CyberSecurity Hygiene

What is CyberSecurity?

Cybersecurity or information technology security is the understanding and focus of protecting and securing a network or system including its assets.

Malicious actors, otherwise known as attackers have a focus on disrupting and destroying computer systems and networks from regulatory continuity. Malicious actors have a wide range of motives and ideologies that drive their actions. Some of these may include financial gains, political beliefs, grudges, and even just purely for chaos in the world.

Understanding Basic Risk Concepts

When it comes to cybersecurity hygiene, it is important to first understand what exactly is the danger? How can danger be classified? How would you define something as dangerous?

Typically, cybersecurity follows the CIA triad. The CIA triad is a famous framework that can be used to help describe the three fundamental goals of data protection. (in other words, your privacy!)


Additionally, here are some common vocabulary words you may hear when it comes to security made simple. These can help categorize different ideas of what security:

How can I practice good CyberSecurity hygiene?

Now that you understand what is CIA and some basic risk concepts, it is important to understand how can you implement good practice so that you keep your digital assets safe from threats. These are things you can do right now in order to be safer than you were before.

Strong Passwords and Password Managers

Having strong passwords, passwords that include multiple different characters, upper, lower, number, and special can greatly decrease the likeliness of your password being bruteforced. Password bruteforcing is a type of attack that is done by malcious attackers who use software to try multiple attempts in order to crack your password. Tools including John the Ripper and rainbow tables are often used. Using strong passwords means there are more options that a attacker must go through before correctly cracking the correct one.

Now that you have strong passwords, it maybe difficult to memorize those 12-14 character long passwords for the multitude of websites and logins you are registered for. In order to easily access these passwords without having to write them in a unencrypted notepad or text file, you can safely store them into a trusted password manager. Some popular examples include Bitwarden and 1Password. These software applications are responsible for helping users manage passwords securely. Passwords are stored in a central location and can only be accessed through a master key. Benefits from using password managers include increased security, convenience, and time-saving with autofill options.

Frequently Update Software (antivirus software)

Threats and vulnerabilities aren’t just static and come once a month. They are frequently updating. Malicious attackers are hard at work finding the next best way to bypass current versions of security in order to access data. It is important to regularly update security patches that help address known vulnerabilities and threats. Although it maybe tedious and annoying, this is one of the best ways to stay ahead of attackers. In 2019, there was a vulnerability discovered in Apple’s iMessage service. Attackers have found a vulnerability that allowed them to gain remote access by sending a message. Apple was quick to release a patch to fix this issue. However, if you stayed in the previous patch because you were “lazy”, you still would have been left vulnerable to this attack, even though a patch was released. (CVE-2019-8646) Additionally, using a third-party anti-malware device might provide additional coverage because they specialize in detecting, preventing, and removing various types of malware from your computer system. Some popular examples include Norton360 and Malwarebytes.

2FA (Two Factor Authentication)

Have you ever tried logging in with your username and password and you get redirected to another page that informs you to either scans your face-id or answer security questions? This is a security measure called two factor or multi-factor authentication. MFA is an important practice to follow because it prevent hackers from accessing your assets even if your password is revealed. The attacker would need multiple forms of authentication in order to get access to your data. However, if you have two forms, one password, and one biometric (for example), it can be much difficult for attackers to gain access to both in order to access the information they are looking for.

Back Up Your Data

Backing up data is an important part in maintaining proper security hygiene because it can help reinforce data loss prevention as well as protection from ransomware attacks. A ransomware attack is a type of malicious attack that infects a computer and encrypts the files on the system, making it hard to impossible to access. The attacker usually bargains the user with a lumpsum and a timer in order to regain access to the data. With all your data encrypted, and a cryptic timer counting down, your only choice is to pay the large sum in order to regain your access right? Not exactly. Having a backup of your data can allow you to safely wipe your system clean or download a previous snapshot or master image of your operating system, giving it a clean start. Having the data backed up in a external drive can prevent your data loss, allowing you to redownload everything on the drive. It is important to regularly backup the data and use strong passwords to provide encryption from any access to the drives.

Awareness of Phishing/Social Engineering Attacks

Another important concept to keep in mind is phishing attacks. No not fishing, although they do have some similarities. A phishing attack is a common attack that helps attackers gain a leverage or entry point to a system. A phishing attack occurs when an attacker tricks a user into providing sensitive PII. A phishing attack can start when a user accidentally clicks on a link or even opening up a file. Phishing has similarities to fishing because it uses suspicious links and unexpected emails with files attached to bait the user to clicking the links. Having awareness and educating yourself about how phishing attacks are constructed can help prevent a large majority of phishing attacks. Some common things to look out for in phishing attacks through email include: