Last week, we spoke about “Social Engineering” and ways criminals try to gain access to your information, system, and devices. Just a few months ago an attacker successfully used social engineering to still thousands of dollar worth of cryptocurrency by masquerading as an executive of “Classic Ether Wallet” and tricking someone into allowing the attacker to hijack the site. The hacker was then able to redirect the domain to his own server. The hacker also inserted code on the site that enabled him to siphon funds from the victims' accounts.This week we will share ways to avoid successful cyber attacks in the first place. Hackers and scammers are persistent. Let’s step up our game using a few tips.
One of the most highly recommended ways to keep your various accounts secure is opting into two-factor authentication whenever available. ASU already requires two- factor for all faculty, staff, and student workers and you can opt in for two-factor at many other sites, especially banking sites, to make it harder for attackers to access your accounts.
Another important step is maintaining an up-to-date antivirus and anti-malware software to defend against malicious attacks that do make their way through the web and onto your device. You can check the Information Security Office’s recommendations for free antivirus solutions. It is also especially important to keep all applications updated and patched to its latest version in order to keep up with rapidly changing technology, attack vectors, and programs.
In addition to protecting yourself with antivirus/anti-malware software and keeping your applications patched, here is a list of some things you might not immediately think of that can help.
Take care when you post to social media and company websites. Attackers collect information from all of those sources to aid in their attacks.
Be suspicious of requests for secrecy or pressure to take action quickly. Scams regularly use this tactic.
Use “Forward” not the “Reply” option to respond to business e-mails especially if the content is sensitive. With “Forward” you have control over the e-mail address.
Consider Out-of-Band Communication to establish a trustworthy communication channel, such as a phone call, to verify any significant business transactions or engagement.
Beware of sudden changes in a third party business practice. Proceed with caution of a business contact suddenly asks to be contacted via their personal email.
A complete list of self-protection strategies is available on the United States Department of Justice website www.justice.gov in the publication titled “Best Practices for Victim Response and Reporting of Cyber Incidents.”
Finally, here’s a reminder of the basics, the simple things you can do to beef up your cyber defences:
Change your online passwords regularly and maintain them in a secure location. As a complimentary service, ASU has partnered with LastPass to bring you a password management tool. For more information, please visit. Get Protected.
Never use the same password for multiple accounts, especially high value accounts such as online banking accounts.
Use strong passwords. A strong password uses a combination of upper and lower case letters and also uses numbers and special characters to make a password.
Never open attachments (unless you’re sure it is safe).
Remove applications you no longer use.
Avoid untrusted public or open Wi-Fi networks.