CrowdStrike Completes Acquisition of Preempt Security

Preempt Blog

The latest insights and advice to keep your company protected from insider threats and breaches

Guard your identity! If you connect it, protect it.

8 Home Tips for Cybersecurity Awareness Month

Cybersecurity is for Everyone – especially your toys
We in the identity security business are constantly obliged to point out that over 80% of data breaches involve stolen or compromised credentials and logins. Preempt works with enterprises to secure their identity stores and try to establish a state we call zero-trust across their whole organization, encompassing all their apps, services, portals, and everyone who works there.

October is cybersecurity awareness month in the USA, so we would be remiss if we didn’t take some time to address all your end-users too. This is a chance to remind everyone to be responsible for your own identities and security.

Let’s talk about what the average citizen needs to know about zero trust, and how they can be a part of it for everyday living. Zero Trust is a security concept centered on the belief that organizations should not automatically trust any service, user, or program inside the network or in the cloud. Instead, they must verify anything and everything as being the real deal before granting access and sharing information. Let’s take that into an idea for an individual user: Trust no one. Especially your phone and email.

That’s super hard, right? We live our lives on our phones. But there are some basic security steps that a user can do in the zero-trust spirit, and I’ll lay them out for you.
1) Update your equipment. Yes, whenever possible you should let your operating system and apps do the automatic update options. This means to get to working WiFi and let your phone do the update, let your tower and laptop do their updates when you’re done for the day (after you’ve saved everything, of course), and know what in your house are other smart devices.

2) Update your equipment. Yes, I said it twice because there’s a second category some of you may have that you don’t think of as quickly! This is your reminder to update the harder stuff. Do you have a home security system? Do you have home cameras? Do you know how to look at their interface or website to see if they have updates? Have you updated your Alexa? Have you updated your ADT security system? Whatever smart devices you have all need to be updated, and there may or may not be a mechanism to do it automatically for them. If you put a calendar reminder for yourself to Update my Weird Stuff and have a list all in one place, it will be a good reminder for you. Not ever smart device updates itself. Maybe something went wrong with the WiFi when it tried – hiccups happen with everyone working from home, right? Trust no one and nothing and verify that updates happened.

3) If your bank, Netflix account, or any other major website you visit regularly offers you the option to add a phone number to double-check your account – take it. Adding multi-factor authentication (MFA) can be the difference between you enjoying your movie and twenty people around the world enjoying it while you get shut out. If you’re shaky about handing out your phone number for this purpose, don’t be. Your financial institution has security on their mind, and anything you can do to secure any site which has your credit card in the system deserves your support for enabling MFA.

4) There are a lot of companies that are really pretty good at security, who have spent a lot of money, people, and processes trying to get to a state of zero-trust on their own. No security is ever perfect, because security is not a static thing. In general, it’s a bad idea to share credentials used by Twitter, Facebook, and others as your authentication mechanism into other sites.

   • How to check what apps you authenticate with Facebook
• How to add (or remove) apps authenticated on Twitter

5) Get a password keeper if you are having problems remembering which password goes where – PC Mag has some reviews.

6) Your phone is a flirt. That’s right. Bluetooth is a promiscuous setting when on, and there have been many different hacks that have used it. BlueBorne. Knob. Bias. Seriously, you can find lists of them here. You can drive around with your phone paired to your car speakers all you like – just turn off the BlueTooth before you go into the coffee shop, airport, or other public WiFi location.

7) If your credit card company is the sort to want to know when you travel, by all means, tell them on their site when you are travelling. This will prevent credit card refusal at a time of sale, as well as help them identify fraud faster if one of the previous methods of zero trust were unsuccessful, and your account was stolen.

8) Never. Ever. Ever. Trust any email that comes to your inbox from Microsoft, IBM, the IRS, or any large company or government organization that tells you that your account has issues and you need to log in and change something – especially when they thoughtfully provide you with a link. Believe me, none of these organizations wants to send you something telling you that your account needs review. Ever. If you get Phishing attacks on your phone saying something is wrong with your account, let the FTC know here.

9) For that matter, did you know that you as a concerned resident can report things to the FBI? The FBI has divisions of people that professionally track and try to shut down scammers, hackers, and fraudsters. You read about them in the paper sometimes – this is where they start gathering data. From you, a simple individual who is figuring out what zero trust means. Learn more about how to reach the FBI here.

There are folk out there who say, “Privacy is dead, so why bother trying?” I’m half-convinced that some of those repeating this message are bots from hacker organizations that want to convince you not to prioritize security in your life. Don’t let the hackers win without a fight.

 

Topics: Active Directory, Identity, October Cyber Security Awareness Month, Zero Trust,

Posted by Jeannie Warner on October 7, 2020 8:45 PM

Product

Brute Force Attacks: Denying the Attacker, Not the User

According tohaveIbeenpwned.com, close to 8 billion accounts have been compromised...

Read More

Developer

What State-Sponsored Attacks Can Teach Us About Conditional Access

People often think that state-sponsored attacks from groups like Lazarus...

Read More

Events

A Simplified Approach to Network Segmentation

Network segmentation has long been one of the most valuable tools for protecting ...

Read More

Research

10 Things You Need to Know About Kerberos

As our research team continues to find vulnerabilities in Microsoft that bypass all major

Read More

Product

Brute Force Attacks: Denying the Attacker, Not the User

According tohaveIbeenpwned.com, close to 8 billion accounts have been compromised...

Read More