Our increasing independence on IT solutions to facilitate our day-to-day processes also ushered in an increase in cybersecurity attacks, both in frequency and sophistication. In this FAQ, our corporate cybersecurity experts will discuss concepts that can help us understand what constitutes the most basic cyberattacks and what we can do to prevent them.
What is a Phishing Attack?
Phishing is a form of Cyberattack that aims to obtain sensitive information such as passwords, credit card details, personal identification numbers (PIN), One-Time Pin, etcetera from unsuspecting individuals by posing as legitimate entities and employing social engineering. Once they have obtained sensitive information, fraudsters may transfer cash from your account to theirs, conduct identify theft, and charge purchases to your credit card or apply for loans in the victim’s name.
What is Social Engineering?
Social Engineering is the psychological manipulation of individuals to convince them to perform specific actions such as falling for a phishing attack. It is also a collective term for the techniques employed by fraudsters to dupe their targets. The most common social engineering techniques employed and some of their examples are:
- Spoofing Legitimacy – Fraudsters would use websites names, emails, logos, language, and spiels, that resemble those of legitimate institutions.
- Negative Consequence – Targets are threatened with an impending closure or blocking of an account if unacted upon. Targets are told that the fraudsters have detected suspicious activity from their credit card and would require their PIN to reverse charges or block the card.
- Loss of Opportunity / Urgency – Targets are told they won a prize or opportunity that has to be claimed within a short period of time.
- Too Good to be True Claims – Targets are told they won the jackpot prize for a contest they have no memory of joining.
What makes a Password Strong?
According to the Cybersecurity & Infrastructure Security Agency, the strength of a password is derived from its length, complexity, and predictability. To create a strong password, users can keep the following IT Solution tips in mind:
- Length – Making your password as long as possible (up to 64 characters) would make it stronger but the problem would be remembering it and the effort it would require to type it when prompted. Experts suggest stringing random words because that makes it easier to remember (remembering four 4-letter words is easier than recalling 16 random characters)
- Complexity – To increase the complexity of your passwords, experts suggest using both upper-case and lower-case letters as well as special characters. In conjunction with the first tip, users may opt to capitalize a certain letter in the order of the words (capitalize first or the last letter) and switch a special character in lieu of a letter that it resembles (e.g. @ for A, 5 for S, # for H)
- Predictability – Predictability would not be a problem if users followed the first two items. However, it goes without saying that users should not use words that hackers commonly use such as ‘password’ and ‘1234.’ Experts also advise against using personal information (birthdays, addresses, vehicle plate numbers) that hackers can easily obtain.
What is Multi-Factor Authentication (MFA)?
MFA is an authentication method where a user is required to provide two or more evidence (factors) in order to gain access to an application or website. The most commonly-used factor of course is the password. The goal of an MFA is to provide an additional layer of protection in case the password is compromised. Other types of factors that can be used for authentication are:
- Knowledge-Based – PIN, security question, pattern lock
- Biometrics – Facial recognition, fingerprint, voice recognition, iris scan
- Physical objects – Security tokens (USB sticks), bank cards, keys
- Location-based – GPS, Intranet connection
- Mobile-Phone Based (technically under Knowledge-Based but facilitated by a mobile phone) – One-Time Pin (OTP), Third-Party Authenticator apps (e.g. Google Authenticator)
Consult your Trusted IT Solutions Company
This FAQ is brought to you by BHT Solutions, an IT Company that has the experience you can trust. In BHT Solutions, we believe in harnessing the power of IT solutions and making it work for you. Schedule your free consultation now and help us transform your workflow!