Basic Cyber Hygiene, Part 2
This is the second part of a series about basic cyber hygiene. Cyber hygiene is comprised of best practices that users can take to improve their security online. The first part deals with passwords, 2FA, updates, and social engineering. Here are some additional tips for maintaining good cyber hygiene:
Secure your email account
Almost every service available on the internet requires an email address in order to register for it, and email addresses are typically used for password recovery. If a hacker took control of that email account, they could reset the passwords for all of the accounts registered with that email address. In the worst case, they could gain access to accounts filled with extremely sensitive information. If you used one email account to register for everything, that account should be kept as secure as possible. In many ways, it would be like having a master key; if that key gets stolen, you lose everything. As discussed in the first part of the series, you should protect your main email account with a strong password that is not used anywhere else. You should also consider using 2FA to protect your main email account, or at least, the email account(s) used for accessing extremely sensitive information.
Following cybersecurity best practices can help prevent your IT infrastructure from being compromised. Preventing an incident is easier than repairing a damaged IT infrastructure and restoring a damaged reputation. However, it is still a good idea to have a backup plan in case important data is lost due to an accident or a malicious attack.
Backups are copies of important data stored in a location other than the location that the data is typically used. One example would be storing files into a flash drive that is kept separate from your main computer. If something bad happens to your computer—theft, ransomware, physical damage, etc.—your important files are still safe. Backups are especially useful for recovering from ransomware. Organizations victimized by ransomware are tempted to give in to the attacker’s demands because they want to resume business operations as soon as possible. Work cannot be done if all the important data has been encrypted, and organizations are pressured to pay ransoms for the sake of their clients. However, organizations can restore their infrastructure without paying ransoms if they make backups.
On February 9, 2021, renowned video game company CD Projekt Red announced that they had fallen victim to a ransomware attack, and that some of their devices had been encrypted. Rather than give in to the attackers’ demands, CD Projekt Red recovered by using backups. Consider reading our two part series about backup policies to learn about different strategies for making backups. It should be noted that backups should be stored in a location separate from where the original files reside. If you make a backup of some important files in a computer, and then store that backup in the same computer, the backup would be just as vulnerable as the original files if the computer is struck by ransomware.
Be mindful of what you download
All sorts of amazing software can be downloaded from the internet. However, all sorts of malware can be downloaded too. Trojan horses, also just called Trojans, are harmful malware disguised as or hidden within useful software. The name is based on an ancient story in which Grecian soldiers hid in a giant wooden horse presented to the city of Troy as a gift, and after the horse was brought into the city, the soldiers emerged during the night and opened the gates for an invasion. The same concept applies to computer Trojans. The malicious payload of a Trojan can be anything. It can be a keylogger, which secretly records what the victim types, including login credentials. It can be a cryptojacker, which turns the victim’s computer into a cryptocurrency miners for the attacker. It can be ransomware that encrypts all of the victim’s files and charges a fee to decrypt everything. It can be a backdoor—which, like the opening of the gates of Troy—allows for bad actors to remotely enter the victim’s system to do further damage. Sometimes a backdoor is used to plant the really damaging malware, such as ransomware.
It is common sense that one should not download anything from incredibly suspicious websites, or download suspicious things from otherwise trustworthy websites, but sometimes users are tempted by things that are too good to be true. One example was provided by Tilly Travers of Sophos. The Sophos Rapid Response team investigated an incident in which “a European biomolecular research institute involved in COVID-19 related research” was attacked with Ryuk ransomware. The research institute works with university students who can “connect into the [institute’s] network via remote Citrix sessions” without 2FA. One student wanted a personal copy of a software tool used by the research institute, but it was too expensive, so they downloaded what appeared to be an illegal cracked version that could be used without purchasing a license. However, unbeknownst to them, it was actually a Trojan that contained a keylogger. Windows Defender warned them that it was possibly malware, but they installed it anyway. Their network login credentials were harvested, and the attackers used them to connect to the research institute’s network to plant the ransomware. The carelessness of just one employee can bring down an entire network. Employees should be advised not to download illegitimate or otherwise suspicious software onto computers connected to their corporate network, including their own personal computer.