Featured

4th July 2019 | Mansfield Thomas | Head of Security and Fraud Prevention

Cyber Awareness 103: Tools of the Cyber-Savvy Individual

Much as we create and use tools to make our day-to-day lives in the physical world easier, so too do we develop tools to assist in securing our cyber assets.

Tools of the Cyber-Savvy Individual

From simple solutions such as password management software, to more complex authentication methods such as USB keys, there exists a wide variety of tools from which users can select and employ based on their requirements and budget. 

Password Management Software

As mentioned earlier, users should practice good password hygiene by employing different passwords which are impossible to guess and which make dictionary or brute-force attacks mathematically improbable. Unfortunately, for most of us, it is nearly impossible to memorize many different, secure passwords due to their format and the manner in which we as human beings process and store information. Luckily, password management software offers the solution to this fallibility. Password management software or simply, password managers, are programs and applications that can secure multiple sets of user credentials in an encrypted database format that can be accessed by inputting a single, master password. This enables users to have multiple, different, strong passwords for their various accounts without the need to memorize them. As long as users have memorized the master password, they are able to access all other sets of credentials for their various accounts. Most password managers also have the additional benefit of password creation tools which allow users to set parameters (e.g. password length, types of characters used, etc.) which allows users to create truly randomized strings of characters for very secure passwords. The best part is, most password managers are free or have a very low monthly cost, and even ones which require payment often still have free trial versions with slightly limited functionality. 

Anti-Virus Software

A large, and seemingly glaring, step users can take is the installation and proper maintenance of a solid anti-virus software, or AVS, on their computers and mobile devices. Anti-virus software, as we know, works by scanning both network traffic and a device’s processes and comparing them against a dictionary of known malware signatures. Additionally, when malware is detected, the AVS works to block the network traffic or to stop the system process and remove the malicious files before they can further infect the system. Some of the best AVS often incorporates features such as machine learning where the software will work to establish a “normal” behavioural pattern for the device and user it is protecting and then actively scan any abnormal processes that run contrary to that pattern. That said, the best AVS in the world is for naught if it is not properly maintained. To function at peak efficiency, AVS must be enabled to complete several tasks autonomously. Firstly, it must be able to download and install patches and updates as soon as possible after they are released. This ensures their malware dictionaries are the most up-to-date and helps to prevent possible zero-day exploits, or newly discovered weaknesses. Secondly, the AVS should be set to conduct system scans on a routine basis, regardless of whether it has previously detected malware signatures or not, in order to allow it additional opportunities to detect malicious files it might have overlooked before the most recent update or patch. Lastly, it is a good idea to enable AVS to monitor web browser usage in order to prevent users from accidentally visiting malicious webpages or downloading malicious files.

Security Tokens

Another major, somewhat technical, step users and companies can take is to deploy security tokens to protect their systems. Much like how one uses a physical key to unlock their front door or desk cabinet, a security token is a physical device used to unlock digital systems such as laptops or mobile phones. The tokens work by either connecting directly to the system, such as via a USB port, or via contactless methods such as Bluetooth or Near Field Communication (NFC). Once connected, depending on what the token is configured to do, users can unlock a device, login to webpages or applications, and even use the token to decrypt files which are stored or transmitted in an encrypted format. Security tokens can even be configured to store master passwords in the above-mentioned password managers, making it even easier for users to practice great password hygiene. As an added benefit, most modern security tokens are smaller than a regular housekey and can be easily stored on a keyring, lanyard, or in any other number of user-convenient manners. 

Cloud-based Data Storage

While the frequency of ransomware attacks seems to have fallen since 2017, backing up data is a practice that should be implemented by both individuals and corporations alike. Whether guarding against cyber attacks, data corruption, systems failures, or any other number of adverse conditions, having an extra copy of one’s data is never a bad idea. There exist many methods by which to accomplish this, however, one of the more simple, and most popular is via cloud-based storage. Cloud-based storage works by storing a copy, or copies, of an individual’s or corporation’s data across a single or, more commonly, multiple servers, at multiple physical locations. Should the data then, for whatever reason, become inaccessible or unusable on the user’s systems, the systems can be cleaned or wiped and the copy of the data reuploaded to the fresh systems. In terms of supplier selection, it is very much a buyer’s market with new cloud-based storage providers appearing nearly weekly. Individuals can in most cases, completely customize the service they want in terms of storage size, frequency of automatic backups, how the copies are stored, and a plethora of other options. Depending on a user’s system or device, cloud storage options are sometimes included for free or at heavily discounted prices. 

The Way Forward

Whilst all of this might initially seem overwhelming to the previously unaware user, in reality, simply having the proper mindset combined with a little technological acumen can go a long way in securing one’s digital assets. Both cybersecurity technology and malicious software will continue to evolve over time and it is the responsibility of the connected individual to stay abreast of current and emerging trends and technologies. Fortunately, as technologies evolve, manufacturers generally find ways to integrate them into the devices we use in our daily lives. Fingerprint readers and other bits of biometrics technology, for example, are now common features on mobile phones and other devices where less than a decade ago the technology didn’t exist outside of facilities physical security. As time marches on, we will see the rise of new cyber attack methods, the technology to defeat them, and the accustomization of users to these new features.

Similar topics

Security

4th July 2019 | Mansfield Thomas

Cyber Awareness 101: Avoiding the Pitfalls of the Information Age

Security

4th July 2019 | Mansfield Thomas

Cyber Awareness 102: Password Hygiene

Security

23rd February 2019 | Mansfield Thomas

Biometrics in Banking: A Hard Look into Iris Scanners and other Authentication Technology