Cybersecurity from home – A BitBakery Knowledge Nibble

Cybersecurity from home – A BitBakery Knowledge Nibble

October 22nd, 2020 by Rachel Hickey

One of our core values is continuous learning. Every member of our diverse team brings unique skills and expertise to deliver for our clients. Part of continuous learning is sharing, so once a month we get the team together for a lunch and learn series we call Knowledge Nibbles. 

This month’s virtual learning session was led by Joe Reda, BitBakery’s CTO and cybersecurity expert.

Cybersecurity practices may be straightforward while working from the office, but how can you make sure you stay secure while working from home? You’ve probably heard it said– “a chain is no stronger than its weakest link.” This old saying is now more relevant than ever considering the increase in numbers of cyberattacks since work-from-home has become the “new normal” and security practices may not be followed as strictly as they were in the office.

When a single weak spot within this modern chain is inevitably found, an array of sensitive information could be compromised.

Just look at what happened to Twitter earlier this year when staff were targeted through their phones. The successful attempt let attackers tweet from celebrity accounts like Bill Gates, Joe Biden and Kim Kardashian sharing a Bitcoin scam. It reportedly netted the scammers more than $100,000. 

GPS and wearable technology company Garmin also experienced an attack this year when hackers deployed a ransomware tool, rendering programs useless until decrypted. The hacking organization then demanded a large fee for the decryption key.

Could these attacks have been prevented with better security measures? Here’s what Reda advises — you need to know about types of cybersecurity threats, how to identify them, and how to defend yourself against cybersecurity threats.

Types of threats

Attacks like the examples mentioned above are happening more than you may think.

With the prevalence of attacks increasing, Reda says it’s important to understand what types of threats are prevalent in order to defend yourself and your company.

Phishing: Phishing threats are untargeted attacks direct to a large number of people with the hopes that some will be fooled. 

Spear Phishing: Spear Phishing threats use social engineering techniques on specific people to gain privileged information. 

The attacks on Twitter and Garmin are examples of spear phishing attacks. With Twitter, this resulted in the private details of high profile users at risk of being exposed and users had no way to protect themselves. With Garmin, it resulted in huge loss after a five  day shortage and a (reportedly) paid ransom of $10 million. 

At its core, preventing attacks is about having closely followed best practices set in place for cybersecurity. After all, a hacking organization can’t ransom anything if it can’t breach your system. So, how can you identify a threat before it turns into an attack?

How to identify threats

Phishing email example - Netflix

Reda’s advice? Be paranoid — if something doesn’t feel right, don’t do it. If you receive an email or pop up that seems off, don’t click on any links or follow directions in the email. Some common tells to look for are:

Got phished? Don’t panic, says Reda. First report it to your IT department, then disconnect from the internet and secure your systems.

How to defend against cyberattacks

Defending yourself against cyber security comes down to being aware of threats, and taking the steps to minimize those threats. The small amount of time it takes to add an extra layer of protection can save you a lot of trouble in the long run like:

Multi factor authentication diagram

In addition to these things, one of the best ways to protect yourself is through the use of multi factor authentication. When you log onto a site — say your online bank or credit card provider — you provide your username and password as usual. If you have two-factor authentication enabled, the site will then send a text or email to you with a code you must enter before you can complete your log in to the site. This gives you an extra layer of protection, and you can get this protection in a few different ways:

SMS verification: At the bare minimum, Reda advises using SMS as a method of multi factor authentication. It’s free to use, and is supported anywhere. 

Authenticator apps: The next best thing is authenticator apps, such as Google Authenticator. While it can be annoying to use from a user perspective, these apps are free to use and are widely supported. Just don’t lose your phone, as you’ll lose access to your accounts as well.

Security keys: According to Reda, security keys are basically like Cadillac of multi factor authentication – they're very, very secure. Because it is a physical device, you do have to buy a replacement every five or so years, and there is higher risk of losing the key. Reda still advises this as one of the best ways to secure your information. 

One time codes: Last but not least, one time codes can be used to validate your identity for only one session. This is an extremely secure option, as the code is valid for only a single use and they are not as vulnerable as static, reusable passwords –  your actual password is never transmitted over the network.

What’s next

If there’s one thing Reda wants people to take away from this session, it's that you should become aware of the threats and use multi factor authentication to defend yourself, and your company. Attacks can happen to anyone, and security as whole is only as strong as the weakest link. Now that you know more about cybersecurity practices, take the time to secure your information and start building good security habits.

Questions about cybersecurity? We’d love to hear from you. Contact us today!

April 5th, 2024 by Attila Schmidt
Is the Arc browser the ultimate tool for developers?
November 11th, 2021 by Alex Kinsella
How to choose a digital signing service
March 29th, 2019 by Alex Kinsella
Here we grow again!