bullet. It is worth the time tho.
It is really important to note that you should think about enabling MFA on all your online accounts, this will help reduce your personal attack surface. Do also be aware that attackers can phish these, so don't think its the silver bullet. It is worth the time tho.
#4 Updates are really, really important.
Hey, pssst, yes you.. You may of heard this before, but update your sh*t.
It massively reduces your exposure to attacks that might be using a weakness in your operating system that the update fixed.
Hey, pssst, yes you.. You may of heard this before, but update your sh*t.
It massively reduces your exposure to attacks that might be using a weakness in your operating system that the update fixed.
#4 <cont>
Updates also include:
Phone
Laptop/PC
Router firmware
Smart Fridge, TV, Toaster, smart anything
Also make sure you have anti-malware on all devices, it will help reduce common attacks :)
Updates also include:
Phone
Laptop/PC
Router firmware
Smart Fridge, TV, Toaster, smart anything
Also make sure you have anti-malware on all devices, it will help reduce common attacks :)
#5 Whoa, back up there...and there...and there.
Ensure you back up your stuff regularly, especially the things that are important to you. Not only is it a pain if your device dies, but if you manage to get Ransomware. Ensure you have both online and OFFLINE copies!
Ensure you back up your stuff regularly, especially the things that are important to you. Not only is it a pain if your device dies, but if you manage to get Ransomware. Ensure you have both online and OFFLINE copies!
#5 <cont>
Here is a simple guide for backing up... might come in useful. https://uk.pcmag.com/backup-4/8647/the-beginners-guide-to-pc-backup
Here is a simple guide for backing up... might come in useful. https://uk.pcmag.com/backup-4/8647/the-beginners-guide-to-pc-backup
#6 Track me if you can....
Every site performs tracking, usually used for website analytics (where visitors are from, go etc), but also used by advertisers, and sometimes attackers. Reduce footprint by blocking these trackers. Use Brave browser https://brave.com/
Every site performs tracking, usually used for website analytics (where visitors are from, go etc), but also used by advertisers, and sometimes attackers. Reduce footprint by blocking these trackers. Use Brave browser https://brave.com/
Brave will block trackers, ads and any scripts, its designed with privacy in mind.. defo worth it.
Also it has a real private browsing mode... using TOR.. :)
Also it has a real private browsing mode... using TOR.. :)
#7 Verify, before action (trusting).
There's a saying if something is too good to be true then it probably is, being a social engineer myself, its easy to trick people in to doing things they don't realise might be malicious, or useful for an attacker < Big Thread this one>
There's a saying if something is too good to be true then it probably is, being a social engineer myself, its easy to trick people in to doing things they don't realise might be malicious, or useful for an attacker < Big Thread this one>
#7 cont Phishing is still probably the most effective tool an attacker in their arsenal. However, if you get a phishing email asking for you to click a link because your account has been compromised, don't! go to your acc login and check security notices. You have verified.. more
#7 cont.. urgency or pressure are a massive clue to something being wrong or suspicious. Attackers will play on urgency, to try and trip you up. Check the link does that look right, check the where it is sent from? But don't click the link, go to the website via google> login
#7 cont.. if you get a call from your <insert company name, bank, company just gone under, or in news>, its probably not them, so again hang up the call and use a different phone to call the number YOU have for them and verify the information.
We trust too easy, its time to stop
We trust too easy, its time to stop
#8 What to do if you have been compromised?
1) Don't panic, ok maybe a little :)
2) Disconnect your PC from the internet
3) Change your online passwords quickly (did you have 2FA)?
4) Let your bank know, and credit monitoring
5) UK - Call https://www.thecyberhelpline.com/
1) Don't panic, ok maybe a little :)
2) Disconnect your PC from the internet
3) Change your online passwords quickly (did you have 2FA)?
4) Let your bank know, and credit monitoring
5) UK - Call https://www.thecyberhelpline.com/
#8 <cont>
Some other things to do:
6) Change router password and ADMIN password
7) Check admin portal for connected devices and boot any that you don't recognise
8) Rebuild your machine from a backup, or worst case reset to factory settings.
9) make a quick cup of tea...
Some other things to do:
6) Change router password and ADMIN password
7) Check admin portal for connected devices and boot any that you don't recognise
8) Rebuild your machine from a backup, or worst case reset to factory settings.
9) make a quick cup of tea...
Ok that's it for now.. you do this and you'll be in a stronger place in terms of protecting your online information and accounts.
I wrote these articles a while back and its still just as relevant
https://tripwire.com/state-of-security/security-data-protection/opsec-everyone-not-just-people-something-hide/ (3 parts all linked)
Verify, Verify, Stay Safe.
I wrote these articles a while back and its still just as relevant
https://tripwire.com/state-of-security/security-data-protection/opsec-everyone-not-just-people-something-hide/ (3 parts all linked)
Verify, Verify, Stay Safe.
