What are the best practices for threat and vulnerability in an online environment? If this is a question you haven’t asked yourself lately, you should.
Understanding the best practices for threat and vulnerability in an online environment is essential. Every time you get online, whether to check social media, post a selfie, or send an email, you are putting yourself and your information at risk. Even worse, with the advent of the smart home, where you live, all your devices in it are also at risk.
Best Practices for Threat and Vulnerability in an Online Environment: FAQ
Before you can understand what the best practices for threat and vulnerability in an online environment are, you need to understand more about these terms and why they are essential to know.
What is a threat?
In information security terms, a threat is an incident that can cause harm to your computer or device. Computer viruses are considered a form of online threat.
What is a vulnerability?
In contrast to a threat, a vulnerability is a known weakness that an attacker can use to gain access to your computer or device. A machine that is not up-to-date with the latest security updates is considered a vulnerability.
Who is really at risk?
You may be wondering to yourself: Am I at risk when I go online? Short answer: Yes. Long answer: Are you kidding? Of course you are! Even Mark Zuckerberg covers the camera and microphone on his laptop. He's a billionaire with infinite resources at his disposal, and yet he's still worried that he's not utilizing the best practices for threat and vulnerability in an online environment.
Think about some of the things that you do when you get online. You may do things like checking your bank account, read email, click a link your friend sent you on social media, and more.
In doing any of those everyday online tasks, you may have exposed yourself to an online threat. If you accessed your bank account or email via a free wifi spot, you could have inadvertently leaked your passwords. Links you click via social media may have sent you to an untrusted website that installed something via your browser without you knowing.
What do you need to secure?
Both computers and personal devices like smartphones are treasure chests of information for criminals. Computers and smartphones store a wealth of sensitive information like bank account numbers, passwords, and more.
Home wireless networks are ubiquitous, and an unsecured wireless network is akin to leaving a door or a window to your home unlocked. Just about anyone that wants to, will be able to get in via an unsecured wireless network. Once they are in, they can access anything connected to your home network.
Smart Home Devices
If you have a smart home device, you need to ensure your wireless connection and your devices are secured. Smart home devices allow you to turn on lights, set your thermostat, unlock your door, and even watch what is going on inside your home. Improperly secured smart home devices can give a malicious user unprecedented access into your home.
Understanding Online Threats and Vulnerability
Before you can understand how to protect yourself against online threats and vulnerabilities, first you need to understand what those threats are and how they work.
In information security terms, an attack vector is a method that a malicious user can use to gain access to your data. There are many different attack vectors that hackers can use. Common attack vectors include phishing and malware.
Phishing is a method where an attacker sends a legitimate-looking email that lures the victim to click on a link which may trick the victim into revealing sensitive information.
In a 2017 study by Ironscales and Crowd Research Partners, phishing accounted for nearly 90 percent of all successful cyber attacks.
Malicious software or “malware” is another common attack vector. Malware is software that is designed to perform a malicious operation on your computer or device.
A vulnerability is a weakness that a malicious user can exploit to gain access to data. Vulnerabilities can be software based, such as an application that transmits sensitive data in an unsecured manner. You can usually fix software-based vulnerabilities via software updates.
Hardware vulnerabilities, like the Meltdown vulnerability that leaves secure data accessible in Intel hardware, also exist. Since these vulnerabilities are based on the physical structure of the hardware, they may be more difficult to fix. In some cases, software fixes can help mitigate risk.
Common types of attacks
What types of attacks can a hacker launch through different attack vectors or vulnerabilities? There are quite a few, but some of the most common ones that you may be susceptible to are social engineering and trojans.
Gaining access to your sensitive information does not always have to happen entirely online. Hackers use social engineering manipulate people into giving them important data. Phishing attacks through email are a prime example of social engineering. Another example can be enticing people to click on a link on social media. (Next time, you may want to beware of that picture of cute puppies your Facebook friend is sharing!)
Named for the famous Trojan Horse, a trojan attack is a malware usually hidden in an innocuous-looking file like an MP3, image, or email attachment. Once downloaded onto your computer or device, the trojan can go to work.
For example, a trojan can create a backdoor to your computer, giving an attacker access to anything and everything. It could spy on you, logging keystrokes, website history, passwords, and more. It can then transmit this data to someone else who can use it to access your accounts.
A trojan can also deploy other attack methods like destroying data on your device or installing a bot onto your computer to passively send spam or other malware.
Best Practices for Threat and Vulnerability in an Online Environment
Now that we have covered what threat and vulnerabilities are, here are some of the best practices you can implement to help protect yourself and your data.
Use a Strong Password and Change it Regularly
Create a strong password that you can remember and change it regularly, about every three months. Strong passwords are ideally at least eight characters long, with upper and lower case letters, numbers, and special symbols like question marks and exclamation points.
If you find it difficult to make and remember strong passwords, using a password manager like LastPass may be helpful. A password manager remembers your passwords for you, keeping them encrypted so that only you can access them. Of all the best practices for threat and vulnerability in an online environment, this is the one that is most within your control and the most neglected. Don't be that guy.
Enable Two-Factor Authentication
Whenever an online account offers two-factor authentication, enable it. You will often find two-factor authentication on websites like Google and Microsoft, bank websites, video games, and more.
Two-factor authentication helps keep your information secure by verifying your identity using two different forms of authentication. That usually includes your password and a temporary, randomly generated number code. This number code typically comes from an authenticator from a phone-based app. Another way to get the code is through email or a text message from a provider.
Secure Your Home Network
Home networks are ubiquitous, thanks to the availability of high-speed Internet and multiple devices in a household that uses wifi. One of the weakest parts of a home network is also the most important: the router.
Wireless routers come pre-configured from the factory with default settings. These defaults make setup easy but are also a huge security hazard.
Always change your router’s default settings during setup. Be sure to change the router name, password, and also the default address and network address range. Heimdal Security has an excellent guide for further information on how to secure your home network.
Keep All Your Devices and Software Updated
Regularly updating your computers, smartphones, and other online devices is one of the easiest and most important ways you can help keep your information safe. Updates often include security patches which are code updates that fix any recently discovered vulnerabilities that the software may have. It is one of the easiest best practices for threat and vulnerability in an online environment to stay on top of.
Use Antivirus Software
For every online device you have, whether computer, smartphone, or tablet, install and use trusted antivirus software. Windows comes with its own antivirus program, Windows Defender, but there is also other antivirus software that you can download. Antivirus programs are also available for iOS and Android devices.
Do You Need an Antivirus for Mac Computers?
A common myth is: “Macs don’t get viruses.” However, the idea that Macs are somehow impervious to viruses is flat out wrong.
Computer viruses can infect any device, provided the device can run the program. The reason behind the myth that Macs do not get viruses is that viruses are usually for the far more ubiquitous Windows-based operating systems. It's a numbers game. Hackers program for the platform where their virus has the largest possible number of computers to infect.
However, as Macs continue to rise in popularity, so too has the number of viruses for Mac OS been rising. In 2018, Malware Bytes reported that there was a 270% increase in Mac-targeted viruses in 2017.
Strictly speaking, Macs do not necessarily need additional antivirus software according to Macworld, a leading Apple magazine. However, as the saying goes, an ounce of prevention is worth a pound of cure. It is better to invest in an antivirus for your Mac versus trying to clean up any damage done by a virus that somehow slipped past any preliminary defenses.
Turn Off Your Bluetooth
Criminals can gain access to your smartphone through an open Bluetooth connection. Once they gain access, they can do things like accessing your call history, download files, upload malware, or even gain access to your personal accounts.
The simplest way to prevent this type of unauthorized access is to disable Bluetooth while you are not using it.
Use a VPN When Connecting to Public WiFi Networks
Public wifi networks in coffee shops, airports, and other public places are very convenient for staying connected on the go. Unfortunately, public wifi is notoriously insecure and are havens for hackers looking for an easy target.
Use a Virtual Private Network (VPN) connection when you are using a public wifi network. A VPN encrypts your data while you are online, helping to keep your data safe from any prying virtual eyes. That is definitely one of the best practices for threat and vulnerability in an online environment.
Set and Secure
The best practices for threat and vulnerability in an online environment involve being aware of the existence of online threats and planning accordingly. In general, being safe online means being proactive about making your network and devices a less desirable target. It's like the old saying: You don't have to run faster than the zombie chasing you. Just be faster than the guy next to you. After that, employing common sense when it comes to where and when you share your information is another key to helping keep it safe.