Five Basic Plays To Help Prevent Cybercriminals From Gaining Access

No time to read? Listen to this article here:



I run the Dark web, according to my mother. When you’re pretty much the only hacker your family knows, you become the number one suspect in every data breach they find themselves in. If you’re a cybersecurity professional, then you probably know what I mean too.


Occasional fantastical superstitions people engendered in regards to the scope of my perceived abilities were ultimately on par with the fears harbored by the Justice Department about Kevin Mitnick, when they thought that if he had access to a payphone, he could transmit nuclear launch codes into the North American Aerospace Defense Command (NORAD) simply by whistling into the mouthpiece. The point is, it is much more productive to maintain focus on your own cybersecurity practices and avoid speculating regarding the hackers' near-mythical abilities, fueling the paranoid “witch hunt” type mindset of the 1600s.


The most important aspect of cybersecurity for the everyday person is not cultivating worries and anxieties over what we think hackers are capable of, but rather, fortifying our online accounts to better protect our personal data, which is a proactive mindset centered in sober realism. Online threats will not disappear. But, through individual awareness and basic cybersecurity and privacy hygiene, we can be ready to face most circumstances that may occur due to the persistent efforts of malicious actors.


Some individuals, even seasoned professionals in the Information Security arena can falter in hardening their security practices by inadvertently creating chinks in their own online armor, oftentimes because they find themselves flustered by creating so many unique and complex passwords, and opt to reuse the same (and, perhaps, even secure) password under the assumption that their digital assets will not become compromised. It's called being human.


Anyone's guard is down at times, regardless of their level of experience. But once the proverbial kingdom falls into enemy hands because we left the gate wide open, we still blame the invading force for conquering the castle.


If you leave the keys in the ignition and your car gets stolen, most people are going to say that it was foolish to assume it wouldn’t get stolen. We live in an imperfect world where both crime and injustice happen more than occasionally. Perhaps, one day this will change and we'll find ourselves living in a utopia; but until that moment, let's lock our vehicles. And let's get serious about our online security by using (at least) these 5 basic methods.


One Email To Rule Them All? Never!


It's vital to never use your main personal or business email to subscribe to third-party sites. Cybercriminals can target these sites by probing for vulnerabilities in their servers and obtain your credentials, and remedying this is completely out of your hands. Once your sign-in information is in the hackers' hands, they may gain the ability to access your email and begin scrolling through any messages within that are linked to other sites and accounts, creating an inexhaustible string of intrusions at your expense.


To help remedy this, create a junk email account, using a password you do not use anywhere else. Use this account to subscribe to whatever third-party websites or services you need; if the third-party sites become compromised, your personal or business email accounts won’t be affected. Isolating sensitive accounts in this manner creates a level of insulation from compromised third parties.


Frustrate Hackers By Using 2-Factor Authentication


Use 2-Factor-Authentication (2FA) on all of your accounts and configure them to require your phone to send you a notification in the event of an unauthorized login attempt. Let’s say a cybercriminal has just managed the steal your email or Facebook credentials from some vulnerable third-party website. When the intruder attempts to use your credentials to sign in to Facebook, they will be stopped by a 2FA checkpoint, requiring the attacker to have physical access to your device or to implement a more sophisticated intrusion method, requiring a knowledge and skillset most common garden-variety scammers are not privy to. In turn, you will receive a notification of the attempt to access. I cannot stress the importance of 2FA enough.


Only a very skilled hacker might know how to circumvent 2FA, and even then they will likely only attempt it if it’s worth the time. 2FA is not tamper-proof, but it eliminates a large class of unskilled hackers and scammers from gaining unauthorized access, limiting the attack to social engineering in order to obtain password reset information, brute force attacks, et cetera. In the words of the late John McAffee, “Hackers rarely have full knowledge of the technology stack of a target.


Prevent Sneaky Intercepts By Using a Virtual Private Network


VPN’s will secure your internet connection by utilizing public-key encryption. If you like reducing your cellular data traffic consumption by using public WiFi hotspots, your chances of an intruder intercepting the communication between your device and the internet increase exponentially.


I used to be that guy (in the black hoodie) sitting in the back of the local coffee shop, intercepting and analyzing data traffic from every device connected to the wireless network. What's worse is that our presence isn't always so obvious. Try to avoid making purchases or input your credit card information into forms on the internet unless your connection is secured by a VPN, especially when using public WiFi. By hiding your originating IP address, attackers will only see the IP address assigned to you by your VPN - you can even choose a country of origin. I often use a VPN from the Netherlands.


We’ve Told You Before: Use Better Password Practices


Don’t fall into the lazy habit of reusing the same password for everything. Just don’t even think about it. I made this mistake a long time ago and lost access to pretty much everything that was important to me because the intruders locked me out of my accounts. If I had followed the advice in this article, I would still have all my accounts intact, and not be that guy who’s too embarrassed to tell all his infosec friends that I cannot access my own accounts anymore.


In a user behavioral study conducted in 2019 by Google, it was found that as many as 65% of individuals prefer to reuse the same password across multiple accounts. In a study conducted last year by Infosecurity Magazine which consisted of 1353 participants, 45% of respondents did not consider reusing passwords to be a serious issue.


To spell it out: if you reuse the same password everywhere and an intruder obtains it, every account linked to the initially compromised one can be accessed like walking through an open door. Choose lengthy alphanumeric passwords containing special symbols and utilize a password manager, such as LastPass, if you’re having problems remembering which password goes where.


Why is My Friend Asking So Many Personal Questions?


So you’ve turned your proverbial castle into a fortress. However, John McAffee left us with another useful nugget of wisdom, “Social engineering has become about 75% of an average hacker's toolkit, and for the most successful hackers, it reaches 90% or more.”


Even though you’ve hardened your security, you need to focus on an additional layer, which, of course, is social engineering. Here is a scenario to consider: the Facebook account of your family or close friend ends up getting compromised, and all of a sudden your “friend” is asking a lot of personal questions and sending you links. If you begin receiving communication from someone you know that appears uncharacteristic, verify to determine if the account has been compromised - call that person, or meet with them. That’s a sure way to establish verification.


Recently, I received a handful of fake job offers and interviews from scammers over Facebook Jobs and LinkedIn. The interviewer was not very interested in my qualifications, but much more interested in my answers (or lack thereof) to very direct personal questions that were not appropriate at this stage of the employment process, which should always be done over the phone or in person.


Divulging personal information from what appears to be a trusted source is one of many tactics used by scammers and cybercriminals in general. If something doesn’t feel right, chances are, it isn’t. That is why if you are dubious about someone's increased interest in your persona, or an unsolicited offer, verify it through as many credible sources as you can. Your personal information can be used to bypass security questions, access personal accounts, and ultimately cause a breach of privacy and loss of data, as well as, ultimately identity theft.


Remember: don't be afraid of the unknown. Instead, be informed through what you can learn so you can be at ease, knowing you have done what you can to lock down your castle and keep the enemies at bay.


An article by

Jesse McGraw


Like this content? Subscribe to our newsletter to get weekly cybersecurity insights and top news - straight to your mailbox!

29 views0 comments