CISO Blog
Part 2 of keeping our parents digitally safe
Continuing the topic of advice to our (my) parents on staying safe online. We know the digital world is a scary place, especially so for those of us who aren’t tech-savvy.
So, to our (my) parents, don’t worry, there are simple steps you can take to protect yourself from cybercriminals. Like I said in Part 1 don’t trust anyone online, or over the phone for that matter and if it sounds too good to be true then it is!!
Now the question I get is “how do I get a secure password, keep it safe and remember it?”. Well this is not just a Parent problem but one that most of us face. I for one battle to remember all the passwords for all the places I need to log into daily and the last thing I want is to use the same password everywhere, because if one gets compromised then all are compromised. So how do you solve this issue and make life easier.
The answer…. A Password Manager.
So, what is a Password Manager. In layman’s terms a password manager is a software application that helps you create, store, and manage your online passwords securely.
The benefits it offers are massive
- Enhanced Security
- Password managers encrypt your passwords, storing them in a secure vault. This makes it much harder for hackers to access your credentials, even if they gain access to your device.
- They also help you create strong, unique passwords for all your accounts, which are much harder for cybercriminals to guess or crack.
- Convenience and Efficiency
- With a password manager, you only need to remember one master password to access all your other passwords. This eliminates the need to remember multiple, complex passwords, simplifying the login process and reducing the risk of getting locked out of your accounts.
- Many password managers also offer autofill features, automatically filling in your login credentials when you visit a website, saving you time and effort.
- Multi-Platform Accessibility
- Most password managers offer cross-device synchronisation. This means you can access your passwords from any device, whether it’s your computer, smartphone, or tablet.
- Additional Features
- Many password managers support two-factor authentication (2FA), adding an extra layer of security to your accounts.
- Some also offer features like secure password sharing, password health reports, and dark web monitoring, further enhancing your online security.
Here are some examples of Password Managers that are available but pick one that is easy to use for your folks or even for you. I personally make use of a Password Manager and find them to be very useful.
- Google Password Manager (Free): Integrated with the Google ecosystem, offering automatic password saving, generation, and cross-device synchronisation.
- LastPass (Paid): Provides secure password storage, autofill, multi-device synchronisation, and a comprehensive reporting dashboard.
- Keeper (Paid): A zero-trust platform with end-to-end encryption, secure file storage, and 2FA.
- Bitwarden (Paid): An open-source password manager with strong encryption, secure password sharing, and cross-platform compatibility.
- KeePass (Free): A free, open-source password manager with strong encryption and local storage.
Creating a Master Password
Now you still need a great Master Password to secure it and here. The trick is to use a long password that is easy to remember but near impossible to guess. To achieve this I have the following guidance:
I like using a sentence, something I like doing or have seen around me that I can easily reference. Some examples I give are:
“I LOVE watching the ocean”
“Me sitting on the porch”
“I think I am Gordon Ramsay”
“oh look a butterfly!”
Anything long and easy to remember will do !!
Additional Tips for Staying Safe Online:
- Be Cautious of Phishing Attacks: Be wary of unsolicited emails, texts, or calls asking for personal information.
- Keep Your Software Updated: Regularly update your operating system and software to protect against vulnerabilities.
- Use Strong, Unique Passwords: Avoid using the same password for multiple accounts.
- Be Mindful of Public Wi-Fi: Avoid sensitive activities like online banking or shopping on public Wi-Fi networks.
Now all you must do is show your folks / kids / friends, how to use it, which is also simple.
CISO Blog
The Troublemaker’s Take on Liminal Panda
Liminal Panda? More like Liminal Pandaemonium! These cyber-ninjas are sneaking around the telecom world, stealing secrets and causing chaos. They’re like digital pickpockets, slipping into networks and making off with sensitive data.
These Chinese hackers aren’t just stealing your data; they’re stealing your future. They’re compromising critical infrastructure, disrupting services, and undermining national security. It’s like a real-life cyber thriller, but without the cool gadgets and the witty one-liners.
So, what can you do to protect yourself from these digital ninjas? Well, you could start by following some basic security practices. Things like keeping your software up-to-date, using strong passwords, and being wary of phishing attacks. But let’s be real, that’s not enough. You need to be proactive and think like a hacker.
Here are a few tips to help you stay ahead of the curve:
- Know your enemy: Understand the tactics, techniques, and procedures (TTPs) of advanced threat actors like Liminal Panda.
- Embrace zero-trust security: Don’t trust anyone, not even your own employees.
- Invest in advanced security tools: Use tools like endpoint detection and response (EDR) and security information and event management (SIEM) to monitor your network for threats.
- Stay informed: Keep up-to-date on the latest cyber threats and vulnerabilities.
Remember, cybersecurity is an ongoing battle. Don’t let the Liminal Pandas win.
Download the report here
CISO Blog
The Dirty Little Secrets of Cybersecurity
We’ve all heard the horror stories: massive data breaches, ransomware attacks, and identity theft. But what are the real reasons behind these cyber catastrophes? It’s not always about some shadowy hacker genius; often, it’s about simple mistakes and oversights.
The Dirty Little Secrets of Cybersecurity
We’ve all heard the horror stories: massive data breaches, ransomware attacks, and identity theft. But what are the real reasons behind these cyber catastrophes? It’s not always about some shadowy hacker genius; often, it’s about simple mistakes and oversights.
The human element is a significant factor in many cyberattacks.. From clicking on malicious links to falling victim to social engineering tactics, people can inadvertently open the door to cybercriminals.
Here are the mistakes being made and funnily enough the Top 3 (According to me) has to do with People…
- Underestimating the Human Factor
- Ignoring Insider Threats
- Overlooking Physical Security
- Neglecting Patch Management
- Weak Password Policies
- Phishing Susceptibility
- Failing to Back Up Data
- Neglecting Mobile Device Security
CISO Blog
The 10 Immutable Laws of Cybersecurity (and why they still matter)
Let’s talk about the ten immutable laws of cybersecurity. These aren’t just some dusty old rules from the past; they’re the foundation of modern cybersecurity. They’re the ten commandments of the digital world, and if you break them, you’ll pay the price.
Let’s talk about the ten immutable laws of cybersecurity. These aren’t just some dusty old rules from the past; they’re the foundation of modern cybersecurity. They’re the ten commandments of the digital world, and if you break them, you’ll pay the price.
- If a bad guy can persuade you to run his program on your computer, it’s not your computer anymore. This is the classic social engineering attack. Don’t click on suspicious links or open attachments from unknown senders.
- If a bad guy can alter the operating system on your computer, it’s not your computer anymore. This is why patching is so important. Keep your systems up-to-date to prevent attackers from exploiting vulnerabilities.
- If a bad guy has unrestricted physical access to your computer, it’s not your computer anymore. This is why physical security is crucial. Don’t leave your devices unattended, and use strong passwords to protect your accounts.
- If you allow a bad guy to upload programs to your website, it’s not your website anymore. This is why it’s important to have strong input validation and sanitization in place.
- Weak passwords trump strong security. This is a no-brainer. Use strong, unique passwords for all your accounts.
- A computer is only as secure as the administrator is trustworthy. This is why it’s important to have strong access controls and regular security audits.
- Encrypted data is only as secure as its decryption key. This is why it’s important to protect your encryption keys.
- An out-of-date antimalware scanner is only marginally better than no scanner at all. Keep your antivirus software up-to-date and run regular scans.
- Absolute anonymity isn’t practical, in real life or on the Web. Don’t believe everything you read online, and be careful about what you share.
- Technology is not a panacea. Technology is a tool, not a magic bullet. It’s important to use technology wisely and to combine it with human intelligence.
By following these ten laws, you can significantly reduce your risk of cyberattacks. Remember, cybersecurity is an ongoing battle, so stay vigilant and keep your defenses strong.
-
Organizational Transformation2 weeks ago
Digital Transformation: Shaping the Future of Modern Enterprises
-
Digital Transformation1 week ago
The Importance of Digital Transformation in Today’s Business World
-
CISO Blog1 week ago
The Troublemaker’s Take on Liminal Panda
-
Threat Actors4 weeks ago
The Russian Bear Unleashed: The Cyber Threat of APT28
-
CISO Blog1 week ago
The Dirty Little Secrets of Cybersecurity
-
CISO Blog2 weeks ago
Cybersecurity Tips for your Parents: Stay Safe Online
-
Strategy2 days ago
The Importance of Business Strategy: A Roadmap to Success
-
CISO Blog3 weeks ago
Australia’s War on the Scourge of Social Media