One basic cybersecurity fact you should know is that hackers are not magicians.
Therefore, no hacker gains access to your computer without being granted access either through your activities, ignorance, or some of your basic cybersecurity mistakes. In this post, we will discuss those cybersecurity mistakes and the basic ways through which one gets initially compromised.
Whether it is an organization or an individual, most of the hacking originates from one of these five common ways;
1. Weak, Leaked, and Stolen Credentials
Getting hacked due to weak, leaked and stolen credentials is very common.
It is always common for you to see people use the same password and email on different online accounts.
It is also common to see people create an account on a particular website or application and later abandon it. This becomes a bad act when the account is created with the user’s most commonly used passwords and emails.
What happens is that whenever such websites or accounts are hacked, their login details will be stolen and sold on the dark web. Then, hackers will take advantage of that by trying out those login details on other legit websites.
Secondly, users’ credentials can be leaked or stolen also through Public WiFi, Keyloggers, or Trojan applications. This can be done by tapping into the public WiFi network or by installing a keylogger or trojan application on the victim’s device.
A weak password is another avenue credentials can be leaked or stolen. This is because weak passwords can be cracked easily with password cracking tools like John the Ripper.
Countermeasures
There are ways we can mitigate attacks that come through weak, leaked, and stolen credentials. These include;
a. Always check your credentials on pwned websites to know which of your credential is out in the public domain already. Read the related post below on how to check ;
Related Post: Data Security- How to Find Out What Hackers Already Know About You
b. Learn to update or change your passwords after a designated amount of time. Don’t use the same password over a long period of time.
c. Avoid the use of public WiFi to make official transactions like bank transfers, or logging into your office-related accounts. Mind how you use hotels, airports, church-owned public WiFi, etc.
d. Don’t use weak passwords for your account. Learn to create a strong password for your online accounts. Also, learn to use two-factor authentication for your online accounts.
e. Learn to delete your details from every website or account you are no longer active in.
f. Monitor your application permissions for android phone users.
Related Post: Android Phone Security- How to Block Apps from Stealing Your Personal Data.
2. Social Engineering
One of the widely used techniques to get victims by hackers is Social Engineering.
This is simply hackers tricking users into making poor security or trust decisions. This might be through emotional or psychological manipulations.
This also involves hackers trying to mislead you into clicking a link that leads to a website that has malware in it or is fake, also manipulating you into giving out your confidential details to them. It can be through a phishing email, social media chat, or text messages.
Countermeasures
We can reduce hackers access through social Engineering by applying the following measures;
a. Never trust, always verify. Before you act on any information online or through emails or chat, you must have to verify its genuineness.
Related Post: How Internet Scammers See Their Victims
b. Don’t download files like PDF, word documents, PowerPoint, etc and applications from sources you don’t trust. Same with an email attachment. You can get your system or phone infected with malware by just opening a file to check what is inside.
c. Don’t click on links from untrusted sources without first verifying them. Before you click on a link that comes with your email or chats, make sure you hover your mouse on it to detect its original address. Also, remember to expand tiny URLs before clicking to know their actual destination.
d. Avoid putting your login details in a popup window. Make sure you are on the real login page of a website or application before you type in your details.
e. Always check the website address of the site you visit properly. You can also confirm the safety of the URL on Google Safe Browsing Site Status.
3. Unpatched Vulnerabilities
Another common way hackers get at us is through the security flaws or vulnerabilities in the software and hardware we use.
This might be a security flaw in the mobile Apps or desktop applications we use. It might also be a flaw in the operating system of the devices we use. It might be a flaw in our hardware that might make our applications misbehave.
Using devices that have any of these flaws makes us cheap to hackers. Most times, some of these security flaws help hackers to bypass our passwords while trying to attack us.
Tools like Metasploit makes it easy for hackers to exploit common vulnerabilities and exposures that our device and applications might be prone to.
Countermeasures
We can mitigate attacks that come through unpatched vulnerabilities by applying the following safety measures;
a. Learn to update your system or phone applications once there is a new update release.
b. Visit also websites with a list of common vulnerabilities and exposures to get information about the vulnerability level of your device or applications and its patches.
Related Post: Security Vulnerability- One Reason Why Your Password Alone Won’t Save You
c. Don’t share information about you that can help hackers to know much about your hardware and software infrastructure.
Related Post: Internet Scams- Guess No One Has Told You This
d. Also, learn to avoid buying Tech products with high-risk vulnerabilities for your online business use.
4.Physical and Insider Threats
Sometimes we lose our online account access and data due to device theft or because of poor trust decisions.
Giving your friends or coworkers over trust and privilege access to devices you use might lead to a security breach.
This is because they might take advantage of such privileges to steal your information.
Countermeasures
a. Always remember to change your login details whenever you give them out to a third party.
b. Avoid placing the SIM card you use for your bank OTP or two-factor authentication on phones that are expensive and attractive to physical theft. Remember also to setup your SIM card PIN lock for security in case of theft.
c. Learn always to verify and don’t trust easily. Be like bankers, you will have to prove yourself to be believed.
5. Security Misconfigurations
Another way a hacker can get at us is through our security Misconfigurations. If you leave your devices on default settings or if you mistakenly turn off vital security settings, this might as well affect your basic cybersecurity.
It is always advisable to go through the privacy and security settings of every application or device you use.
This includes the security settings of your mobile phones, computers, and IoT devices.
Taking care of these basic cybersecurity ways you can experience an initial compromise is very important for your cybersecurity strategy.
