[BreachExchange] 5 worst cybersecurity habits with catastrophic consequences

[Audrey McNeil]

https://www.csoonline.com/article/3231669/backup-recovery/5-worst-
cybersecurity-habits-with-catastrophic-consequences.html

Smoking cigarettes. Drinking too much alcohol. Over-spending. Too much
snacking and overeating. Dining on fast food. Those are some of the worst
personal habits, according to Reader's Digest.

Those tendencies, and their consequences, are obvious. So is quitting them,
which can lead to a healthier and happier life.

Bad cybersecurity habits, however, aren't as obvious — yet they can have
devastating effects.

Here's a look at the worst ones people fall into and the harm they cause.

5 of the worst cybersecurity habits

Lax attitude

"The chances of getting hacked are so low that I don't need to bother with
learning about cyber protection." Wrong.

The Equifax hack alone may have affected more than 55 percent of Americans
over the age of 18. The Yahoo hack put all 3 billion of its users at risk.
Cyber crime is soaring. A ransomware attack occurs every 45 seconds.

"My employer will take care of it for me." Wrong again.

Plugging into the corporate network only increases the cyber risk and
exposes a user to more perpetrators.

Users should take security seriously and learn something about it. If not,
then they're neglecting their cyber safety and they'll pay for it.

No email protection

Not using protection — namely two-step verification — is taking a big risk.

Email theft is one of the biggest cyber crimes. The major hacks making
headline news have led to a massive number of stolen login IDs and
passwords for sale on the dark web.

To protect users from hackers who have access to stolen identities, most
email apps, including Gmail, Yahoo Mail, AOL Mail, and Outlook, offer
two-step verification.

With two-step verification turned on, an email app requires an extra code
when a user logs in. Each time a user enters their login ID and password,
the email app texts them a secret code. To gain access to their email, a
user must enter this code.

When a hacker tries logging into the user's email account, they are stopped
in their tracks because they don't have the secret code.

The problem with two-step verification is that it requires a user to turn
it on. Most users are either unaware of this or too lazy to spend 5 minutes
to flip the two-step switch on for their email account. As a result, their
email accounts are wide open to hackers.

Clicking on hyperlinks in emails

Ninety-one percent of cyber attacks and the resulting data breaches begin
with a spear phishing email.

A spear phishing attack — essentially a fake email — might pretend to be a
customer support representative asking a user to click a link to change
their password for security.

Or an imposter might look like a CEO who is asking one of her employees to
click and send a wire transfer in order to pay a customer.

An authentic-looking email can appear to be coming from the IRS, asking a
user to click a link in order to receive their refund.

The remedy? Don't click on any suspicious hyperlinks contained in emails.
The consequences of clicking on a fraudulent link can be tragic.

Poor password practices

Weak passwords make it easy for hackers to guess correctly or use simple
password-cracking tools to access email and other user accounts. People
know this, but regardless the most popular password in use today is 123456.

To compound the weak passwords, people reuse them. People are too lazy to
create unique passwords for each of their accounts. Instead, they use the
same easy-to-crack password for all of their apps.

Cyber fatigue is growing at an alarming rate, and hackers are capitalizing
on this phenomenon. Once a cyber thief figures out that a user's password
for all their accounts is "admin" (one of the most popular passwords for
Equifax users who were hacked), it's game over.

If that's not bad enough, users have a tendency to share their passwords.
They might tell their spouse, children, siblings, friends or co-workers
what their cool password is. Or they might even brag about using 123456 and
not getting hacked (yet).

Some people write their password on a piece of paper and leave it out in
the open for anyone to see. Sharing passwords multiplies the problems of
weak and reused passwords.

No data backups

Ransomware — a malware that infects computers and restricts their access to
files, often threatening permanent data destruction unless a ransom is paid
— has reached epidemic proportions.

The damage costs in connection to ransomware are predicted to reach $5
billion globally in 2017, up from just $325 million in 2015.

A ransomware attack can result in the permanent loss of important personal
and business data.

The best way to thwart a ransomware attack is to back up files. The FBI,
the media, vendors and governments globally have been warning people about
the dangers of not backing up files.

"Regularly back up data and verify the integrity of those backups. Backups
are critical in ransomware incidents; if you are infected, backups may be
the best way to recover your critical data," states the FBI in a 2016
Public Service Announcement.

Despite the ransomware and other cyber threats, most computer users are
still not backing up their data — and the loss can be devastating and
costly.

Fixing bad cybersecurity habits can be as easy or as difficult as fixing
bad personal habits. The first step is often the most important one. So,
take action today, and turn on two-step verification or back up you files.
Do something. If you do nothing, the results can be catastrophic.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20171012/7fcc2bbe/attachment.html>