How to have strong cyberhygiene
Doros Hadjizenonos, Regional
Sales Director at Fortinet,
recommends ways to make
life difficult for cybercriminals
intent on stealing your data.
yberthreats do not rest; they
C
continue to evolve and bad
actors develop new attack
techniques. Good cybersecurity hygiene
requires more than a strong password to
avoid compromise.
The most important thing is to know how
exactly cybercriminals may attempt to
gain access to your data. They will try
the following techniques:
• Password spraying: A form of brute
force attack that targets multiple
accounts in which adversaries try
multiple guesses of the password
on a single account that often leads
to account lockout. With password
spraying, the adversary only tries a
few of the most common passwords
against multiple user accounts, trying
to identify that one person who is
using a default or easy-to-guess
password and thus avoiding the
account lockout scenario.
• Key logging attack: By installing
key logging software on the victim’s
machine, usually through some
form of email phishing attack, the
adversary can capture the key
strokes of the victim such as their
username and passwords for their
various accounts.
• Man-in-the-middle: Adversaries
insert themselves in the middle
of the user and the intended
website or application, usually
by impersonating that website
Doros Hadjizenonos, Regional
Sales Director at Fortinet
or application. The adversary
then captures the username and
password that the user enters into
the fake site. Often email phishing
attacks lead the unsuspecting
victims to these fake sites.
• Social engineering attacks: Attacks
such as phishing through emails and
texts, where users are tricked into
providing their credentials, clicking
on malicious links or attachments, or
going to malicious websites.
• Brute force attack: An approach in
which adversaries randomly generate
passwords and character sets to
guess repeatedly at passwords and
to check them against an available
cryptographic hash of the password.
• Traffic interception: Criminals
use software like packet sniffers to
monitor and capture the network
traffic that contains password
information. If the traffic is
unencrypted or using weak
encryption algorithms, then
capturing the passwords
becomes even easier.
It is necessary to have
passwords that are impossible to
forget and difficult for someone
else to guess. It might seem like
a good idea to add numbers
and special characters to words,
but cybercriminals can leverage
a number of attack techniques
to crack this. At Fortinet, we
recommend avoiding using
phone numbers, company
information, birthdays, names
including movies and sports
teams, simple obfuscation of a
common word (‘P@$$w0rd’).
Instead, use the following best
practices to secure your information:
• Change your password every
three months to decrease the
likelihood that your account will
be compromised.
• Leverage unlikely or seemingly
random combinations of uppercase
and lowercase letters, numbers
and symbols, and make sure your
passwords are at least 10
characters long.
• Use a password manager to generate
unique, long, complex, easily
changed passwords for all online
accounts and the secure encrypted
storage of those passwords either
through a local or cloud-based vault.
• Do not use the same password for
multiple accounts, this increases the
amount of information a cybercriminal
can access if they are able to
compromise your password. u
intelligent SOFTWARE SECURITY
www.intelligentciso.com | Issue 27
61