Integrate Threat Intelligence Feeds into Third-Party Security Solutions

Integrating Threat Intelligence Feeds into third-party security solutions is a critical step towards effective threat detection and response. Through this integration, organizations can automate numerous cybersecurity processes, enhancing both the speed of response and the accuracy of detection

API Integrations:

API integrations allow for direct and real-time data exchange between threat intelligence feeds and security solutions. This significantly accelerates threat identification and enables immediate response, minimizing potential damage.

 

SIEM and SOAR Systems:

SIEM systems analyze and prioritize threat data, providing in-depth insights into potential threats. SOAR solutions take this a step further by automating the processes of threat detection, investigation, and response. Together, these systems create a strong foundation for threat management by seamlessly integrating threat intelligence data into security operations.

 

Challenges:

Challenges in integration include ensuring data quality and reliability. By selecting reliable threat intelligence sources and adhering to best practices in data management, organizations can reduce false positive alerts and improve the efficiency of their security solutions.

 

By integrating threat intelligence feeds into third-party security solutions, organizations can significantly improve their ability to detect and respond to threats in real-time. This not only speeds up response times but also makes the work of the cybersecurity team more efficient, allowing them to focus on more critical tasks. When executed correctly, this integration provides organizations with a significant competitive advantage in the realm of cybersecurity.

Use Threat Intelligence Feeds for Automated Firewall and IDS/IPS Rule Updates

Leveraging threat intelligence feeds for automated updates to firewall and Intrusion Detection/Prevention Systems (IDS/IPS) rules is a critical method in combating cybersecurity threats. This process enables organizations to swiftly respond to new and evolving cyber threats. Automatic rule updates are based on real-time threat intelligence provided by threat intelligence feeds, allowing organizations to effectively update their security system rules, reducing the need for manual labour and enhancing network security.

 

Integration Process:

The integration process starts by selecting an appropriate threat intelligence feed and connecting it to the firewall or IDS/IPS system, often using API interfaces or other integration mechanisms. Once the feed is connected, the system analyses incoming threat intelligence and automatically updates its rules accordingly. This may involve creating new rules to identify and block traffic from known malicious IP addresses or updating existing rules to reflect new types of attacks.

 

Automation Requirements:

Such automation requires careful configuration and testing to avoid false positives that could block legitimate traffic. It's also crucial to ensure that rule updates are appropriate and do not cause unintended side effects on system performance.

 

In summary, the use of threat intelligence feeds for automatic rule updates represents an effective strategy for managing cybersecurity threats. This approach allows for quick and targeted responses to new threats, improving an organization's ability to protect its networks and information systems in a constantly changing cybersecurity environment.

Integrate Threat Intelligence Feeds with SIEM

Integrating threat intelligence feeds into Security Information and Event Management (SIEM) systems is a key method for automating the analysis of cybersecurity events. This process enables the rapid utilization of up-to-date threat information, significantly enhancing cyber defense efficiency.

 

Evolution of SIEM Technology:

The evolution of SIEM technology from basic log management systems to advanced defense platforms is significant. The integration of artificial intelligence (AI) has strengthened their analytical capabilities, enabling the detection of complex patterns and potential security incidents that would elude human analysis.

 

Integration and SIEM:

Threat intelligence feeds provide a continuous flow of the latest threat information, such as known attack vectors and techniques. When integrated into SIEM systems, they add value by offering real-time data that aids in quicker identification and response to potential risks.

 

Benefits of Automation:

The automation in SIEM systems, combined with the information from threat intelligence feeds and analysis of logs, free up resources for more critical security tasks, improving overall cybersecurity operations. Rapid detection and response to threats reduce the window of opportunity for attacks, enhancing the ability to protect critical assets.

Utilizing machine learning for event correlation in SIEM reveals hidden threats and enables proactive measures against emerging attack vectors and streamlined compliance monitoring and reporting: Automating compliance monitoring and reporting within SIEM makes audits more efficient and accurate.

 

In conclusion, the integration of threat intelligence feeds into SIEM systems is a critical step in the automation of security event analysis. This combination improves the ability to detect and respond quickly to cyber threats, which is vital in today's constantly changing cybersecurity landscape.

Detect Malware Traffic with Threat Intelligence Feeds

The use of threat intelligence feeds to detect malware traffic, such as communication with Command and Control (C&C) servers, is a critical component of cybersecurity. These feeds provide essential information for combating cyber threats.

Analyzing Suspicious Traffic:

Threat intelligence feeds include data on network addresses used by known malware, such as IP addresses and domain names. By analyzing an organization's network traffic and comparing it with the information in the feeds, it's possible to identify traffic that may indicate malware activity. This includes unusual contacts to known malicious addresses or abnormal data traffic.

Identifying C&C Server Communications:

Communication with C&C servers is characteristic of many types of malware. Threat intelligence feeds help to detect and distinguish these communications from normal traffic. Identifying such traffic allows organizations to take proactive measures, such as blocking the traffic or isolating infected devices.

Countermeasures and Security Actions:

Once suspicious traffic is identified, organizations can implement security measures to combat malware. This may include filtering the traffic, sending alerts to cybersecurity teams, and cleaning infected devices. Continuous updates of threat intelligence feeds ensure that organizations stay informed about the latest threats and countermeasures.

In summary, the use of threat intelligence feeds is essential for detecting and countering malware traffic. These feeds provide valuable information that helps identify and prevent cyber threats, protecting organizations and their assets. Continuous monitoring and updates ensure that cybersecurity measures are effective and up-to-date.

Leverage Threat Intelligence to Update Cybersecurity Rules and Practices

As the world of cybersecurity continually evolves, staying ahead of emerging threats is crucial. This article discusses how threat intelligence can be pivotal in updating cybersecurity rules and practices to counter current threats effectively.

 

Real-Time Information and Response:

Modern threat intelligence feeds provide organizations with up-to-date information about new vulnerabilities and types of attacks. This enables swift response where cybersecurity rules are updated immediately to thwart these new threats. For instance, if a threat intelligence service detects a new malware spreading, organizations can promptly update their security protocols to prevent potential damage.

 

Customization and Focus:

By using threat intelligence, organizations can tailor their security measures to meet their specific needs. Different organizations face varied threats based on their industry, size, and the technologies they use. Threat intelligence allows them to identify and focus on the areas most critical to them.

 

Proactive Approach and Risk Management:

Analyzing threat intelligence for potential future threats allows organizations to develop strategies to counter them before they become problematic. This proactive approach not only saves time and resources in the long run but also enhances an organization's ability to defend against cyber-attacks.

 

In conclusion, the utilization of threat intelligence in updating cybersecurity rules and practices is essential for organizations to protect against current and future cyber threats. It provides the necessary tools for real-time response, customization, and proactive protection, ensuring that an organization's cybersecurity remains up-to-date and effective. Continuous updating of cybersecurity based on threat intelligence is not just a technical requirement but a strategic necessity in the ever-evolving world of cyber threats. It demands constant vigilance, adaptability, and commitment to enhancing cybersecurity, which is key to ensuring an organization's cyber resilience.

Utilize Threat Intelligence Feeds in the real-time detection and identification of potential threats, such as malware or data breaches

Threat intelligence feeds are a critical tool in cybersecurity, providing real-time information about potential threats, such as malware and data breaches. With their help, organizations can quickly identify and respond to new risks. This article focuses on how these feeds can be effectively used in threat detection and identification.

 

Integration and Automation of Threat Intelligence Feeds:

By integrating threat intelligence feeds into their security infrastructure, such as firewalls and intrusion detection systems, organizations can update rules and automatically detect and fend off threats. Moreover, automated analysis tools scan the data from the feeds in real-time, identifying harmful URLs, IP addresses, and file hashes that indicate compromise or attack.

 

Incident Response and Providing Context:

When a potential threat is identified, threat intelligence feeds provide essential context, such as information about the nature of the attack and possible impacts. This information is crucial for incident response teams, who need to understand the scope and methods of the attack for quick and effective response.

 

Challenges and Considerations:

While threat intelligence feeds are extremely useful, they bring challenges, such as managing the large volume of data and ensuring its relevance. This requires sophisticated filtering and prioritization mechanisms. Additionally, the quality of feeds can vary, and it's important to combine automatic analysis with expert interpretation.

 

In summary, threat intelligence feeds are key in the real-time observation and identification of threats, such as malware and data breaches. Their effective utilization requires integration, automation, and expert analysis. When these elements are combined, organizations can respond quickly and effectively to the growing number of cyber threats.

Monitoring and Identification of Malware with Threat Intelligence Feeds

Integrating threat intelligence feeds into your existing cybersecurity systems, they make your existing cybersecurity systems smarter in terms of what is malicious, thereby allowing you to gain greater benefits from your systems. Threat intelligence feeds are essential tools in monitoring and identifying the development of malware.

Monitoring Malware Development:

Threat intelligence feeds continuously track the evolution of malware. They collect information from various sources, such as malware analyses and cybercrime forums, providing updated information on new malware versions and mutations. This enables quick response to new threats and helps maintain your security posture.

Identifying Types of Malware:

Feeds utilize advanced analysis methods, such as machine learning and behavioral analysis, to identify types of malware. They can distinguish between different types of malware, such as trojans, ransomware, and worms, based on their behavior. This helps organizations to quickly identify and respond to various types of cyber threats.

Identifying Methods of Distribution:

Understanding how different malware spreads allows organizations to develop more effective protection measures. Feeds provide information about malware distribution channels, such as via email, websites, or social media. This information is crucial for understanding the unique characteristics of these channels and targeting protective measures accordingly.

In summary, threat intelligence feeds are essential tools for tracking the development of malware, categorizing it, and understanding its distribution methods. They offer valuable information that helps organizations stay one step ahead of cyber threats.

LEAN 365 – grab the cyber security tips of November

During November we shared a total of 8 cyber security tips in LinkedIn, Twitter and Instagram. Here is a compilation of the posts. Jump in together with Fitsec – and stay cyber safe!

193. Implement email authentication protocols like SPF (Sender Policy Framework), DKIM (DomainKeys Identified Mail), and DMARC (Domain-based Message Authentication, Reporting, and Conformance)

WHY?

This helps verify the legitimacy of email senders and prevent email spoofing


194. Modern browsers provide warnings about potentially malicious websites. Encourage users to heed these warnings.

WHY?

This can prevent them from proceeding to suspicious sites and getting malware infection


195. Avoid excessive data collection in your organization and regularly review the data being stored

WHY?

Organizations should only collect and retain the minimum amount of personal data necessary to fulfil their intended purposes and ensure it remains relevant and necessary


196. Be careful when using third-party driver updater tools

WHY?

Some of these tools can introduce security risks or install incorrect drivers


197. Consider using honeypots for threat intelligence

WHY?

This can help your security teams proactively discover threats and provide valuable insights into the attackers’ methods and motivations


198. Consider using an ad-blocker

WHY?

To prevent tracking of your online activities and enhance your privacy


199. In emails, use CC wisely, for example to protect the recipients from ending up getting too many emails or spam

WHY?

Many viruses and spam programs are nowadays able to sift through mail files and address books for email addresses


200. To check if your online accounts have been compromised, you can use the haveibeenpwned.com service

WHY?

Haveibeenpwned is a trustworthy service, and you can even setup constant monitoring to be alerted of new compromises related to your email account

LEAN 365 – grab the cyber security tips of October

During October we shared a total of 9 cyber security tips in LinkedIn, Twitter and Instagram. Here is a compilation of the posts. Jump in together with Fitsec – and stay cyber safe!

184. Remember to delete or deactivate all accounts of a person leaving the company right away

WHY? 

To prevent unauthorized access to your company systems by ex-employees

185. If possible, use Secure DNS over HTTPS (DoH)

WHY? 

To enhance privacy in your web browsing

186. Compare the transactions on your credit card bill to the purchases you’ve made. If you notice an unjustified charge, inform your credit card company right away.

WHY? 

It can be troublesome to resolve the issue later

187. Implement proper network segmentation and access controls

WHY? 

This can limit the potential impact of an attacker's access to the network)

188. Use email filtering solutions in your company

WHY? 

This helps to identify and block phishing emails and malicious attachments before they reach users' inboxes

189. Monitor the traffic in your company’s information networks for unusual or suspicious activities

WHY?

This helps to respond to incidents effectively when the attacker’s actions are noticed in time

190. If you have control over your BGP routing, consider using BGP Flowspec

WHY?

This helps to dynamically update routing policies during a possible attack

191. Use WAFs (Web Application Firewalls) for your public facing services

WHY?

To help filter out malicious traffic and requests

192. Use URL analysis tools or sandboxes to scan URLs embedded in emails and identify potentially malicious websites

WHY?

These tools can help detect and block phishing links and other malicious links

LEAN 365 – grab the cyber security tips of September

During September we shared a total of 9 cyber security tips in LinkedIn, Twitter and Instagram. Here is a compilation of the posts. Jump in together with Fitsec – and stay cyber safe!

175. Restrict the installation of software to authorized personnel

WHY? 

This reduces the risk of malicious software installations

176. Implement role-based access control

WHY? 

This restricts employee access to sensitive data and systems based on their job roles

177. Keep your apps up to date

WHY? 

Developers often release updates to patch security vulnerabilities and improve performance

178. Be wary of apps that request excessive permissions

WHY? 

Some apps request access to sensitive data or device features (e.g., camera, microphone, location). Make sure the permissions align with the app's functionality.

179. Regularly back up your mobile device too 

WHY? 

This can help to safeguard your data in case of loss or theft

180. Use secure instant messaging apps that support end-to-end encryption like Signal or Wire

WHY?

This ensures data integrity, security, privacy, and confidentiality in your communications

181. Protect the information related to your company's personnel, salaries, products, and sales

WHY?

A leak of confidential information can bring down an entire company

182. When dealing with visitors in your company, verify who you are dealing with by asking to see an ID card

WHY?

To prevent unauthorised access to your company’s premises

183. Join your local CERT authority mailing list for vulnerability alerts and other information

WHY?

To stay informed about the latest warnings of security vulnerabilities and events

LEAN 365 – grab the cyber security tips of August

During August we shared a total of 9 cyber security tips in LinkedIn, Twitter and Instagram. Here is a compilation of the posts. Jump in together with Fitsec – and stay cyber safe!

166. Don't use public computers like library computers for handling sensitive information

WHY? 

You can never be sure that the computer has not been compromised

167. Consider different backup storage options based on your needs and create a backup schedule

WHY? 

Regular backups are recommended to ensure the most up-to-date copies of your data

168. Guard your company premises carefully for example with guards, locks, and alarms

WHY? 

Physical weaknesses in infrastructures can be exploited. For example, to gain unauthorized physical access to servers or workstations.

169. Use backup software or built-in tools

WHY? 

Backup software can automate the backup process, making it easier and more efficient. Alternatively, your operating system may have built-in backup utilities, such as Windows Backup and Time Machine on macOS.

170. When creating software, check your code thoroughly for common errors like poor input validation, insecure data storage, or lack of proper error handling. A third-party audit of your software before release can be helpful.

WHY? 

Mistakes made during the software development process can lead to vulnerabilities 

171. Encrypt your backups 

WHY? 

If your files contain sensitive or confidential information, consider encrypting your backups. Encryption adds an extra layer of security to protect your data in case of unauthorized access to the backup storage.

172. Conduct regular security audits and assessments

WHY?

This helps organizations identify vulnerabilities and weaknesses in their environment and proactively address these potential risks before they are exploited by an attacker

173. Test your backups

WHY?

It's crucial to periodically test your backups to ensure they are functioning correctly. Attempt a restore process to confirm that your files can be successfully retrieved from the backup.

174. Implement redundancy by using backup systems, duplicate hardware, and failover mechanisms

WHY?

This way you can ensure continuity of service during disruptions

LEAN 365 – grab the cyber security tips of July

During July we shared a total of 8 cyber security tips in LinkedIn, Twitter and Instagram. Here is a compilation of the posts. Jump in together with Fitsec – and stay cyber safe!

158. Before clicking a link in an email message, you can hover your mouse over it to see the actual destination of the link

WHY? 

This can be used to identify potentially malicious links. For example, if the link text has a domain that differs from the actual link destination.

159. Don't buy cheap, no-name security cameras or other security devices

WHY? 

In addition to the old saying “buy cheap, buy twice”, cheap security devices often contain vulnerabilities and are not maintained by the manufacturer

160. On any devices that support it, make sure your screen automatically turns off and logs you out/locks itself when not in use

WHY? 

In case you forget to lock your device when leaving it unattended, your device locks itself and helps prevent unauthorized access to your device 

161. Don’t upload sensitive files to cloud services

WHY? 

Usually, the risk of an attacker gaining access to your account and sensitive files via cloud services is greater than an attacker gaining access to your local machine

162. Be careful with browser extensions 

WHY? 

Browser extensions can be malicious. If you haven’t heard of an extension or a website wants you to download one, you should be cautious. 

163. Periodically, check if your router still gets updates from your provider’s support page

WHY? 

If you are using a router that doesn’t get updates, it means it will not get the latest security updates and might leave you vulnerable for attacks

164. Don’t buy used USB drives or other storage devices

WHY? 

They might contain malicious files

165. Look out for social engineering. Do not trust just anyone and be suspicious if someone asks “too many questions” about your company.

WHY?

It is a technique that involves manipulating individuals to divulge confidential information or perform certain actions. It could be through impersonation, building trust, or manipulating emotions.

LEAN 365 – grab the cyber security tips of June

During June we shared a total of 7 cyber security tips in LinkedIn, Twitter and Instagram. 
Here is a compilation of the posts. Jump in together with Fitsec – and stay cyber safe!

151. If you must download a file from an email, scan it for viruses

WHY? 

Even trustworthy emails might contain viruses, it’s better to be safe than sorry

152. If you are an EU citizen you can ask companies to remove your data

WHY? 

In the EU, GDPR (General Data Protection Regulation) enforces the company to remove data when asked even if the company is not situated in Europe

153. Check email messages from unknown senders for grammar errors

WHY? 

If the message is full of grammar errors, it’s most likely a scam

154.  Don’t trust online converter websites (image, pdf etc.)

WHY? 

Even if these sites claim they won’t save your files, you have no way of verifying this is true. It’s best not to use them. These types of sites can also be used to infect your device with malware.

155. Consider enabling the ‘find my device’ -functionality on Android or Apple devices

WHY? 

If your device is stolen, you can use the find my device functionality to locate your device and remotely erase the data on your device to prevent your data from falling into the wrong hands

156. Make sure your important accounts have an up-to-date recovery phone number or alternative contact method

WHY? 

If your account is hijacked or compromised, having a recovery phone number or another email address makes it easier to get your account back. This can also make it harder for the attacker to change your credentials without access to your phone or other email.

157. Check your browser's privacy and security settings

WHY? 

Some settings like sending data for analytics might be enabled by default. For your privacy, it’s better to turn off settings that allow data gathering and sending.

LEAN 365 – grab the cyber security tips of May

During May we shared a total of 30 cyber security tips in LinkedIn, Twitter and Instagram.
Here is a compilation of the posts. Jump in together with Fitsec – and stay cyber safe!

121. When changing sim cards, always destroy the old one

WHY?

Old sim cards may hold some information like phone numbers and even some text messages

122. Clear your browser history from time to time

WHY? 

Your browser history and cookies are valuable information to an attacker. This information can be used to build a profile of you for future attacks against you.

123. Turn on memory integrity from your Windows settings

WHY? 

The memory integrity feature prevents malicious code being injected into high-security processes on your computer 

124. When traveling, keep your devices/valuables in the hotel room safe when not in use

WHY? 

If someone breaks in or has access to your hotel room, you have at least some protection against the theft of your devices

125. Do not enable automatic login on your device

WHY? 

If someone steals your device, they have instant access to all your data

126. Make sure the electric chip is broken to pieces from old debit/credit cards

WHY? 

If the electric chip is intact, someone might be able to get something out from it

127. Before disposing of delivery packages, make sure to get rid of any sensitive information on them

WHY? 

Someone could get your personal information from the package and use it for malicious intent

128. Be careful of malicious text messages and never click links in text messages

WHY? 

Text messages are often used for phishing attacks and clicking a link can get you compromised

129. If an account of yours is compromised, change the password immediately

WHY? 

It helps prevent the hacker from accessing your account again if they log off and, in some cases, logs the hacker out

130. Make sure your LinkedIn account is connected to your mobile device

WHY? 

Doing this will ensure you can easily reset/change your password and enable two factor authentication 

131. If the buttons, screen or info labels on an ATM/cash machine look misaligned or out of place, don’t use the ATM

WHY? 

There is a good chance that the ATM has been tampered with and can be used to steal your card information

132. When buying used devices, always perform a factory reset of the device

WHY? 

You never know what has been left on the device by the previous owner. It is not uncommon to find malware on used devices.

133. Don't use end of life operating systems like Windows 7 (end of life: "a product that is outdated or unsupported by the manufacturer")

WHY? 

End of life operating systems/products will not get important security updates and will leave you seriously vulnerable to attacks

134. Don't trust online quizzes

WHY? 

Online quizzes often have terms and conditions to allow them to sell your data to third parties. Even when you do not give any information, they can gather your IP-address, location, and possibly profile information if you’re logged in to social media services

135. Don't blindly trust caller ID’s or phone numbers

WHY? 

Spoofing phone numbers to scam or trick people is common. If something seems off, hang up and visit the website of the organization that is supposedly calling you and call them back on their officially listed number.

136. There are encrypted USB drives available for purchase, so consider buying them instead

WHY? 

The encryption will make it difficult for attackers to access the information on the drive if you happen to lose it or it is stolen

137. If your computer or device is stolen, change all passwords to any accounts you have

WHY?

If your device contains your passwords, they can be compromised

138. If you're suspicious of a website, for any reason, simply don't use it

WHY? 

Being suspicious is reason enough to not use it, better safe than sorry as the saying goes

139. If you live in Europe, choose a cloud provider that complies with GDPR

WHY? 

Generally, GDPR compliance ensures that your data will be handled properly and can be deleted upon request

140. Use a DNS filtering service that blocks known malicious websites

WHY? 

It helps with blocking malicious websites and known scam websites, keeping you safer on the internet

141. Disable notification content on your phone’s lock screen

WHY? 

To prevent others from viewing your sensitive information when your device is locked

142. Periodically check if your desktop machine has additional unknown devices attached to it

WHY? 

Unknown cables or peripherals can pose a risk to your system’s security. This type of technique has been used by bad actors in the past.

143. If you've been hacked, consider professional help

WHY? 

Going to a professional to aid you in this situation is far better than trying to fix it yourself. With professional help, the situation can be resolved faster, and the damages can be minimized or contained.

144. Don't use any personal information like your name, birth date, or phone number in your usernames

WHY? 

This can make it easier to gain or link sensitive and private information about you

145. If you see messages being sent from your email account that you didn't send, run a virus scan and change all your passwords immediately

WHY? 

This is often a sign that you have been compromised in some way. A quick response can minimize the damage.

146. Always follow the instruction/installation manual when installing a new device

WHY? 

It will give you a step-by-step guide to installing it correctly and safely, for example: many devices have security suggestions in the manual

147. Don't download apps from third-party sites

WHY? 

Apps from third-party sites have a greater probability of being malicious

148. If your virus protection puts something in quarantine, just leave it there if you don't know what you're doing

WHY? 

The virus protection put it there for a reason, it could be malicious or just suspicious, either way its best to leave it untouched

149. Don't trust online password checkers or generators, instead, make your own passwords

WHY? 

You have no way of verifying what the website is doing with the checked/generated password. To be safe, it’s better not to use these websites at all.

150. If you get an email stating that you have been “hacked”, and the sender demands payment, ignore it.

WHY? 

In most cases, this is a scam and used to extort money from you

LEAN 365 – grab the cyber security tips of April

During April we shared a total of 30 cyber security tips in LinkedIn, Twitter and Instagram.
Here is a compilation of the posts. Jump in together with Fitsec – and stay cyber safe!

91. It’s a good idea to password protect personal documents containing sensitive data

WHY? 

Even if your device is compromised, the data in these documents will be harder to access

92. Before giving away your phone, do a factory reset

WHY? 

A factory reset erases all your information from the device

93. Don’t use your car’s audio system for sensitive phone calls

WHY? 

In most cases the audio can easily be heard outside the car 

94. Never connect your own device to your organization’s network without approval

WHY? 

Your device may compromise the safety of the network and your company

95. Disable auto filling your account details on any websites

WHY? 

If your device is compromised, the attacker will automatically have access to your accounts

96. Beware of scams during major holidays

WHY? 

It’s common to offer “special deals” during major holidays, make sure that the offers are legitimate

97. On Windows machines, make sure Autorun/Autoplay features for media are turned off

WHY? 

It prevents external media infected with malicious code from being automatically executed

98. Make sure your Wi-Fi has strong password protection

WHY? 

Having a weak password on your Wi-Fi network makes it easier to attack

99. Install apps on your phone only from official sources (Google Play, Apple Store etc.)

WHY? 

Apps from official sources have been verified and are usually safe

100. If your printer supports secure printing, use it

WHY? 

Secure printing requires you to be present at the printer, thus making sure that no one can see your documents

101. Don't use passwords that contain your personal information, like date of birth

WHY? 

This makes your password easier to guess and your account more vulnerable

102. Don’t share your property information on the internet

WHY? 

Sharing your cabins etc. location or other information is not recommended and can lead to theft of your property etc.

103. Use a credit card for online purchases

WHY? 

If you get scammed, you can dispute the charge and get your money back

104. Don’t use admin account for everyday tasks

WHY? 

Using a regular user account will give less privileges to a possible attacker

105. Don't store sensitive data in the cloud; keep it entirely disconnected from the web

WHY? 

Keeping your sensitive data offline and requiring physical access keeps your data safe

106. If your device has a webcam, use a privacy cover. A piece of tape works just fine.

WHY? 

On some occasions, the webcam may be activated without an indicator light

107. Only connect with people you know on LinkedIn

WHY? 

In addition to giving more information about yourself to strangers, criminals have been known to use this extra information to attack other people as well

108. Exercise your right to be forgotten

WHY? 

Online services and companies in general, may otherwise retain your data indefinitely

109. Shred your old bank and credit cards

WHY? 

This makes them unusable, and it is near impossible to gather any data from a well shred card

110. You should turn off Windows timeline from privacy settings

WHY? 

The Windows timeline/activity history has to keep a lot of information about you to work and sends this information to Microsoft by default, turning it off is an easy way to gain more privacy

111. When taking a screenshot on your device, always double-check the picture before sharing

WHY? 

Using a regular user account will give less privileges to a possible attacker

112. Don’t trust any popups on websites that claim you have malware and prompt you to download an antivirus or call a number

WHY? 

This is a common method to get you to download malicious software on your device

113. Think twice before trusting free apps

WHY? 

Non-governmental free apps often make their money by selling personal data. Avoid giving any permissions related to data access if a free app asks for it

114. Never access your email or accounts on a device that you don’t own

WHY? 

It helps to prevent account hijacking and prevents leaking your information to a third party

115. Try to read news about new cyber attacks/scams

WHY? 

This might inform you of new ways hackers could be attacking you and help to keep you safe

116. Disable background webapps from your browser settings

WHY? 

Some apps might keep running even when you close your browser. This setting prevents them from doing so.

117. Be careful when taking or sharing workplace photos

WHY? 

There might be something in the background that could reveal/leak information that is private

118. If you are an EU citizen you have the right to ask for all the data that a company has about you

WHY? 

European union GDPR (General Data Protection Regulation) states that a person must get a copy of the data about them when asked

119. Periodically check which devices are logged into your account if the service has such an option

WHY? 

If there is a new device that you don't recognize, your account may have been compromised

120. Make sure your phone is always locked when you are not using it

WHY? 

It helps to protect your data in case your phone gets stolen

LEAN 365 – grab the cyber security tips of March

During March we shared a total of 31 cyber security tips in LinkedIn, Twitter and Instagram. Here is a compilation of the posts. Jump in together with Fitsec – and stay cyber safe!

60. You should have remote data wiping/factory reset enabled on your mobile device

WHY?

If you lose it or it gets stolen, you can wipe all information from your phone to prevent unauthorized access to your data

61. Never share your PIN code or password to anyone

WHY?

You have no way of knowing who can ultimately get access to your password. Passwords and PIN codes are sensitive information and should be protected.

62. If you make a mistake and open a phishing email or suspicious attachment, don’t hesitate to notify your IT/security team immediately

WHY?

A quick response to an incident may prevent any damages or at least minimize the impact on your organization

63. Make sure your employees only have access to assets that they need

WHY?

Giving your employees unnecessary access will cause more damage if they are compromised

64. Prefer your phone’s hotspot over public Wi-Fi

WHY?

Using your own hotspot is more secure than public Wi-Fi 

65. Make sure your desk is clean and doesn’t have sensitive documents on it when you are not present

WHY?

You never know who can have access to the documents 

66. Deny location sharing by default

WHY?

There is rarely a good reason for services to access your location. Limiting the amount of information you share is always a good idea. 

67. Think twice about what information you share about yourself when creating a new profile to some new service

WHY?

Some services may enable unauthorized third parties to collect this information about you

68. Keep in mind that any operating system can be infected by malware

WHY?

A common mistake is to assume that only Windows based systems are targeted by malware

69. Avoid public phone charging stations

WHY?

Malicious actors have been known to target public charging stations to infect your device

70. Before disposal, shred documents that contain personal information

WHY?

An unauthorized third party with malicious intent could get hold of your personal data and use it to harm you in numerous ways

71. Factory resetting a mobile device usually removes active malware on the device

WHY?

Most malware do not persist after a factory reset

72. Beware of marketplace scams. Never send money upfront when dealing with second-hand goods

WHY?

There are plenty of scams in used item marketplaces that take advantage of an unsuspecting buyer

73. You should use full disk encryption on your computer

WHY?

If your computer is stolen, your data is protected

74. Separate your work accounts from private ones

WHY? 

Using your work accounts for personal activities may endanger your organization’s security and may also result in losing access to your private accounts if they are tied to your work email for example 

75. Report phishing emails or other suspicious emails to your helpdesk/security team 

WHY? 

Reporting phishing emails helps protect your organization

76. Do not leave your personal belongings in plain sight in your car 

WHY? 

Your car will be more likely to be targeted by criminals 

77. SMS is not a secure messaging service

WHY?

There are multiple methods to capture SMS messages

78. Keep your devices turned off when not using them

WHY? 

There are many benefits to this, for example, when your device is turned off it is safe from network-based threats

79. Check your bank transactions regularly

WHY? 

This may show if somebody has access to your accounts

80. Don’t use actual personal information when answering security questions

WHY? 

If the answers to security questions have nothing to do with you, it will be more difficult for an attacker to guess them

81. Disable NFC on your device when not using it

WHY? 

NFC allows your phone to transfer data if it touches another NFC device

82. Always remember to logout of your accounts when you’re done

WHY? 

It’s simply a good practice that keeps you safer

83. If you’re connecting to a public Wi-Fi, make sure it’s the right one

WHY?  

It’s a common attack method to have a similar name to the actual Wi-Fi and use that to steal your information (for example: Starbucks-wifi vs Starbucks_WIFI etc.)

84. Remember to update the firmware of your devices periodically

WHY? 

Updating the firmware of your devices helps to keep them secure

85. Does your fridge or washing machine etc. really need an internet connection?

WHY? 

IOT devices often suffer from multiple vulnerabilities and may compromise your network

86. Do not share photos of your keys 

WHY? 

Certain types of keys can be cloned with just a photo of the key

87. Do not use public printers to print sensitive documents 

WHY? 

Some printers may save a copy of the file on an internal drive

88. When shopping online, search for reviews of the website before you place an order

WHY? 

Reading the reviews can tell you if the site can be trusted

89. Use encrypted email for exchanging sensitive data

WHY? 

Regular email is not encrypted by default

90. Disable auto connecting to Wi-Fi networks

WHY? 

Your device might automatically connect to a Wi-Fi that is pretending to be the intended Wi-Fi. This attack is called the Evil Twin attack.

LEAN 365 – grab the cyber security tips of February

During February we shared a total of 28 cyber security tips in LinkedIn, Twitter and Instagram. Here is a compilation of the posts. Jump in together with Fitsec – and stay cyber safe!

32. Be cautious of who might see your computer screen when travelling or working in public. To help with this, use a privacy screen protector.

WHY?

All information is worth something to someone if the person seeing it has bad intentions

33. Protect yourself from phishing: Use common sense and do not open suspicious emails, always doubt!

WHY?

Someone can try to pose as an authoritative or well-known entity and exploit this to obtain information that can be used to steal money or cause other harm

34. From time to time clear your cookie cache in your browser settings

WHY?

Over time, cookies accumulate a wealth of information and can be used to for example track your browsing history and personal data

35. Always question messages that prompt you to act urgently - if you are not completely sure of the legitimacy of the sender and/or the message content, double check the legitimacy directly with the person supposedly contacting you (for example in person or by phone)

WHY?

Often scams tend to rely on conveying urgency, which leads to mistakes being made. You can never be too careful.

36. More sensitive activities like online banking should be avoided on devices that you don’t own

WHY?

You can’t be sure what software is installed on the device and your information may be compromised as a result

37. Always follow your organization's information security guidelines

WHY?

When all personnel work together as agreed it is easier to keep your organization secure

38. Use good judgement and common sense when downloading files from the internet. It is a good idea to scan the downloaded file with your antivirus product.

WHY?

There is an increased risk of malicious code being run on your computer when opening files downloaded from the internet

39. The best place to store your passwords is in your own memory: use memorable passphrases to help with this

WHY?

It is simply the safest solution

40. Keep your backups in a safe place, like in a trustworthy cloud service or a safe

WHY?

Without backups, you might lose some important information for good

41. Be careful not to reveal your personal identity information to anyone. Carefully destroy all the material containing this kind of information when you don’t need it anymore.

WHY?

Identity theft can lead to any number of problems for you. Your identity could for example be used to take loans in your name and you will be responsible for them.

42. Remember to read the reviews before trying a new app: If there are many complaints about its functionality or if every review is praising the app, carefully consider before using it

WHY?

Malicious apps are not that uncommon and are frequently found on legitimate marketplaces (google play, apple app store etc.). Creators of these apps can also source fake reviews of their apps to entice new users to download them.

43. It is a good idea to use incognito mode/private window when browsing the web on public/shared computers

WHY?

It prevents the next person using the same computer from accessing your browsing history and information related to it

44. Memorize or write down your bank’s deactivation service number

WHY?

In case your credit card is lost, or your bank account is compromised, you can quickly call to lock it

45. Delete unused accounts

WHY?

They could still contain sensitive data and you wouldn't even notice if they are compromised

46. Buy devices from known manufacturers

WHY? 

Off-brand devices generally have more security flaws and are not usually kept up to date

47. Always use a VPN when you are connected to a public Wi-Fi network

WHY? 

Unsecure public networks might give an attacker access to your sensitive data

48. Don’t plug in unknown USB devices to your computer

WHY? 

Unknown USB devices may harm your computer

49. Do not leave data protection material lying around unattended. The material should always be stored in the places designated for them, e.g. in a safe, fire safety cabinet or in a locked box/cabinet, depending on the sensitivity of the material.

WHY?

Because you can't be sure who has access to them otherwise

50. Take advantage of password managers, they generate unique and strong passwords and keep them safe

WHY? 

This makes it easier for you, so you don’t have to remember all of them

51. Don’t use auto login features. Always have some form of login authentication on your devices.

WHY? 

If your device is stolen and does not have a password/pin code, the thief will have immediate access to your device

52. Remove or destroy the hard drive from broken devices before disposal

WHY? 

You have no way of knowing where your device is going to end up after disposal. Even fully broken devices might have data left on the hard drive.

53. Remember that if something seems too good to be true it probably is

WHY? 

Many scams try to lure you with amazing prizes and offers

54. If you need technical support, use the official website of the vendor/manufacturer

WHY? 

A common scam is to target users of popular software and devices via fake support websites

55. Purchase tickets to events from official ticket vendor websites

WHY?  

Criminals often create fake websites and target consumers looking for deals. These websites steal your payment information and personal details.

56. If you are not using a password manager, update your passwords frequently. It is recommended to change passwords every 90 days.

WHY? 

If a service you use is compromised, there is a better chance of your account being safe

57. Don’t google search your own bank or other sensitive services. Type the URL directly in the search bar.

WHY? 

Criminals often target these types of services by advertising fake websites that look just like the real ones. These fake websites are then used to capture your login details and personal information.

58. Be mindful of what you put out on the internet 

WHY? 

What you put on the internet will stay there forever

59. Avoid software that is not supported or updated anymore

WHY? 

Unsupported/older software won't be updated with the latest security patches and could be vulnerable. This can ultimately lead to your device being compromised.

LEAN 365 – grab the cyber security tips of January

During January we shared a total of 31 cyber security tips in LinkedIn, Twitter and Instagram. Here is a compilation of the posts. Jump in together with Fitsec – and stay cyber safe!

1. Do not give any sensitive information over the phone

WHY?

Someone might be spying

2. If possible, use multi-factor authentication for all services

WHY?

To ensure that you and only you have access to your account


3. When you stop using your phone and sell it or give it away, make sure to do a factory reset and remove all attached cards (sim and memory cards).

WHY?

Otherwise, someone else might get access to your information

4. Do your employees have a direct channel to report security incidents or risks? Has the channel been announced to all employees?

WHY?

When using an easy and direct reporting channel, the ability to quickly react to security incidents improves substantially.

5. Always dispose of all physical (paper) data protection material properly - by burning, shredding or using a data security bin.

WHY?

To prevent sensitive material ending up in the wrong hands

6. Make sure your VPN is always on when you are working outside the company premises

WHY?

Public networks cannot always be considered safe

7. Before giving away (for destruction), overwrite your computer hard drives 3 times

WHY?

To ensure that no one can restore your information

8. Only use your work email for work matters

WHY?

Using your work email for personal communications might endanger your organization's cybersecurity

9. If an email contains a link, do not click on it or copy it, but write the address in the address bar of the browser itself. (EVEN IF the sender seems trustworthy!)

WHY?

Otherwise, you cannot be sure where the link leads

10. Use passphrases, not passwords

WHY?

Because they are easier to remember, but harder to guess or crack

11. If you notice any concerns or shortcomings in the security practices of your organization, make sure to report it to your supervisor.

WHY?

Shared responsibility helps minimize risks

12. Use numbers and special characters in passphrases

WHY?

To make them harder to crack or guess

13. When receiving an email, check the sender’s email address

WHY?

Do not trust just the name, also check the email address and be certain of who you’re dealing with

14. Remember to take backups regularly

WHY?

This way you can make sure your information is saved, even if something happens to your device

15. Do not open attachments from unknown senders

WHY?

You cannot be sure, what the attachment contains and it could be malicious

16. Do not give your login information to anyone

WHY?

Because it is always possible that they end up in the wrong hands

17. Remember to always lock your computer when you leave your desk

WHY?

So that no one can access your information or do anything malicious while you are away

18. 3-2-1 -method: Always keep at least 3 copies of your data: 2 on different devices and 1 in a separate service.

WHY?

If one place with your data would be destroyed, you still have two copies intact

19. Keep your device and software updated to the newest version with the latest security updates

WHY?

Regular updates ensure you are prepared for the newest cybersecurity threats in the best possible way

20. The ideal length of passwords should be at least 14 characters – containing both upper and lower case letters + numbers and special characters.

WHY?

To make them harder to crack or guess

21. Dispose of electronic data protection material as carefully as physical material - the file itself should be overwritten 3 times. 

WHY? 

Because just deleting the file does not ensure that it cannot be restored

22. Use a safe way to share files, like a trustworthy cloud service with sufficient encryption

WHY?

For example emails with attachments might end up in the posession of third parties

23. Use your work computer only for tasks related to your work, not for your personal activities

WHY?

Your personal activities may result in infecting your work computer with malware, and possibly your organization overall

24. It is not a good idea to share your travel plans and current location on social media posts

WHY?

These types of posts let criminals know you are not at home and have been used to commit burglaries

25. Think twice about what you post on social media and who can view your post 

WHY?

You may end up sharing potentially sensitive information to unwanted third parties

26. Make sure to continuously educate your employees about the latest cybersecurity threats

WHY?

Keeping your employees up to date with current threats helps to strengthen your defences

27. You should consider using automatic data backups. They are usually a built-in, optional feature on your device.

WHY?

Because it saves time and increases the reliability of your backups

28. Do not use the same password in many places

WHY?

If someone gains access to your login info, only one of your accounts is compromised

29. Do not download illegal copies of software or other media, no matter how harmless it seems

WHY?

They often contain malware and your device along with your information will be compromised

30. Notify your company's information security officer of any anomalies, for example, where you see information on the company's network that you shouldn't actually see.

WHY?

Cybersecurity is a collective effort and individual observations can help strengthen your security posture

31. Always change the default credentials after receiving a new device with pre-set credentials

WHY?

Because attackers can easily find/guess the default credentials and compromise your device

Make cyber security LEAN in 365 days

 

Tips: CSIRW | Connectivity & applications