Ramstein Cybersecurity Awareness Month — Knowing the cyber battlefield

Identify — Know the battlefield

It is no secret that modern society is becoming more integrated with cyberspace. Social media, banking, and shopping have become everyday online activities. Almost everything requires you to create some form of account, and each of these accounts ties to you in a way that can be used against you if you are not careful. This ‘Attack Surface’ is your personal security battlefield, and knowing how to control it is essential.

Protect — Fortify defenses: Safeguard data

Everyone knows that your password is the single most important, and vulnerable, piece of information for your account. Knowing how to harden these across all your accounts will already set you above the average user.

It used to be that an eight-character password was considered secure but with advances in password-cracking technology, the minimum safe length is twelve characters, some recommend sixteen, and that’s only if you are including capital letters, numbers, and special characters. Increasing the length of your password further can only improve your security, but as they get longer, they become more difficult to remember. How can you combat this? There are several answers from more technical to less.

A less technical solution to this modern-day problem is the use of mnemonics. A common way of formulating long passwords is to combine several words or phrases, change some of the letters to capitals, and add additional letters, numbers, and special characters. This may create a decently strong password depending on the phrases chosen, but this technique may also have its own drawbacks.

Hackers are constantly scrubbing passwords for common phrases and if they have any information about you, such as birthday or names of children pulled from Facebook, they may be able to guess your phrases without much effort. Additionally, it may become difficult to remember all your phrases across every account if you must remember a password for your online banking, amazon account, social media, etc.

A more technical solution exists in password managers. Most browsers come with an included password manager that can not only autofill your password when logging in, but they can also generate new, secure passwords for you whenever you create a new account.

These functionalities are free and are automatically enabled in most browsers, but these can also have security drawbacks. If a hacker is able to access your phone or computer, the first thing they are likely to check is your browser’s password manager. These passwords are often stored unencrypted and don’t require any sort of authentication or password to access the full list.

To combat this, an option available to you is a third-party password manager. Password managers, just like the in-browser options, can store, autofill, and generate passwords for you, and are available both on desktop and on smartphone app stores. They will also encrypt your passwords when you are not using them, warn you if your password is weak, and often require a separate form of authentication, such as two-factor authentication, biometric, or another password.

Major companies also have two factor authentication as an option for their websites. This can be a crucial step to drastically increase your personal security. Often, this is a text message sent to your phone or the use of a third-party authentication tool. Two-factor authentication may require some setup time, but the added layer of security is a must have for certain accounts such as your online banking login. Once you get started with it, however, it’s easy as 1-2-3 (Remember, 1-2-3 is not a secure password!)

Detect — Detecting the undetected

Data breaches occur when hackers access the systems of the company you have an account with, rather than your specific accounts itself. These data breaches often leak hundreds or thousands of accounts, including usernames and password. For instance, there was a major breach of Social Security numbers in April that leaked nearly 2.9 Billion Social Security numbers and transaction records (Los Angeles Times, Aug. 15).

Incidents such as these expose personally identifiable information to unauthorized parties which can have devastating consequences when used improperly. Luckily, there are several ways to stay on top of these events.

Certain password managers will warn you if there is a data breach involving the account you have saved with them. This can allow you to swiftly respond by changing your password or deleting your account with the company if you so choose.

There are also several cybersecurity news websites that report data breaches as they occur. One of the most reliable is the Cybersecurity and Infrastructure Security Agency. As America’s Cyber Defense agency, they not only provide news updates of recent events, but also have multiple articles providing cybersecurity advice on topics not covered in this article. You can reach their website at https://www.cisa.gov/.

Respond — Mobilizing against threats

If one of your accounts was compromised in a regular manner such as your password being cracked, your first step should always be to change your password. Once that is completed, there is usually an option within your account settings to logout of all devices. Doing this will logout the hacker who has access to your account, but they will no longer have your login information to re-enter the account.

It is best to review what actions the hacker may have taken. If it is a social media account, your next step should be to take down any posts the hacker may have made and make one of your own acknowledging what happened. This will warn others to ignore any posts the hacker has made or any direct messages they may have sent. It is also recommended to check the accounts you have linked to your profile or account as they may also be at risk, especially if you use the same password for each of them!

Recover — Bounce back stronger

After taking all the steps to respond to your cyber incident, you may, and should, want to prevent it from happening again. One of the first steps is to follow the advice laid out in this article. That will already set you up far better than the average user and will make you an undesirable target for hackers. If you seem too tough of a target to crack, hackers will move on to something easier. Your best defense is deterrence after all.

If you’ve already followed the advice in this article, or have set things up on your own, and you find yourself wanting to improve your security further, there are near infinite resources out there for you. There are hundreds of articles discussing today’s cyber threats and hundreds more on how to combat them. There are even YouTube channels that report on these incidents and can teach you how to secure your accounts and computers against unwanted access. However, always remember to double-check any source for validity when presented with information. You don’t want to take any chances with misinformation when your personal security is at stake.

Knowing your battlefield is the first step for a reason. The cyber landscape is always changing and adapting to these changes is your strongest defense. Improving individual security improves national security so do your part today!