11 ‘teammates’ to help you win your own cybersecurity game

Our lineup may seem heavy on the defensive side, but such is the nature of game plans for warding off a range of threats lurking in cyberspace

Our lineup may seem heavy on the defensive side, but such is the nature of game plans for warding off a range of threats lurking in cyberspace

We do realize that you’ve been caught up in the hurly-burly of the FIFA World Cup, but surely you have a few minutes to spare and peruse our roster of tips to stay safe online not only during the soccer spectacle. While you’re at it, recognize that no single player, no matter how stellar, is enough to put you on a path to success. In fact, being even one player short can be enough to trip you up. What should the pillars of your cybersecurity game plan be, then?

#1 A stitch in time saves nine

The year 2017 went down in history for many things, including two massive cyber-incidents – the WannaCryptor outbreak and the Equifax hack – that served up powerful reminders of the merits of swiftly squashing security bugs. Last year also saw the highest number of reported vulnerabilities, including those rated as critical.

Alas, this is not an ideal world and, truthfully, an operating system or even an application that is free from flaws is a pipe dream. However, in home settings, ensuring that automatic updates are enabled for your operating system and software is an effortless way to keep many attackers at bay.

Time is of the essence, too, since the release of a patch may set off a race against the clock. Within days – if not hours – attackers can reverse-engineer the update, identify the vulnerability, then craft (or save all the effort and just buy) an exploit that takes advantage of it.

True, this doesn’t address zero-day vulnerabilities that are exploited before a patch even exists. However, these types of incursions are far less common than the “boring” kind described in the previous paragraph.

#2 Prune your team

Fielding no-longer-needed software is tantamount to having a disgruntled bench-warmer who ends up sapping your team’s morale. Software that you hardly ever use or that has been supplanted by a “younger contender” can become a liability simply by increasing your attack surface. To further reduce the possible entry points for cybercriminals, you may also want to disable unnecessary and unused services and ports, and ditch programs that have a track record of vulnerabilities, especially of the zero-day nature.

To harden your browser, consider blocking ads and removing all but the most necessary of browser add-ons and plugins. Many web-based attacks co-opt these features to foist malware on internet users. While you’re at it, shut down the accounts that you no longer need and use your high-privilege, or admin, account only for administrative tasks.

#3 Practice strong password hygiene

One of the easiest ways to protect your online identities consists in using a long, strong and unique password or better still, passphrase, for each of your online accounts. It may well come in handy if your login credentials leak, for example due to a breach at your service provider – which, in fact, is far too common a scenario. Further, just as you’d never share your teams tactics with your opponents, you should never share your password with anybody.

If you’re like most people and find the need to remember many username/password combinations overwhelming, consider using a password manager, which is intended to store your passwords in a “vault”. It can also create nigh onto impossible-to-guess passwords. Or you can also try passphrases, which should be long, but generally are easier to remember.

#4 Look before you leap

Even if you have the most complex of passwords or passphrases, be mindful of where you input them.

On the internet, everything is just a click away, and fraudsters are keenly aware of that. In their pursuit of your personal information, they use social engineering methods to sucker you into clicking a link or opening a malware-laden attachment. Staples in cybercrime due to their effectiveness, phishing attacks direct you to websites that replicate their genuine counterparts. The next thing you know, the attackers wrestle control of your valued account away from you.

Much as with all sorts of tempting ads, ask the right questions before clicking, and verify that the sender and message are legitimate. A good rule of thumb is never click on a link or attachment that is unexpected or is bundled with a message that sounds too good to be true. Indeed, in many cases keeping your wits about you is a robust level of protection in and of itself.

#5 Add a factor

While using a single data item, e.g. login credentials, to authenticate to a system is practical, it still leaves something to be desired in terms of security. As a result, when aiming for secure accounts, you need to up your ante by using two-factor authentication, particularly for accounts that contain Personally Identifiable Information (PII) or other important data. The extra factor will require you to take an extra step to prove your identity when you attempt to log in or conduct a transaction. That way, even if your credentials leak or your password proves inadequate, there is another barrier between your account and the attacker.

Whatever its implementation – although, preferably, we’d recommend that you use something other than SMS-based 2FA – the added factor is well worth the effort wherever it is available.

#6 Use secure connections


When you connect to the internet, an attacker can sometimes place himself between your device and the connection point, especially over ubiquitous wireless connections. In order to greatly reduce the risk that such a man-in-the-middle attack will intercept your sensitive data while they are in motion, use only web connections secured by HTTPS (particularly for your most valued accounts) and use trusted networks such as your home connection or mobile data when performing the most sensitive of online operations, such as mobile banking. Needless to say, secure Wi-Fi connections should be underpinned by at least WPA2 encryption (or, ideally, WPA3 as soon as it becomes available) – even at home – together with a strong and non-default administrator password and up-to-date firmware on your router.

Be very wary of public Wi-Fi hotspots. If you need to use such a connection, avoid sending personal data or use a reputable virtual private network (VPN) service, which keeps your data private via the use of an encrypted “tunnel”. Once you’re done, log out of your account and turn off Wi-Fi.

#7 Hide behind a firewall

A staple in network security, a firewall is one of your key defensive players. Indeed, it is often thought of as the very first line of defense vis-à-vis the internet. It can typically be a piece of software in your computer, perhaps as part of anti-malware software, or it can be built into your router – or you can actually use both a network- and a host-based firewall. Regardless of its implementation, a firewall acts as a brawny bouncer that, based on predetermined rules, allows or denies traffic from the wild and woolly internet into an internal network or computer system.

In fact, a firewall can block outbound traffic, too. In so doing, it can help mitigate the risk that, for example, your computer will connect to a command-and-control server (C&C) operated by an attacker or that you will end up in an unintended place and lose your data in the process. However, no firewall will protect you from all kinds of attacks on its own, and you will need to take additional measures.

#8 Back up

A backup is the kind of player who doesn’t get much time on the pitch, but when he does get the nod, he can “steal the show”. True, we might have spoken ill of bench warmers earlier, but a reliable backup is definitely not the kind of player to spoil your team’s chemistry.

Your system cannot usually be too – or completely – safe from harm. Beyond a cyber-incident, your data could be compromised by something as unpredictable as a storage medium failure. A backup is an example of a measure that is corrective in nature, but that is fully dependent on how hard you “practiced”. Or, as Benjamin Franklin put it, “by failing to prepare, you are preparing to fail”. It will cost you some time and possibly money to create (time and time again) your backups, but when it comes to averting (data) loss, this player may very well save the day for you.

#9 Select security software

Even if you use your common sense and take all kinds of “behavior-centered” precautions, you need another essential addition to your roster. At a time when you’re pitted against attackers who are ever more skilled, organized and persistent, dedicated security software is one of the easiest and most effective ways to protect your digital assets.

A reliable anti-malware solution uses many and various detection techniques and deploys multiple layers of defense that kick in at different stages of the attack process. That way, you’re provided with multiple opportunities to stymie a threat, including the latest threats, as attackers constantly come up with new malicious tools. This underscores the importance of always downloading the latest updates to your anti-malware software, which ideally are released several times a day. Top-quality security software automates this process, so you needn’t worry about installing the updates.

#10 Mobiles are computers, too!

Much of this article’s guidance also applies to smartphones and tablets. Due to their mobility, however, these devices are more prone to being misplaced or stolen. It is also of little help that users tend to view security software as belonging in the realm of laptops and desktops. But mobile devices have evolved to become powerful handheld computers and attackers have been shifting their focus to them.

There’s a number of measures you can take to reduce risks associated with mobile devices. They include relying on a secure authentication method to unlock your device’s screen, backing up the device, downloading system and app updates as soon as they’re available (preferably automatically, if possible), installing only reputable apps and only from legitimate stores, and making sure to use device encryption if it’s not turned on by default.

A dedicated mobile security solution will also go a long way towards enhancing your protection from mobile threats. This includes a scenario whereby your device goes missing, so you are then able to use the suite’s anti-theft and remote-wipe functionalities.

#11 Be aware

The final team member is, in fact, you – the keeper. Stay vigilant and cyber-aware and educate yourself on safe online habits. Don’t ever say, “it won’t/can’t happen to me”, because everyone is a potential target and victim. Recognize that one click is enough to inflict major damage on yourself and others, and that breaking good security practices for the sake of convenience may come back to bite you worse than Luis Suárez did in 2014. After all, how secure we are is largely dependent on how we use the technology.

So there you have it. You may want to enjoy the soccer now.

Sign up to receive an email update whenever a new article is published in our Ukraine Crisis – Digital Security Resource Center