Are you really secure? Download our Ebook

Blog

thumb-everyone-loves-cookies-even-cybercriminals

Everyone loves cookies--even cybercriminals

When you visit a site, probably for the first time or from a new device or browser, you will see an alert that mentions the site uses Cookies to offer you a more personalized experience and asks you if you are okay with it. Let’s admit it. A lot of us don’t even bother to read what the notification says before we click “Accept” and move on with our browsing.

Cookies are tiny information packets that store data related to your interaction and behavior on websites. It is like walking into your favorite local diner and having them serve up the “usual” instantly. Cookies, track your digital footprint on a website and allow the site to offer you a more personalized browsing experience. For example, let’s say you visited Amazon.com and looked at some cameras, perhaps you put one into your cart as well, but never checked out, or added one to your wishlist on the site. The next time the camera is on a sale, Amazon app sends you a notification about the price reduction. That happens with the help of cookies. And, that’s just one example. Cookies are not necessarily limited to shopping sites.You know how sometimes you can save your password for some sites, so you don’t have to type it or log in every time you visit the website? You are able to do that because of cookies. Any site can have cookies, though shopping and banking sites can’t function without them. These are known as session cookies and are absolutely indispensable, while some like persistent cookies make your web browsing experience more pleasant and the third party cookies, while not very pleasant, are used basically to facilitate online advertising. How do cookies become a security threat, then?

Cookies become a security threat when hackers get access to them. If hackers hijack your cookies, they can get access to your session, your passwords and other related online activities. Hackers sometimes create “Super Cookies” and “Zombie cookies” to steal information from authentic cookies. Such cookies are difficult to identify and delete and sometimes work like worms replicating themselves, thus making it more difficult to get rid of them. Hackers can also steal your cookies if they get access to your network or to the server of the website you are visiting. For example, if your bank’s or shopping website’s server was hacked into, chances are, the hacker has access to your cookies and thereby all your account details.

If you liked what you read, then check out our whitepaper, The cookie monster is coming for you, for a more detailed account of the threats posed by cookies and how you can manage them better.

thumb-understand-your-cookie-to-manage-it-better

Understand your Cookie to manage it better!

There are 3 kinds of cookies, each having different functions. One of them is session cookies. If it weren’t for session cookies, you wouldn’t be able to do any online shopping, banking, social media posting or any other activity that requires you to be logged in/identified. These session cookies are temporary cookies and they disappear once you log out of the website, thereby ending your session. It is the session cookies that enable the website to identify you and your actions and react accordingly. Without them, every click you make on the site, will be treated as a new one, unrelated to the previous action. For example, you logged into your bank account to transfer money to a friend. If you click on “Money Transfer”, without a session cookie, the bank’s website won’t recognize you from your log-in and you just won’t be able to proceed further. You will be stuck in an endless loop of log-ins.

The second kind of cookies are called persistent cookies.These cookies are stored in the hard drive of your computer. Unlike the session cookies, they are not temporary and don’t disappear until you clear them proactively. Persistent cookies are used by websites to offer you a customized browsing experience. For example, when you visit the website of a company that has a global presence, you may be given the option to choose your preferred language and country, so the site displays relevant information. Unless you clear the cookies from your computer manually, the next time you visit the site, you will automatically be taken to the version of it that you chose last time--probably English, US.

The third kind of cookies are called third-party cookies and are typically used to retarget customers as a part of online advertising campaigns. You might have noticed that sometimes after you visit online shopping sites, ads related to the items you viewed on the shopping site shows up as you browse other websites too. That is a situation where third party cookies have been deployed.

While cookies by themselves are harmless, cybercriminals can use them as a medium to attack you virtually. But you just cannot make do without cookies. So, how do you manage cookies effectively to stay safe? Download our whitepaper, The Cookie, monster is coming for you to learn more!

how-to-manage-cookies

How to manage cookies effectively so they are not a threat to your data

Avoid third-party cookies: Third-party cookies are primarily used for online advertising and retargeting, so you won’t miss anything significant by avoiding these cookies. So, whenever you see a cookie alert on any site, first, check if it is for third-party cookies and if yes, it’s best to ‘Not accept cookies’. As a business, don’t allow third-party cookies on your site.

Secure sites: Make sure the sites you visit are secure (HTTPS) and have a valid SSL(Secure Socket Layer) certificate. The SSL certificate ensures that any data that’s exchanged is encrypted, meaning even if the hackers get access to the cookies, the information will be garbled eliminating any data leakage. As a business, make sure your site is secure and has a valid SSL certificate.

Anti-malware software and security patches: Install antimalware software programs on your computers and make sure they are up-to-date. Install security plug-ins and patches as soon as they are available, without delay. Do not use outdated software or operating systems for which support and security upgrades have been discontinued. Cybercrime modus operandi evolves at a rapid pace, an outdated cybersecurity setup will do you no good.

Invest in a good password manager tool: One of the reasons people tend to store passwords and other sensitive information online--which involves use of cookies, is because they have a tough time remembering passwords. A good password management system provides you with a safe and secure alternative.

Educate your staff: Train your staff to identify and steer clear of basic cybersecurity risks such as

  • Phishing links
  • Clone websites
  • Using public Wi-Fi
  • Poor password hygiene
  • Unverified app downloads, etc. ,

IT Policy: Establish a solid IT policy that spells out the dos and don’ts for your staff to follow in the office and also when accessing work data remotely.

If all of this feels overwhelming on top of running a business, it makes good sense to bring an MSP onboard who can take care of not just the Cookie monster but also of your entire IT security setup.

eight-common-password-mistakes-to-avoid

Eight common password mistakes to avoid

Research points out that more 80% of data breaches happen due to password hacking, meaning that poor password hygiene is responsible for a majority of cybercrimes that follow data breaches. To make sense of this statistic better, let’s first look at what constitutes poor password hygiene.

Using simple passwords

Often passwords that are easy-to-remember are easy-to-hack. Do you use passwords such as password, password1234, delta123, etc.,? If yes, then you should be changing them at the earliest to something less obvious.

Repeating passwords across platforms

As another solution for remembering passwords, people tend to use one, single password universally. This dilutes the password even if it is a strong one. Plus, there’s always the risk of the password being hacked at one place and putting the data stored at all other places also at risk.

Unauthorized password sharing

Unauthorized password sharing for the sake of getting things done faster is a very real problem. For example, someone is on leave and someone else needs access to a particular file from their computer. The employee who is on leave shares the password and that can result in a security compromise.

Writing down passwords

This the most obvious, yet oft-made password mistake. Just so they don’t forget the passwords, people tend to write them down on a piece of paper, a diary or sometimes, store it on their phone. You know what can follow if the piece of paper or diary or the phone is stolen. Same goes for storing passwords on email and if the email server is compromised.

Not revoking access on time

Cases where ex-employees log-in credentials were used to hijack company data are not unusual. When companies forget to revoke the access of employees as they move out of the department or organization, they are leaving a gaping cybersecurity hole open which is easy to take advantage of.

Not updating passwords

Using the same password for years or even months can be risky. Passwords should be changed every 3 months and perhaps even sooner for critical applications.

Single factor authentication

For the more critical areas, multi-factor authentication must be deployed. Relying on password alone is a huge cybersecurity risk. Multi-factor authentication includes tokens, biometric authentication, OTPs, etc., which make it very difficult to hack into the application.

These are some of the basic password mistakes that almost everyone is guilty of at some point. You can prevent these from happening in your organization by educating your staff about them and training them well to cultivate good password hygiene.