4 Cyber Hygiene Lessons From #Leaktheanalyst Hacks

By Marilia Wyatt

  • In July, attackers in operation #leaktheanalyst disclosed data from Mandiant (FireEye) by compromising the social media accounts of a senior security analyst,  The Hacker News reports.
  • Both professional and personal data belonging to the analyst was posted on Pastebin as proof.

Having a healthy degree of paranoia is sensible in the cybersecurity space, specifically among security analysts who have access to troves of valuable company information and work to protect it. But, the attackers in #leaktheanalyst hack had an excellent point: sensible cyber hygiene is a must.

Here are four lessons that users could learn from security analysts and the steps they take to protect themselves from being breached, according to threat intelligence enterprize LookingGlass:

  1. Analysts are inherently cautious about their data. 
    Security analysts are highly likely to be fastidious in taking appropriate security precautions in everything they do. This begins with routinely changing passwords, using different passwords for each application, and ensuring the passwords are sophisticated – less likely to be easily broken, even with brute attacks. So, how often do you change your passwords? Do you have a different one for each online account? Analysts are also likely to use pseudonyms when using social media. This allows them to personally communicate on these channels without their identity being easily connected to their professional career.
  2. Treat your home or mobile office like your corporate network.
    If a hacker can’t access your company’s network, they may try to compromise you when you’re away from the office, whether through your mobile device, home network, or personal accounts. Analysts carefully guard their information when working remotely or traveling. Some simple, but highly effective tips include: making sure you change your home router administration credentials from factory-issued defaults, and choosing network names that don’t contain your last name or any identifiable information. Keep your applications and operating system updated and patched. Turn off your mobile phone Hot Spot, Bluetooth, and Wi-Fi when these are not required. When traveling, make sure to password-protect your mobile devices and check data privacy rules in the places you’re traveling. These steps shut the door on many cyber attacks.
  3. Lock down ALL of your online accounts, not just social media. 
    If it is publicly known that you work at XYZ company from just reading your social profile, then you can easily become the target, whether it’s through compromising your email addresses, eCommerce profiles, or any of your social accounts – hacking them to change information, sending you posts with malicious links, or posting malicious links on your account. The easiest way to see what personal information is available about you on the open source is using any search engine to look yourself up. If you can see your place of employment, professional title, work history, home address, email address, and social media accounts, so can the bad guy. As a rule of thumb, the following should be followed:

    • Be cautious of who you allow into your social networks
    • Refrain from listing your employer on social media profiles
    • Restrict public access to your accounts
    • Update your privacy settings
    • Don’t use social media while on public Wi-Fi hotspots
  4. Not all data security risks are cyber-based. 
    One of the oldest tricks in the book is stealing information by old fashion theft. For example, 70 percent of smartphones are lost or stolen each year, and only 7 percent are recovered. As it pertains to businesses, 52 percent of devices are stolen from workplaces, and 24 percent are stolen from conferences. Since 2006, 25.3 percent of data breaches were due to stolen mobile devices. Analysts are particularly careful with their devices, making sure they’re never left unattended and secured in trunks of cars or a hotel safe. It’s also important to be vigilant while using your devices in public to make sure no one can view your screens while riding planes and trains.


Further Reading:

Please leave us a comment

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s