The Security Measures Professionals Use To Prevent Being Attacked

Uploaded on 2023-10-30 in TECHNOLOGY--Resilience, FREE TO VIEW

Among cyber security experts, there are professionals who are more or less meticulous about their own security in the technological field. What seems clear is that a deeper understanding of the consequences of an action also leads them to be more aware of the dangers they may run and to take certain precautions. 

The human factor continues to be one of the entry vectors for cyber attacks on companies. Cyber security awareness also remains a pending subject for everyone, although users are increasingly aware of the dangers of the digital world and try to avoid them within their means. 

Safety Basics

There are several basic day-to-day protective measures used be cybersecurity experts:  

  • Authenticate, whenever the system allows it, with double authentication factor.  
  • Save credentials in password managers (never in the browser or elsewhere).
  • Encrypt the hard disk of all your computers.
  • Encrypt any item that is uploaded to the cloud (although it is not recommended to use this tool).
  • Use GPG (a system for encrypting files) for sensitive information transmitted by e-mail.
  • Use virtual machines and do not perform analysis on your own system.  
  • Always use a VPN.

An Old-Fashioned Telephone?

Although it is not the norm, in the world of hacking there are those who do not use smartphones, but prefer to use for old classic terminals. They are aware that in our pocket we not only carry a phone, but also a microphone, a database, a photo album that is updated every day, a camera that could be activated without the user's permission... Avoiding such exposure is essential for many even although it is not uncommon for anyone working in cyber security to have a smart phone in their hands.  

Reliable E-Mail 

Although it is no longer common for a hacker to set up his own email server, these types of professionals tend to value those platforms known to be more secure than the usual ones, especially recommended for sending personal documents, communicating with public entities or managing banking. 

They rely on anonymized services such as Protonmail or Tutanota. "They are technologies with a higher degree of confidentiality than those provided by larger companies, which offer private mail service without advertising, without automatic scanning of content. Of course, it is necessary to exercise trust, since 100% security does not exist, you always run some risk," explains Gonzalo Sánchez Delgado, Hacking Service Manager at Entelgy Innotec Security.

Instant Messaging On Another Level

Regarding social networks and instant messaging applications, as a general rule, security experts also tend to use the usual ones for the most trivial aspects.  "If you need to deal with something more private, you use alternatives such as Signal or private Discord servers... For normal conversations, encryption is widely used, although we know that nothing is completely secure," Delgado advises. 

Maintaining Anonymity

Iit is becoming increasingly common for cybersecurity experts to avoid uploading their own images to social networks and, if they do, they tend to cover their faces. "Because you don't know where something you share online is going to end up and you don't know how it's going to be used, especially with the evolution of generative Artificial Intelligence, this is being nipped in the bud," Delagado explains. 

Watermarks on Sensitive Documents

Have you ever wondered what might happen to the private information you have sent to an official entity when it suffers a cyberattack? Although it is not advisable to send sensitive information electronically, if it is mandatory to, for example, activate a service in a company, cyber security experts recommend using watermarks on documents to specify where they can be used and where not. This means, for example, specifying on a DNI that it can only be used for a specific purpose. "This way, if tomorrow your ID falls into the wrong hands and people try to register new services with it, it should not be able to be used," explains the Entelgy Innotec Security professional. 

Dedicated Computers & Routers For Different Uses

The vast majority of cyber security experts use one device for very private tasks (accessing online banking, handling crypto-currencies) and a different one for surfing the Internet, watching series. "Although in general the sector has relaxed a bit, we are not so paranoid, we now maintain a thread of connection with the outside," Delgado says.

Many of these professionals do not use the router provided by their Internet provider but have their own router secured so that no one can access their WiFi easily.

Under The Cloud 

"Having your most personal files in the cloud, such as your ID card, your photos or your tax return, is very unusual; people shy away from it. In the sector, having control of personal information is highly valued, and that means having custody of that information yourself" Delgado says. In this sense, few people use cloud-based photography platforms - which we all have almost by default on our cell phones.

Nothing Intelligent

Expert users also move away from all technology considered smart, such as speakers that listen to and record your voice and other household appliances or wearables that keep an almost complete record of a person's day-to-day life. "In all this technology, the problem of improper access to the information collected or directly a misuse of it, is known after some time, when little can be done... This is how we have learned of the biggest privacy scandals on the Internet months and even years later. For this reason, it is better to be cautious and avoid voice recordings or the general collection of information of any kind” Delgado says.

Parental Controls

Cyber security also involves children's devices. "I am not in favor of keeping children away from technology, but of educating them in its conscious use" explains Delgado. 

Among industry peers he says he sees how minors can have a console or tablet with parental controls and configured so that they can't make purchases, that no one can contact them. "Especially we know that the devices they use are not at all reliable, they can be easily compromised, so they are not used for other more important matters. Those tablets or smartphones are considered exclusively gaming devices."

Image: nattanan23

You Might Also Read: 

Critical Cyber Security Tips For Home & Family:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

 

« Finland Faces The Online Threat From Russia
Cyber Risk & Ransomware In 2023 »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Radiant Logic

Radiant Logic

Radiant Logic is a market-leading provider of federated identity solutions based on virtualization, and delivers simple, logical, and standards-based access to all identities within an organization.

British Insurance Brokers’ Association (BIBA)

British Insurance Brokers’ Association (BIBA)

BIBA is the UK’s leading general insurance intermediary organisation. Use the ‘Find Insurance‘ section of the BIBA website to find providers of cyber risk insurance in the UK.

Alan Turing Institute

Alan Turing Institute

Alan Turing Institute is the UK national institute for data science. A major focus is Big Data analysis with applications including cyber security.

Security Brokers

Security Brokers

Security Brokers focus services and solutions with a focus on strategic ICT Security and Cyber Defense issues.

Six Degrees

Six Degrees

Six Degrees is a leading secure, integrated cloud services provider. We protect UK organisations and help them thrive in the cloud by giving them secure platforms to innovate and grow.

Wüpper Management Consulting (WMC)

Wüpper Management Consulting (WMC)

Specialized in compliance, risk management and holistic information security WMC GmbH has longtime implementation experience in global projects.

National Cyber Security Agency (NACSA) - Malaysia

National Cyber Security Agency (NACSA) - Malaysia

NACSA is the leading government agency in Malaysia responsible for the development and implementation of national cyber security management policie and strategies.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Blockchain R&D Hub

Blockchain R&D Hub

Blockchain R&D Hub's mission is to serve the needs of blockchain ecosystem as the center of excellence for technology research and development.

swIDCH

swIDCH

swIDch is a technology company that aims to eliminate CNP (card not present) Fraud.

Aigner Business Solutions

Aigner Business Solutions

Aigner Business Solutions GmbH is a specialist in IT-Security and Data Protection. Concise and focussed.

Query.ai

Query.ai

At Query.AI, we are committed to helping companies unlock the power of their security data, so they are empowered to meet security investigation and response goals while simultaneously reducing costs.

Dataprise

Dataprise

Dataprise is a leading IT managed services provider offering IT Management and Help Desk Support Services, Cloud Services, Information Security Solution, IT Strategy and Consulting.

Center for Information Security Awareness (CFISA)

Center for Information Security Awareness (CFISA)

CFISA was formed by a group of academics, security and fraud experts to explore ways to increase security awareness among audiences, including consumers, employees, businesses and law enforcement.

SixMap

SixMap

SixMap is a continuous threat exposure management platform that automatically provides comprehensive enterprise visibility, contextual threat intelligence, and a suite of remediation actions.

ReformIT

ReformIT

ReformIT is a Managed IT Service and Security provider with many years experience helping companies find the right IT solutions to meet the needs of their businesses.