Just a little no one!

 

How much of a no-one are you really?

If a hacker looked for you on the internet, what would they find, Nothing? Is there absolutely nothing about the lifestyle you live, the cars you drive, the vacations you go to, or anything that suggests you might have some money? What about the company you work for? If they looked for employees that work at the company, will your name not appear? If a hacker wanted to target your company, will they overlook you? How sure are you?
Anyone with access to the internet, using a computer, phone, or tablet to browse the internet, download apps, play online games, play games, even WhatsApp, I know you might think that’s just a little internet that might not harm you or your computer. Anyone at all in the cyber world is somebody that can get hacked without the hacker feeling like you are a waste of time. I mentioned your personal life and your corporate life. I will explain the risk.

1. Your personal life.

Say a hacker got access to your Google account, right now, how many documents have you sent out to whomever you needed to send them to? Your Google mailbox or Drive is full of your documents. Your id documents, tax number, or even employment contracts at your current employer because you didn’t want your new employer communicating with you via your previous company’s work email, which makes perfect sense. There are documents you put in your cloud drive for better convenience when you need them, your contacts’ information. Proof of address. So much of your personal life is sitting on your phone with little to no security. But now the hacker has that information, how much of it can they use to commit fraud? How many clothing or furniture accounts? Can they buy a car? If they applied for a “get your money in 24 hours” loan in your name and used your email as a preferred method of communication, how much will they qualify for? How many loans can they apply for? I mean, your signature is just there on the cloud for anyone to find with your password as your “name+birthday” and no MFA, which doesn’t take a hacker 10 minutes to crack. So now I will ask you, how much money do you really have?

To protect your personal information on the internet, and this is just some ways, there is still a lot you need to do but this can give you some level of protection:

☝Set Multifactor Authentication on your accounts. And add other email addresses (friends and family, or any that you’ll have access to when you need to) for recovery purposes should you lose access to your account. You must always be sure of the URL you are logging into and where the MFA is from.

☝Avoid free public Wi-Fi. If you are connected to the same Wi-Fi network as a hacker, they can get access to everything you have access to, your webcam, location, sound, and keystrokes on your keyboard, they can even just change your passwords and lock you out. If you have no other option but to use it, connect for a minimal amount of time. If you use it for too long, you might forget and log in to your banking app on the Wi-Fi.

☝Be careful whom you make friends with on the internet, and what they send you, that cute girl with nice long legs promising you nudes might just be Bra Charles with a dirty, long brown beard and dirty sneakers sitting in front of his computer waiting for you to take the bait. Do not accept “her” pictures. “She” might be sending you a payload.

☝On WhatsApp, under settings, choose, do not download images automatically. If you do not set this, anyone can send you an image or video and they download it to your phone immediately/automatically over Wi-Fi. Even from phone numbers, you do not know. Images and videos can have hidden code that can harm your device.

☝On your android phone, under settings go to Settings > Security > More Settings > Screen Pinning and enable it. On your iPhone, go to Settings > Accessibility > Guided Access > Enable and set the passcode or use face ID. Say the opportunity to play hero arises and a stranger asks for your phone to call home because they have been stranded all day and no one is willing to help (the best kind of people to help are the ones not asking for money), you will use this feature to lock your phone and leave only the phone app open. They will need you to authenticate to use other apps. In case the stranger wanted to receive your OTP from the bank, then you are safe and if they were just an innocent stranded person, then look at that, you are a hero.

2. Your Corporate life.

Getting a job at a company you have always wanted to work for is the most rewarding feeling in the world. On the first day at work, you want to update on LinkedIn profile. Even more so when the HR lady there found you on LinkedIn, you want to show how loyal you plan to be towards the company. So, you mention that you work at ABC now and what your role is. You’re an administrator, now they look at your skills, what are you good at, and what you work with, even better if you work with Active Directory, you are the right person to hack, they can use your credentials to create new accounts for themselves, now you're the malicious insider that let the hacker in. It takes longer to argue a case like that and ruins your reputation. According to a blog post by Avast, (you will get more clarity if you open the Twitter post mentioned), an 18-year-old hacker bypassed Uber's multi-factor Authorization tool and stole an employee's OTP, and logged in as her. (read the Avast article and the Tweet to get more detail). 

Remember, no hacker is going to call the CEO of a multi-million-rand company asking for his password if the company values its cyber security and has implemented the segregation of duties (access to what you need, for the period you need it), the best they will find is the meeting the CEO or director will be going to this week. Not many company secrets will be found. So, who does the hacker go for, the administrator and his colleagues, the receptionist, or the intern, or they would socially engineer a security guard for physical access. If they can access one account, just one, then the whole company will be compromised. Now imagine you were that employee that compromised the company you work for.

When you are at work, it is best to:

☝Separate your corporate computer from your personal computer. If you can, buy your own personal computer for personal stuff. No Gmail, no webmail, no WhatsApp on your work computer.

☝Avoid corporate Wi-Fi on your phone or personal laptop. There’s usually guest Wi-Fi, use that one, that is the one that is separate from corporate secrets. So, if anyone controlled your device, there is not much they can access.

☝Take note of the training your company offers; they are not useless. Your job is much more than just being a lawyer or accountant or administrator, you also have the task to protect the company you work for, and the training will serve you in the long run (or short if reconnaissance is being run on your company right now).

☝Separate your work email and personal email. Only corporate emails on your corporate email account. You will communicate with the bank on your personal email account. You also won’t get irritating ads at work. But also, using your corporate email to subscribe to non-work things, might just let the attacker that wasn’t even interested in you know where you work and gather your details from your signature.

With all that information you have now, how much of a little no one are you? Everyone with access to the internet is vulnerable and can easily be hacked or used as collateral damage in hacking a multi-million rands company. But as an employee, I hope you now understand that cyber security is not just a career path and should not only be left to "IT" but a need-to-know for everyone. Don't make yourself a target and stay educated.