We have often stated that the human element is always the biggest cybersecurity risk. This is because, in spite of many digital defenses, any system can be circumvented by tricking a legitimate user. This is a very dangerous thing because it represents a security hole that can never be closed. At least, it can never be fully closed. However, it is definitely possible to make that security hole a lot smaller. Here is a quick guide that should help you to do just that.
Education Is The Key
We can boil this entire topic down to one statement of fact: A well-educated person is a lot more difficult to trick. When cyber attackers use “social engineering” methods like phishing and such, they are basically looking for someone who is ignorant. They look for people that have a limited grasp of technology and who don’t understand common paths of attack. As a general statement, a greater degree of education about cybersecurity is always going to make someone less vulnerable to cyber attacks.
Of course, we don’t want to stop with a general statement like that. You deserve a little bit more specific information, so let’s go over some of the key concepts that you have to understand as you begin learning about this large and intimidating subject.
Be Careful Of Unsolicited Links
Although you might think of hackers as being very smart, most of them use simple tricks like the use of “boobytrapped” links. Anyone can do this, especially if someone else shows them how it is done. In fact, there are free services on the internet that are specifically intended to capture someone’s IP address. If someone is threatening you online, you can always trick them into clicking on a link to such a capture site. This is an example of how you can use phishing as a defensive tool, and it gives you a good idea of how easy this trick can be.
Go ahead, try it for yourself. Just follow the instructions on the page linked above, and you can test this little trick. Now, it might seem odd that we are basically telling you how to phish someone, but this information is only presented for educational purposes. That isn’t an excuse to keep us from getting sued, either…It’s just a simple fact. Only by understanding the threat can you learn to diligently recognize that fact. The whole purpose of this little exercise is to teach you one important lesson: Links can often be a trap. Some of the worst cyber attacks on record began with the use of simple tricks like this one.
Mandate A Strong Password Policy
Weak passwords are another way in which human error can create a huge gap in your online armor. There are programs that can crack passwords (usually called “brute force” hacking) by using many failed guesses. The program learns just a little bit from each failed attempt, and the whole password can eventually be unlocked. However, you need to understand the time frame about which we are talking. A strong password can take years to crack, which means no hacker is going to do that. Weak passwords, however, can often be cracked in minutes or even seconds.
Go ahead and try it for yourself. This website will allow you to test any password and see how long it would take to crack. For example, let’s put a random date into the field…how about 10081980? A lot of people use their birthdays, so this is a good test. According to our test site, this one would take almost two days to crack. That is well within the capability of a good hacker because they don’t have to crack the whole thing at one time. A good password should be:
- 18-20 characters
- Both upper and lowercase letters
- Both letters and numbers
- At least one symbol
A few rules about physical password security:
- Do not record passwords anywhere on your phone or computer
- If you record them on paper, keep the paper at home
- Never use software that gathers passwords
- Never tell anyone your password for any reason
Make Sandboxing A Policy
There are times when you encounter something suspicious, and yet you need to open it anyway. If nothing else, you may need to open it so that you can confirm its legitimacy (or lack thereof). But, how can you do this without potentially infecting your system? Sandboxing provides a convenient solution for this situation.
Sandboxing allows you to create a virtual replica of your system, almost like a mirror image. This virtual system will be completely separate from your physical system, and thus, your physical system will not be affected by anything that happens within that virtual environment. Thus, if you do get the virtual system infected, it is no big deal. You can just delete the virtual system and create another one when necessary. You can use software like Sandboxie or Virtualbox to make this whole thing easy.
What About AI-Based Solutions?
AI-based cybersecurity solutions are already beginning to pop up, and it looks like they will become a well-established part of the business. However, you should think about this: Which is easier to fool: A human or a computer? In most cases, a computer is much easier to fool than a human. There are many cases in which people have manipulated AI chatbots and weaponized them, and this just goes to show that you should have multiple layers beyond AI. At best, it makes a good sentry for those times when you are absent.
The human element is not an easy one to address because it requires both education and due diligence from all involved. Hackers know that people are much more vulnerable than any single part of your cyberdefense setup. They only have to find one foolish or uninformed person, and that is all it takes. At PCH Technologies, we like our customers to be well-informed so that they understand everything that is happening. If this article has not explained things clearly enough, you can always call us at (856) 754-7500.