Cyber Security Best Practices and Threat Examples

Welcome to Cyber Security Basics!

This is a brief guide to a list of Cyber Security Best Practices and examples of threats seen "in the wild".

Passwords

Passwords are no longer sufficient security for any sensitive account. You need to add Multi Factor Authentication.

You should still use upper case, lower case, special characters, and numbers in your passwords. No two passwords should be exactly the same, although you can follow the same schema or pattern with some unique added or altered part to keep the resulting passwords different.

Example:

For your Google password:

googlE123!@#123!@#

This lists the service, has an uppercase character at the end of the service name, has numbers as 123, then the corresponding special characters of (for Windows) Shift + 123 respectively. I repeated only the digits and special characters as I wanted to add some extra characters, but keep less typing by not doubling the service name.

For your YouTube password: youtubE123!@#123!@#

So, this is a pretty secure schema, but if a hacker or malicious person discovered one or more of these passwords, it's pretty easy to see what the pattern / schema is. They would try to apply the same tactics to your other passwords.

A more secure and less straightforward pattern / schema is to take a song lyric or phrase that is important to you, yet easy to remember, and take the first letter of each word. Still add other numbers and special character patterns. You could also add the length of the service name to the end.

For your Google password using Never Going To Give You Up ngtgyU123!@#123!@#6

For your YouTube password using Never Going To Give You Up ngtgyU123!@#123!@#7

A bit more painful, but definitely more secure pattern would be to use the LAST letter of every word of a phrase or song lyric.

For your Google password using Never Going To Give You Up rgoeuP123!@#123!@#6

For your YouTube password using Never Going To Give You Up rgoeuP123!@#123!@#7

Something much less cumbersome, yet more secure, would be to alter whether you capitalize the first or last letter based on if the length of the service name is even or odd.

For your Google password using Never Going To Give You Up Ngtgyu123!@#123!@#6

For your YouTube password using Never Going To Give You Up ngtgyU123!@#123!@#7

These are just some examples of ways that you can ensure that your passwords are harder to guess. You still need strong Multi Factor Authentication. The point of complex passwords is to force a malicious actor or service to guess many times, which in turn should trigger detection tools.

Never Give Out Too Much Information

Be cautious and suspicious if people, places, or services are asking for information. Use your best judgement as false positives can get annoying and inappropriate.

Try Not to Get Too Much Information

Be mindful of what you're asking of people, especially in industry. Or what you're saying in public and who can hear it.

For example, if your friend moved houses, you wouldn't ask this in this way at a busy train station: "Hey, how are you liking your new place at 123 Charleston Street?"

Zero Trust Mentality

This means that, even if certain circumstances are met, don't automatically bypass security protocols.