waypoint cybersecurity october 2021 awareness month

P@ssw0rd Pr0t3ction

October 13, 2021
October is National Cybersecurity Awareness Month and we've got an easy first step to improve your personal and professional cyber posture.

Let’s cut to the chase on passwords. Your birthday? Public record. Hometown zip code? Google Maps. Wedding Anniversary? Found it on Facebook…and FYI…you might want to use incognito mode if you don’t want those “for you” ads to ruin the surprise you have planned.

Chances are, you’re familiar with the need for password security, but it might not have hit home yet how much you and your business have to lose by being lax with your credentials. While creating a strong password is an essential first step to keeping your valuable information secure, there are multiple ways that hackers can target their victims in order to steal that information.


So, here's how we’d crack your passwords (if we weren’t one of the good guys, of course):

We’re going to send you a message (email, phone, whatever public information we can glean from easy sources) and we’re going to dress it up. Depending on our preference and a bit of data we’ve managed to mine off you in previous breaches, we might slap a big brand name on our subject line. Or, since the only consistent thing about technology is its tendency to…not work, let’s step into the role of a sketchy IT operative and see how far we can get.

FROM: "JONNY5000 @ IT_FIXITQUICK"

HI, we’re the technical support you didn't request but circumstantially need. Please send us your log-in information so that we can better assist you and resolve the problems on your device. Don’t forget to click here to pay for our services and settle your outstanding account balance. Failure to settle accounts will result in legal action and up to $500 in fines.

It’s a simple trick, but it’s terribly effective. You can't remember if you or your team requested IT support, but you have problems that need to be fixed, and nobody's interested in a $500 fine. If you were to fall victim to that type of cyber attack, not only could the hacker obtain your password and financial information, but by clicking the link, you could download malware or ransomware to your device which they can use to launch a larger attack at a later time. It's bad news all around.

Oh, and go ahead and multiply the impact of the breach by the number of accounts that shared your now compromised password.

Even though this hacking scenario is a critical thinking exercise and not a legitimate threat, according to PurpleSec’s 2021 Cyber Security Statistics 98% of cyber attacks rely on social engineering like this. Social engineering in the world of cybersecurity refers to a type of cyber attack that manipulates the user into divulging confidential information by using scare tactics, big brand names, or even assuming the identity of a friend or business. The resulting email compromise scams have cost organizations millions of dollars per year. Yeah, there's a lot to lose. 

Password protection goes further than creating strong passwords. At Waypoint, we believe in approaching cybersecurity with a multi-dimensional approach because we know that hackers often use multi-dimensional attacks to get what they want out of their victims.

Becoming more aware of the best password practices, high-level phishing schemes, and social engineering attacks is a must for protecting your sensitive information. But there’s more to it. Using technology to block malware, using two-factor authentication in your day-to-day operations (especially on banking apps, retirement programs, or investment accounts), and/or providing virtual training for your staff on all of the above are all active parts of a healthier and more secure cyber strategy.

So, update your passwords - make them good and strong – and enable multi-factor authentication (MFA) where you can. In the case of a password breach, that MFA is your second (and often only other) line of defense.

As a business, start thinking like a hacker and try to pinpoint your biggest weaknesses (you can always take our free Gap Assessment to help with that). And of course, reach out today if you’d like to start a conversation with our cyber experts on what your company needs to know about implementing better cyber strategies.
Waypoint Cybersecurity provides an industry-leading service to help protect the data and information of public or private organizations of any size.

513-719-1810

info@waypointcyber.com

All Rights Reserved Waypoint Cyber Security 2024
mustache