Everyone loves cookies--even cybercriminals
Cookies become a security threat when hackers get access to them. If hackers hijack your cookies, they can get access to your session, your passwords and other related online activities. Hackers sometimes create “Super Cookies” and “Zombie cookies” to steal information from authentic cookies. Such cookies are difficult to identify and delete and sometimes work like worms replicating themselves, thus making it more difficult to get rid of them. Hackers can also steal your cookies if they get access to your network or to the server of the website you are visiting. For example, if your bank’s or shopping website’s server was hacked into, chances are, the hacker has access to your cookies and thereby all your account details.
Understand your Cookie to manage it better!
There are 3 kinds of cookies, each having different functions. One of them is session cookies. If it weren’t for session cookies, you wouldn’t be able to do any online shopping, banking, social media posting or any other activity that requires you to be logged in/identified. These session cookies are temporary cookies and they disappear once you log out of the website, thereby ending your session. It is the session cookies that enable the website to identify you and your actions and react accordingly. Without them, every click you make on the site, will be treated as a new one, unrelated to the previous action. For example, you logged into your bank account to transfer money to a friend. If you click on “Money Transfer”, without a session cookie, the bank’s website won’t recognize you from your log-in and you just won’t be able to proceed further. You will be stuck in an endless loop of log-ins.
The second kind of cookies are called persistent cookies.These cookies are stored in the hard drive of your computer. Unlike the session cookies, they are not temporary and don’t disappear until you clear them proactively. Persistent cookies are used by websites to offer you a customized browsing experience. For example, when you visit the website of a company that has a global presence, you may be given the option to choose your preferred language and country, so the site displays relevant information. Unless you clear the cookies from your computer manually, the next time you visit the site, you will automatically be taken to the version of it that you chose last time--probably English, US.
The third kind of cookies are called third-party cookies and are typically used to retarget customers as a part of online advertising campaigns. You might have noticed that sometimes after you visit online shopping sites, ads related to the items you viewed on the shopping site shows up as you browse other websites too. That is a situation where third party cookies have been deployed.
While cookies by themselves are harmless, cybercriminals can use them as a medium to attack you virtually. But you just cannot make do without cookies. So, how do you manage cookies effectively to stay safe? Download our whitepaper, The Cookie, monster is coming for you to learn more!
How to manage cookies effectively so they are not a threat to your data
Avoid third-party cookies: Third-party cookies are primarily used for online advertising and retargeting, so you won’t miss anything significant by avoiding these cookies. So, whenever you see a cookie alert on any site, first, check if it is for third-party cookies and if yes, it’s best to ‘Not accept cookies’. As a business, don’t allow third-party cookies on your site.
Secure sites: Make sure the sites you visit are secure (HTTPS) and have a valid SSL(Secure Socket Layer) certificate. The SSL certificate ensures that any data that’s exchanged is encrypted, meaning even if the hackers get access to the cookies, the information will be garbled eliminating any data leakage. As a business, make sure your site is secure and has a valid SSL certificate.
Anti-malware software and security patches: Install antimalware software programs on your computers and make sure they are up-to-date. Install security plug-ins and patches as soon as they are available, without delay. Do not use outdated software or operating systems for which support and security upgrades have been discontinued. Cybercrime modus operandi evolves at a rapid pace, an outdated cybersecurity setup will do you no good.
Educate your staff: Train your staff to identify and steer clear of basic cybersecurity risks such as
- Phishing links
- Clone websites
- Using public Wi-Fi
- Poor password hygiene
- Unverified app downloads, etc. ,
IT Policy: Establish a solid IT policy that spells out the dos and don’ts for your staff to follow in the office and also when accessing work data remotely.
If all of this feels overwhelming on top of running a business, it makes good sense to bring an MSP onboard who can take care of not just the Cookie monster but also of your entire IT security setup.
Eight common password mistakes to avoid
Research points out that more 80% of data breaches happen due to password hacking, meaning that poor password hygiene is responsible for a majority of cybercrimes that follow data breaches. To make sense of this statistic better, let’s first look at what constitutes poor password hygiene.
Using simple passwords
Often passwords that are easy-to-remember are easy-to-hack. Do you use passwords such as password, password1234, delta123, etc.,? If yes, then you should be changing them at the earliest to something less obvious.
Repeating passwords across platforms
As another solution for remembering passwords, people tend to use one, single password universally. This dilutes the password even if it is a strong one. Plus, there’s always the risk of the password being hacked at one place and putting the data stored at all other places also at risk.
Unauthorized password sharing
Unauthorized password sharing for the sake of getting things done faster is a very real problem. For example, someone is on leave and someone else needs access to a particular file from their computer. The employee who is on leave shares the password and that can result in a security compromise.
Writing down passwords
This the most obvious, yet oft-made password mistake. Just so they don’t forget the passwords, people tend to write them down on a piece of paper, a diary or sometimes, store it on their phone. You know what can follow if the piece of paper or diary or the phone is stolen. Same goes for storing passwords on email and if the email server is compromised.
Not revoking access on time
Cases where ex-employees log-in credentials were used to hijack company data are not unusual. When companies forget to revoke the access of employees as they move out of the department or organization, they are leaving a gaping cybersecurity hole open which is easy to take advantage of.
Not updating passwords
Using the same password for years or even months can be risky. Passwords should be changed every 3 months and perhaps even sooner for critical applications.
Single factor authentication
For the more critical areas, multi-factor authentication must be deployed. Relying on password alone is a huge cybersecurity risk. Multi-factor authentication includes tokens, biometric authentication, OTPs, etc., which make it very difficult to hack into the application.
These are some of the basic password mistakes that almost everyone is guilty of at some point. You can prevent these from happening in your organization by educating your staff about them and training them well to cultivate good password hygiene.