It is a new year and one of your New Year’s resolutions is to have better cyber security this year.
There are many opinions running around the internet on what to do and what not to do when it comes to hot topics like passwords, firewalls, anti-virus etc. It can be hard to know what the right course of action is when it comes to being secure and running your business. So, let us investigate some of the cyber security falsehoods that lurk online and debunk them one by one!
I Do not need Anti-Virus because I have firewalls.
False–
Firewall’s monitor incoming and outgoing content from your computer network. However, it works best when connected with antivirus. Firewall protection double checks every file or data that you send from your computer through the internet. This also includes any files or viruses you may receive through files or emails. This can also help protect you from phishing scams too.
Anti-Virus software works by scanning directories and files for malicious patterns that would allow it to find the presence of malware. It will then remove any malicious software. Depending on the software you use, it may do this in the background, or it may notify you first before removing. Anti-virus software will also encourage you to schedule scans on a weekly basis to ensure that your computer is staying safe.
There are several diverse ways that these programs can detect viruses and malware.
Originally, antivirus software depended on signature-based detection to flag malicious software. Antivirus programs depend on stored virus signatures — unique strings of data that are characteristic of known malware. The antivirus software uses these signatures to identify when it encounters viruses that have already been identified and analyzed by security experts.
Signature-based malware cannot detect new malware, including variants of existing malware. Signature-based detection can only detect new viruses when the definition file is updated with information about the new virus. With the number of new malware signatures increasing at around 10 million per year as long ago as 2011, modern signature databases may contain hundreds of millions, or even billions, of entries, making antivirus software based solely on signatures impractical. However, signature-based detection does not usually produce false positive matches.
Heuristic-based detection uses an algorithm to compare the signatures of known viruses against potential threats. With heuristic-based detection, antivirus software can detect viruses that have not been discovered yet, as well as already existing viruses that have been disguised or modified and released as new viruses. However, this method can also generate false-positive matches when antivirus software detects a program behaving similarly to a malicious program and incorrectly identifies it as a virus.
Antivirus software may also use behavior-based detection to analyze an object’s behavior or potential behavior for suspicious activities and infers malicious intent based on those observations. For example, code that attempts to perform unauthorized or abnormal actions would indicate the object is malicious, or at least suspicious. Some examples of behaviors that potentially signal danger include modifying or deleting large numbers of files, monitoring keystrokes, changing settings of other programs, and remotely connecting to computers.
Rosencrance, L. (2017, August 28). antivirus software (antivirus program). SearchSecurity. https://searchsecurity.techtarget.com/definition/antivirus-software
You must change your password every 30 days.
False-
Face it, even with this rule in the back of our minds we never do it. Why? Because it is exhausting, it is hard to remember all our different passwords all the time. Changing it every 30 days (about 4 and a half weeks) can feel daunting. Well, the good news is you do not always have to.
But before we move forward, let us look at some statistics and see what they have to tell us.
- At least 60% of people reuse passwords across multiple sites regularly.
- A terrifying 13% of people use the same password for all passworded accounts and devices.
- An estimated 81% of data breaches are due to poor password security.
- Although 91% of participants in a recent survey understand the risk of password reuse, 59% admitted to doing it anyway…
- Compromised passwords are responsible for 81% of hacking-related breaches.
- The average person reuses each password 14 times!…
- 59% of Americans use a person’s name or family birthday in their passwords
- 33% include a pet’s name
- 22% use their own name
- Agent, I. D. (2021, May 15). 10 Facts About Passwords to See Before You Make Another One. ID Agent. https://www.idagent.com/blog/10-facts-about-passwords-that-you-need-to-see-now/
Passwords keep our precious information out of the hands of the wrong people; however, that old trusty password – you know the one – Ilovemydoggabby06, may not be the best thing you could do for your internet security.
You should change your password every 60-90 days? Yes, you can do this, changing your password can and will help keep you secure. But here are some key points to help you improve your password security.
- Your passwords need to be different.
This can be very daunting and exhausting, it is easier to just have the same password all around. However, you are creating the perfect storm for a hacker to access your information. Our suggestion would be to find a password generator, password generators will help you create a secure password for each site you log into quickly and efficiently.
Our security is constantly under attack, whether it is from companies we trust our information to, or people we trust our accounts to. With our passwords constantly being exchanged over all sorts of networks, it makes sense that our passwords lose their strength very quickly.
- Password Managers.
However, downloading a password manager is often the best way to keep you secure. Password managers keep all your passwords secure in one place, a quick and effortless way to gain access to your password quickly. Password managers can also alert you when your password needs updated and help you quickly create a new secure password within seconds. You want to have one very secure password for this password manager, you do NOT want to use a password you have used anywhere else before.
I don’t need 2fa for everything.
False –
Two factor authentication may seem more complicated than it is, 2fa is often quick and secure for most users. Setting up 2fa for devices means providing several forms of contact, such as email, phone, or other electronic devices. 2fa uses these devices to have multiple ways to confirm that the person accessing your account is you.
- Through a text message code.
This is a quick and easy way to get started with 2fa, though you should follow other safety steps to ensure further security. Though SMS 2fa is the most common form of code sent through SMS. However, it can easily be compromised by hackers. Especially if your phone is lost or stolen.
- 2. Biometrics.
This encompasses a couple of different things, from facial recognition to a fingerprint, not all that different from putting your fingerprint into your smartphone. Your face is not something that can be duplicated or faked like a password or by answering security questions. This brings a level of security that surpasses most security precautions.
- A physical key.
Now you might be thinking I’m crazy, isn’t this a little old school? A Pirate with a treasure chest key? Well, your security is a treasure that many hackers would like to get their hands on. Having a Security USB key that you keep with you at all times on your key ring could be the only thing that keeps a hacker away from your business. Even if a hacker makes it through your 2fa and passwords, without the USB security key, they cannot go any further.
Finding the right security key for you will take some research. There are many different favorite USB security keys out there with their own features and options. This article from review geek gives us a few things to consider when searching for the right security key for us.
- Price and Setup: Security keys have a fairly narrow price range, typically between about $20 and $50, so you don’t have to worry about dropping a few hundred bucks on one or anything. The keys should also be super easy to set up and use on demand.
- Device and Account Compatibility: Every hardware key is not created equal. Some connect to your computer via USB-A or USB-C, while others only support Apple’s Lightning ports. Newer options can even support Bluetooth and NFC, making them compatible with smartphones. Make sure that the key you choose will work with all the devices you want to use it on, from macOS and Windows to Android and iOS.
- Durability: Because a security key is something you’ll potentially be using every day, it’s critical that it has a durable design made of high-quality materials. The metal connectors that connect with those in your device’s USB port should be sturdy enough to stand up to thousands of uses. The best security keys can withstand being dropped (or having something dropped on it), and are water-resistant, too. Humphries, S. (2020, December 8). What is a USB Security Key, and Should You Use One? Reviewgeek. https://www.reviewgeek.com/63448/what-is-a-usb-security-key-and-should-you-use-one/
A VPN is safer.
This is not really a true or false answer because it just depends on the kind of VPN you get.
Finding the right VPN for you might seem like a daunting task; so many different companies offer their VPN services for varying prices and different services. There are even a few places that will offer “free” access to VPNs. However, here at Astoria, we like to say that you get what you pay for in the technical industry. We recommend avoiding free services, especially where security is involved, if you can.
A good VPN service will be very transparent to the end user and provide clear communication as to how the information is being encrypted. Good VPN services should use the latest in encryption and security technologies.
What does A VPN hide?
What are some of the things a VPN can offer you? A VPN can hide a lot of personal information that can put your company at risk. Here are a couple of ways that VPN’s can help protect you.
- Your IP address.
If a hacker captures your IP address, they can access what you’ve been searching on the internet and where you were located when you searched. This could include sensitive bank information or even secure documents that you do not want anyone but the right people to see.
Since a VPN uses an IP address that is not your own, it can help maintain your online privacy and search the web anonymously and securely. You are also protected against having your search history viewed or sold.
- Browsing History.
When you go on the internet, your internet service provider and your web browser can track and document everything you do online. Most of the websites you visit will also keep a history of you. Web browsers can easily track your search history and link that information to your IP address.
You may want to keep your browsing history private because what you search can be saved and used to send you targeted advertisements or mislead to you believe the prices you are looking at are the best ones available when that may not be true.
Your internet service provider may also be selling your browsing history.
- Your devices.
A VPN can help protect your devices, including desktop computers, laptops, tablets, and smart phones. Accessing the internet on your device can open your devices up to be targeted by hackers, you want to be cautious with open Wi-Fi networks. A VPN can help secure your devices from hackers.
A VPN connection disguises your data traffic online and protects it from external access. Unencrypted data can be viewed by anyone who has network access and wants to see it. With a VPN, hackers and cyber criminals can’t decipher this data.
Secure encryption: To read the data, you need an encryption key. Without one, it would take millions of years for a computer to decipher the code in the event of a brute force attack. With the help of a VPN, your online activities are hidden even on public networks.
Disguising your whereabouts: VPN servers essentially act as your proxies on the internet. Because the demographic location data comes from a server in another country, your actual location cannot be determined. In addition, most VPN services do not store logs of your activities. Some providers, on the other hand, record your behavior, but do not pass this information on to third parties. This means that any potential record of your user behavior remains permanently hidden.
Kaspersky. (2021, February 9). What is VPN? How It Works, Types of VPN. Www.Kaspersky.Com. https://www.kaspersky.com/resource-center/definitions/what-is-a-vpn
Navigating cyber security can be a bit of a challenge, but here at Astoria we have made it easier for you to gain access to better security.
If you want help building a cyber security network to protect yourself and get the most coverage for your device’s, check out Astoria’s Uptime package.
Astoria offers a variety of protection in the Uptime package such as, Quarterly or Monthly maintenance, Anti-Virus Software, Real Time Monitoring, Help Desk Support, Remote Login Support, Data Backup, Anti-Virus Support, Live Chat Support and Discounted hourly rate on, any other project around your home or office. You can check out prices and packages here.