Cyber Security Best Practices and Threat Examples

Welcome to Cyber Security Best Practices and Threat Examples!

This is a brief guide to a list of Cyber Security Best Practices and examples of threats seen "in the wild". I will continue to add to this list as I encounter new threats and attacks!

Passwords

Passwords are no longer sufficient security for any sensitive account. You need to add Multi Factor Authentication.

You should still use upper case, lower case, special characters, and numbers in your passwords. No two passwords should be exactly the same, although you can follow the same schema or pattern with some unique added or altered part to keep the resulting passwords different.

Example:

For your Google password:

googlE123!@#123!@#

This lists the service, has an uppercase character at the end of the service name, has numbers as 123, then the corresponding special characters of (for Windows) Shift + 123 respectively. I repeated only the digits and special characters as I wanted to add some extra characters, but keep less typing by not doubling the service name.

For your YouTube password: youtubE123!@#123!@#

So, this is a pretty secure schema, but if a hacker or malicious person discovered one or more of these passwords, it's pretty easy to see what the pattern / schema is. They would try to apply the same tactics to your other passwords.

A more secure and less straightforward pattern / schema is to take a song lyric or phrase that is important to you, yet easy to remember, and take the first letter of each word. Still add other numbers and special character patterns. You could also add the length of the service name to the end.

For your Google password using Never Going To Give You Up ngtgyU123!@#123!@#6

For your YouTube password using Never Going To Give You Up ngtgyU123!@#123!@#7

A bit more painful, but definitely more secure pattern would be to use the LAST letter of every word of a phrase or song lyric.

For your Google password using Never Going To Give You Up rgoeuP123!@#123!@#6

For your YouTube password using Never Going To Give You Up rgoeuP123!@#123!@#7

Something much less cumbersome, yet more secure, would be to alter whether you capitalize the first or last letter based on if the length of the service name is even or odd.

For your Google password using Never Going To Give You Up Ngtgyu123!@#123!@#6

For your YouTube password using Never Going To Give You Up ngtgyU123!@#123!@#7

These are just some examples of ways that you can ensure that your passwords are harder to guess. You still need strong Multi Factor Authentication. The point of complex passwords is to force a malicious actor or service to guess many times, which in turn should trigger detection tools.

Multi Factor Authentication

Multi Factor Authentication (MFA) is a process of using more than one method to verify your identity. Normally, a username and password is all you needed to log into an account. Now, you will need to use an additional method on top of your credentials.

Originally, this was achieved with a text message (SMS) or email. Text messages are not suggested to be used for MFA. There was a major vulnerability of SMS not being encrypted cross platform. This may have been fixed, but there are more secure methods of MFA.

Authenticator apps are a better form of MFA and don't rely on a network connection. There are multiple free options, including Google Authenticator and Duo. Google Authenticator is handy as it requires a login to a Google account. If you lose your device, you can simply disconnect the account login from that device, as long as you have access to your Google account / profile on another device. Then, you can set a new device as the Recovery device. Google Authenticator will generate a code that's only alid for a minute and then a new code is generated.

Passkeys are considered one of the strongest forms of MFA. This is where a digital fingerprint is taken of your info and your device's info.

Never Give Out Too Much Information

Be cautious and suspicious if people, places, or services are asking for information. Use your best judgement as false positives can get annoying and inappropriate.

Try Not to Get Too Much Information

Be mindful of what you're asking of people, especially in industry. Or what you're saying in public and who can hear it.

For example, if your friend moved houses, you wouldn't ask this in this way at a busy train station: "Hey, how are you liking your new place at 123 Charleston Street?"

Zero Trust Mentality

This means that, even if certain circumstances are met, don't automatically bypass security protocols.