Winter Cybersecurity Basics

Starting off with Cybersecurity

From email hacking to data breaches, ransomware and more, there’s no doubt that cybercrime is taking up a major spot in today’s news. While you’ve definitely heard enough stories about disasters and problems, you might not have seen quite so much about how to actually cut down your chances of being affected by cyber issues.

Below, we’ve put together a few simple steps that can hugely improve your cybersecurity in a number of different areas, along with information about why the steps are actually helpful.

Avoiding Ransomware and Malware

Ransomware is a kind of malware which completely encrypts files on a computer or server, making them completely inaccessible for the user until a ransom is paid to release the files. While ransomware has been around for years, it’s had a huge surge recently with the rise of untraceable cryptocurrencies, in which the ransoms are typically paid.

We recommend keeping a secure backup of your computer if there’s any vital data on it - this way, you’ll be able to restore any encrypted data if you end up infected by ransomware. However, there’s a couple of ways in which you can cut down on your chances of being infected in the first place.

Most mal/ ransomware is spread via maliciously mislabeled files - whether it’s packed in downloads or attached to spam emails. To cut down on the risk of infection here, you should make sure that you actually verify the legitimacy of email attachments and downloads - consider the sender: do you trust them? Are they who they claim to be? Would you expect them to send you an attachment?

Malware-containing emails often appear to be from real sources, or link to seemingly legitimate websites. There’s a number of warning signs to be aware of - misspellings, poor grammar, links to unusual websites, emails from previously unseen contacts, and more. This archived Microsoft guide takes a closer look at some of the warning signs, while Comparitech’s in-depth phishing guide also provides some extremely helpful guidance.

Along with secure & reliable backup, there’s a couple of resources to be aware of if ransomware strikes. No More Ransom collects decryption solutions for a range of ransomware types, helping you recover lost files if infected by certain types of ransomware. Other anti-ransomware tools include Ransomfree, a recently developed system built to detect and prevent encryption from ransomware in real-time.

Genuinely Secure Passwords

If you’re creating a new account for most online services, you’ll be asked to provide a secure password. However, just meeting the requirements set by sites (including capital letters and numbers, for example), doesn’t necessarily make your password truly secure.

There’s a couple of reasons for that. Firstly, the majority of people reuse their passwords for more than one site. This makes them vulnerable to data breaches - incidents where user data is stolen by intruders. Cybercriminals with access to stolen data will often try to get access to user accounts on other sites using any leaked passwords, which means that reused passwords are fundamentally not secure.

Secondly, another major way for cybercriminals to gain access to private accounts is through the use of a dictionary attack, which can make some seemingly secure passwords completely vulnerable. Essentially, a dictionary attack tries to access your account by using a huge number of words/phrases to try and guess your password - a major reason why sites ask for a secure password in the first place.

When asked to create a secure password, many users substitute letters in a word for numbers (i into 1, e into 3, etc), or capitalise letters within the word. This doesn’t actually make cracking a password much harder at all - most dictionary attack software automatically tries variations on the words being used, only slightly slowing down the attack rather than making you more secure.

To ensure that a password is actually secure, you need to be sure that it (or variants on it - password1 to password2, for instance) isn’t used anywhere else. While creating a new password for each site may be hard to remember, it’s a vital security step (using a secure password manager can help with this hugely).

You also need to ensure that your password isn’t vulnerable to a dictionary or brute force attack. The common recommendation here is to create a string of several random words (a passphrase), ensuring that the password is both relatively hard to break and highly memorable - while there’s other approaches, this is generally an effective move.

Staying up to date

As a final basic step to improve your cybersecurity, it’s important to ensure that you’re always kept up to date on patches for your software and operating system - a lot of major cyber issues are the result of security holes in out of date software. Keeping up to date with patches completely cuts off a major vulnerability, and doesn’t take a lot of effort - don’t just keep putting off updates indefinitely.

It’s worth noting that absolute security isn’t really possible in all cases - bugs and exploits in software are often targeted by ‘Zero-day’ attacks, which can take a while to notice, yet alone fix.

If you’re interested in staying more up-to-date on the latest developments in cybersecurity, we’d recommend looking into your local cybersecurity cluster where you’ll find regular security meetings around your area.