Latest news

Massive top 100 security tips

Cyberwarzone is going crazy and has decided to post a massive top 100 security tips for the community. These tips can be used on a daily basis and are easy to implement. The security tips will help you protect yourself against potential threats.

The tips will cover topics like web surfing and doing it secured. As the list gets bigger the topics could get complex. Feel free to share this blog and don’t forget to tweet about it.

The topics:

  1. Social Engineering
  2. Social Media
  3. Physical computer security
  4. Password security
  5. Business continuality
  6. Smartphones
  7. Encryption
  8. Anti Virus
  9. Public computers
  10. WiFi security

 

Social Engineering

1. Don’t leave password notes on your desk, under your keyboard / phone / table. You could use an password manager instead.

2. Don’t provide people information that they should not have.

3. Always check the credentials if someone is asking for non-disclosed information. (This could be your credentials, or the password of your username).

4. Hackers often impersonate (Spoof) users to gain information. Be aware of this threat.

5. With social engineering comes the threat; Theft of financial information. Hackers use phishing or spear phishing techniques to request confidential information, such as account details.

6. Never provide sensitive information via email. If someone tries to get you to give out personal data, passwords, and other sensitive information via your email, don’t do so. Always call back to the real source and confirm if such a request is needed.

7. Be skeptical of anyone that tries to get personal data, passwords, and other sensitive information from you. Always be skeptical if anyone tries to get information from you. Normally, it is very rare for a company to make you give out any information, so you should never do so if you haven’t checked the source first and are absolutely confident about it. It is your right not to give out any information unless it is under extreme circumstances.

8. Beware of people that call you on the phone and try to make you provide your personal information, passwords, and other sensitive information. Always be skeptical if someone calls you on the phone and tries to get your personal information, your passwords, and other sensitive data. Always be skeptical and never give out any information to strangers.

9. You will never get 100M USD via an e-mail contact. Spammers use various techniques to gain information from you. They will act like they have money waiting for you and all they need is your credentials. Be aware of this threat.

10. The FBI does not send mass e-mails to private citizens about cyber scams. if you received an e-mail that claims to be from the FBI Director or other top official, it is most likely a scam.

If you receive unsolicited e-mail offers or spam, you can forward the messages to the Federal Trade Commission at [email protected].

11. Social engineering can strike you anytime.

12. Social engineering is an method that is used to obtain informationn and let people do what you want them to do.

13. Attackers might use various methods to obtain their information.

14. When you get an security warning take it seriously!

 

Social Media

1. Consider if you want to use your real name. (You can connect your network directly to add an specific username)

2. Social media is fun. Yes social media is fun as it is dangerous. Don’t leave your social media page open in an public environment like schools, cafes and other hotspots.

3. Applications are fun. Yes, applications are fun as they are dangerous. Applications need information for their databases. These databases could belong to anyone. So before you download or install an application check the source of the application. You don’t want your information in the hands of cyber criminals right?

4. @Cyberwarzonecom OMG, someone just posted an nude picture follow this link bla bla bla. Hackers often use messages that people will click on. Social media is an great resource for hackers as everyone is connected. When you click on an Malicious link you will get infected by malware that will extract your credentials to an criminal database.

5. I got 21513 friends. DON’T!!! only accept people that you know to your social media network. This will protect you from harm.

6. Don’t share your password with others!

7. Beware of shoulder-surfers when typing in your password, or sensitive information.

8. SSL keeps you safe. Pay attention to the SSL errors when browsing.

9. Recognize current phishing, phishing and other scams.

10. Malicious content is crawling social media. Be aware of surveys that like collecting your information.

 

Physicial computer security

 

1. Before you turn on a computer check if it has weird objects connect to it. People could use physical keyloggers to gain your information.

2. Don’t leave your smartphone, computer, laptop, notebook or whatever with personal information unattended or unsecured.

3. Lock your plugin hardware. People could gain acces to your working environment. It would be an easy way for an criminal to take the plugin hardware with him. Lock op your external harddrive, USB sticks.

4. Don’t toss around with your USB sticks. Keep them safe and encrypt them!

5. When your harddisk or memory is declared dead be sure to dispose them in an secured way. Put them in an bag and hammer them to pieces. Great workout.

6. Don’t mix your laptop that you use for you work as an multimedia laptop. Keep work and fun separated when dealing with information.

7. Turn off your WiFi, either in the OS or using a physical switch (if you have one), when not in use.

8. Almost any device can be used to record audio and/or video, including smartphones, watches and buttons.

9. Disconnect the internet cable when you are done with the computer. This will prevent a Wake on Lan attack.

10. Use secure wiping functionality (Disk Utility) or tools to erase drives/devices before giving or selling them.

 

Password security

 

1. Use password generators to create passwords for you and then add an extra character that you prefer to the generated password.

2. Use password managers to manage your passwords for you.

3. Keep your password secret.

4. Do change your password on a regular basis.

5. Prevent the use of easy to guess passwords like; 12345, welcome. Hackers use password lists to brute force accounts. These lists expand millions of passwords

6. Don’t use the same password.

7. Don’t leave password notes on your desk, under your keyboard / phone / table. You could use an password manager instead.

8. Make sure that your credentials travel via HTTPS protocol.

9. Set strong (hard to guess) secret questions and answers.

10. Disable auto-login.

 

Business continuality

1. Hacker often impersonate (spoofs) as internal users to gain company information. Make sure that your staff is aware of this threat.

2. Make sure that you have qualified and trusty personal. Espionage happends in a wink of an eye.

3. Talk with your personal to gain insight in the company.

4. Keep your employees happy – even in hard times. Don’t make them and you became an victim of companies that bribe them for espionage.

5. Be carefull what you post on social media.

6. Create back-ups on a regular basis.

7. Do your job. Let the system adminstrators, security experts and network specialists do their job. Don’t make them go lazy in an automated environment.

8. Invest in security solutions and talk with your security advisors.

9. Yes you can become a target of a cyber attack. Be aware of that.

10. You wouldn’t leave your front door open, so why leave the front door open of your computer.

11. Implement company rules.

12. Life by the company rules.

13. Hire security staff.

14. Make sure you have a security policy in place -— The security policy is the formal statement of rules on how security will be implemented in your organization. A security policy should define the level of security and the roles and responsibilities of users, administrators and managers.

15. Make sure all of your operating systems and applications are patched with the latest service packs and hotfixes -— Keeping your systems patched will close vulnerabilities that can be exploited by hackers.

16. Turn off or remove unnecessary services.

17. Identify what sensitive information you have, what you use it for and where it resides.

18. Isolate/segregate sensitive data

19. Encrypt sensitive data.

20. Use Secure Sockets Layer (SSL) or a similarly secure connection for receiving or transmitting credit card information and other sensitive financial data.

 

Smartphones

1. Be carefull with your contact list. Your list could contain potential information for hackers. If you lose your phone be sure to inform your contact about it.

2. Smartphones are used on a daily basis. We can’t imagine a world without them. These smartphones contain a lott of information. Be sure to keep that information close.

3. Don’t just install all types of applications. When you delete an application, remember to delete the account you created with it.

4. Your smartphone has an harddisk and an memory drive. Remember to wipe them before you decide to sell or trade them.

5. Set your phone to lock, or time out, after a certain period of inactivity, requiring a password to get back in. All of the major smartphone operating systems support this function.

6. Remote wipe, plus the aforementioned password protection, is the bare minimum that most IT departments will require, although the specific steps you’ll need to take very much depend on the level of security at your company.

7. Third-Party Apps That Share Too Much. When you install a third-party app, you grant it certain privileges. Those privileges may include access to your physical location, contact information (yours and that of others), or other personal data

8. GEO-location. Do you really want people to know where you are?

9. WiFi for free. Be aware that when you are connected to a acces point someone could right out all your information.

10. Disable WiFi, Bluetooth when you are not using it.

 

Encryption

1. Use encryption software to encrypt your information.

2. Make sure that only you know the encryption password.

3. Don’t write the encryption password down.

 

Anti virus

1. Use an anti-virus on your computer. If you can’t pay one get one for free. You can use the microsoft security essentials to protect your computer.

2. Update your anti virus. Your anti virus uses an database with signatures. This database needs to get updated so it can recognize new threats.

3. Run your anti virus on a regular basis.

 

Public computers

1. Prevent logging in on public computers.

2. Disable auto-login.

3. Check for weird objects like keyloggers.

4. Use secured protocols like HTTPS.

5. Don’t store files on public computers.

6. Be aware of your environment.

7. Delete your browsing history.

8. Delete your cookies.

9. Delete auto-forms.

10. Prevent using public computers.

WiFi Security

1. Use a strong password.

2. Don’t broadcast your SSID

3. Use good wireless encryption

4. Use another layer of encryption when possible

5. Restrict access by MAC address.

6. Shut down the network when it’s not being used.

7. Shut down your wireless network interface, too.

8. Monitor your network for intruders.

9. Cover the bases.

10. Don’t waste your time on ineffective security measures.

 

If you have any questions feel free to leave a message.


About CWZ (418 Articles)
Reza Rafati is a security expert which has a wide knowledge on cyberconflict and cyber security related items. His passion involves providing workshops on social engineering and human body language. He is the founder of the CWZ CYBERWARZONE company and the Cyberwarzone.com news community.