Cyber security advice from ex-hackers

The story of a tech-savvy teenager turning their hand to hacking and getting hired by the very company they’ve infiltrated seems too strange to be true, yet it is one we’ve seen multiple times in a variety of industries. Some of these ‘reformed hackers’ are even sharing their cyber security tips online, offering a glimpse of how hackers think, and how you can begin to safeguard against unwanted security breaches.

While you may not think your business will be of interest to potential cyber-attacks, in this digital-age our data is more valuable than ever before, and there are some relatively straightforward ways to start protecting yourself online.

There are some tips that we may be more familiar with – being wary of suspicious-sounding texts and emails, not clicking on any unfamiliar links – while others offer a more nuanced look at the technologies and protocols that can safeguard yourself and your business against cyber-attacks. We round up some of the top tips from these articles for you here.

Password protection

Password security is perhaps the first thing these experts say to secure, using a variety of methods:

• Establish a complex password standard. Complex shifts from an easy / memorable password such as a date of birth or postcode, to lengthy passwords including upper- and lower-case characters, numbers and symbols.
• Always maintain separate passwords for different platforms, especially your email accounts. If a hacker gets your email, they can easily reset passwords for platforms and get into your information.
• Implement a password manager such as LastPass, KeePass, Bitwarden or 1Password.
• Use a two- or multi-factor authentication, e.g. Microsoft-Authenticator, Blizzard Authenticator.
• Set up notifications so you receive alerts when your account details may be compromised.
• Implement password policies and ensure all employees are up to date with them, e.g. everyone must change their password every month.

Computer security

The majority of cyber-attacks happen through company employees, with breaches often occurring through email accounts. Once a hacker has infiltrated the system, spyware and malware can then be used to compromise the site. Here are some simple computer safety tips:

• Avoid using public wi-fi and implement a VPN.
• Do not follow links or attachments in emails from unknown or suspicious-seeming senders. In these cases, go to the site directly.
• If you receive a suspicious email from a contact, call that person prior to opening the email, attachments or links.
• Avoid sending sensitive/personal information on email.
• If you must, routinely delete sensitive information and purge deleted items. Sensitive information stored within emails can be a hacker’s utopia.
• Bookmark your favourite websites to avoid entering a copycat site.
• Avoid posting sensitive information on your social media accounts.
• Back up data using reputable cloud-based storage solutions (which you can encrypt prior to backing up if particularly cautious).
• Use https on every webpage – this will encrypt the information sent between your computer and the sites.

Phone security

Attacks can also come through your phones – both via company and personal devices. Keeping these avenues secure is just as important as safeguarding your computer.

• If you receive a message or call from a trusted organisation (such as your bank) but don’t recognise the number, say you will return the call and reach out to the company directly. This can help to ensure the number is correct and secure.
• Isolate smart devices on a different VLAN (though please note this may require a more complex router).
• Keep Bluetooth, Wi-Fi and GPS turned off unless using it.
• Install encrypted communication services – these can provide an extra layer of security for texts, calls and file sharing. E.g.: Signal, Wickr, Redphone, Telegram, ProtonMail.

While these suggestions are just the tip of the iceberg in terms of how you can protect your organisation, they show a valuable insight into how hackers think and work, and following even a few of these steps can make the world of difference.

For more information on how you can work these protocols into your business plan, contact Vanguard Risk on 1300 847 475 or contact@vanguardrisk.com.au

Further Resources

• https://www.cybersecasia.net/tips/cyber-security-tips-by-hackers-for-non-hackers
• https://www.newbusiness.co.uk/articles/business-continuity/a-former-hacker%E2%80%99s-views-and-cyber-advice-business
• https://medium.com/@7onez.com/online-security-tips-from-a-former-hacker-hieupc-643add009129
• https://money.cnn.com/2014/09/22/technology/security/hacker-safety-tips/index.html