Seeing tons of cyber security related posts on pushstart makes me happy that finally people are waking up taking it seriously. Although it's not something new I have many times have told about it. Since it is current discussion of topic, let me come out of my hacker cave 😜 and tell you some tips to protect yourself and your business.
Tips to protect yourself :-
1. Always update your software/OS
2. Never use same passwords on multiple websites use password managers such as Dashlane or 1Password (keep eye on your email's involvement in recent data breaches https://haveibeenpwned.com/)
3. Avoid using pirated software as much as you can, now these days there are tons of open source alternatives available for any proprietary software. (Open source software fixes vulnerability quickly since source code is maintained in public, where as in licensed software a zero day vulnerability can be exploited by threat actors for many years)
4. Prefer using Netgear, Cisco and Ubiquity for personal WiFi routers because these companies takes security seriously and provides security updates (they also have bug bounty programs where they allow white hat hackers for security research). Never purchase D-Link or TP-Link if you don't want your IP to be part of botnet. These never provides security updates or brothers to patch them.
5. I usually don't prefer antivirus on low spec hardware since updated windows 10 defender is enough and does great job at malware detection with help of deep learning technologies. But you can opt in for Bitdefender, I use it on my rooted android phone just incase.
6. Prefer privacy oriented browser such as Firefox and get this following plugins privacy badger by EFF, HTTPS everywhere, uBlock Origin, decentraleyes
7. Use encrypted email services such as proton mail or tutanota, and never trust any email in spam folder even if it looks very convincing.
Tips to protect your buisness:-
1. Hire atleast one guy for security, let's say if you planning to hire 5 people out of one should be application security folk. India has best hackers to offer, don't think that security will be implemented later! Why wait till you get hacked? Security and Data privacy should be in mind from start.
2. Implement strong password polices on corporate email IDs of your employees and enforce 2FA authentication everywhere.
3. Phishing related tips you can find in this blog post that I wrote recently https://blog.securelayer7.net/secure-yourself-from-phishin…/
4. Implement DevSecOps and SoC with help of log monitoring in early stages of product development lifecycle. So later you don't have to waste time worrying security integration when you push it to your customers and code makes it to production.
5. Enforce strong firewall rules with IDS/IPS system and keep eye on what kind of software your employees are installing on their systems. Keep conducting vulnerability scans on your internal network for risk assessment. You can use IoT seach engines such as https://shodan.io or https://censys.io to keep track of your digital resources and cloud instances exposed to direct public internet. There is also service called https://greynoise.io/ which gives is kind of internet wide IDS and can list all threat actors. So from greynoise you can create good IP blacklisting for malicious scanners and botnets responsible for DDoS attacks.
6. Never expose your secrets such as API keys, sensitive environmental variables or configuration files in publicly visible git repository. Educate your developers how git works and which mistakes to avoid.
7. For web application related products kindly include OWASP Top 10 vulnerability testing in your unit tests. https://owasp.org/www-project-top-ten/
And yes that's it, more stuff can be done to improve cybersecurity at personal level or for your business but above points should be followed all the times to keep your self protected from threat actors.
You can reach me out anytime regarding cybersecurity stuff here on pushstart.
Stay safe, stay cyber aware! Thanks for reading.