What you need to be aware of in 2023 with Cybersecurity

We partnered with Fanatical to bring you this post. I only review and recommend products which I use myself.

Links are affiliate links and we may earn a small commission for your purchase at no price difference to you.

Thank you for your support!

Fanatical is considered a leading global gaming and digital entertainment platform

but they are so much more!

They also provide bundles covering technology and programming, comics, graphic novels and eLearning books from publishers such as Packt 📚

It is a perfect mix of education AND entertainment (or as I like to call it 'edutainment'), which is exactly what nerdnourishment loves to see! 🤓

I recently took The Beginners 2023 Cybersecurity Awareness Training Course which is currently part of a Testing & Cybersecurity Video Training BYOB (Build Your Own Bundle). I was very impressed at the quality of detail this course provided and the enthusiasm of the instructor was a plus. Probably my favorite part of it all were the ominous music clips that were used which would lead up to super important points... kept you on your toes for sure!

The instructor of this course, Reza Zaheri, guides us through important topics in the cybersecurity space while sharing what we need to be aware of and what things we can do to protect ourselves and our companies. The fact of the matter is, the reason we all need to be aware of these topics is because it is not hard to get hacked. Bad actors (a.k.a. hackers) want our data and it is our responsibility to keep it safe, each and every one of us.

This is a sneak peek into what you will learn from the course. There is a ton of value and I highly recommend this to those new to the cybersecurity field and also those wanting to revisit the topic in the current 2023 landscape. Enjoy!

Targeted Email Phishing

Not all emails you receive are from who you think. Hackers use emails to try and steal information by getting you to do things like click on a link or download an attachment. There are red flags that you need to be aware of and extra precautions you can do to identify these types of emails.

Reza shares with us actual examples of emails from hackers and points out why they are not real emails. You might think you are getting an email from Amazon, but if you look closer you can spot the hackers. Some things you can analyze are from/to/subject lines, introduction and salutations, email domains, and links.

One tip for the links, you should always hover your mouse over the link to see where it is going to take you.

Best Takeaway: do not respond, do not click, do not let them know you even exist!

Macro Malware

A macro is a feature of Microsoft Office, basically a mini program used to run and help you automate your work. Microsoft has recently disabled macros by default because this macro malware was a big problem about a decade ago. However, you are still able to enable the macros is directed by a hacker, which then would execute the malware... bad news!

Reza shares some macro settings to be aware of that you can configure yourself to keep you safe from these types of attacks.

Best takeaway: do not enable macros unless you know where they come from!

Business Email Compromise

(a.k.a. CEO Fraud)

The purpose of these types of emails are to get you to initiate a wire transfer internationally. Hackers use social engineering tactics here to convince you the money is needed for a specific purpose. Typically, the companies that are targeted already send wire transfers so it isn't something too out of the ordinary.

Reza goes through some examples in detail of how these attacks are executed, including the backstory and extra steps involved (like social engineering) to make these attacks successful.

Best Advice: pause, pick up the phone (walk into the office), verify!

Smishing

(SMS / text message Phishing)

These are very similar to regular phishing attempts, but the hackers are banking on the fact that it is harder to verify the links with your phone. Or is it...

One of the examples he shares made me literally LOL so I have to share here. I was a text message sent to a phone, saying that the phone was lost... 🤦🏻‍♀️ I understand how people could maybe fall for this though... has anyone else ever searched for your glasses as they were on top of your head? 🙋🏻‍♀️

Reza shares some tips on how you can 'hover' over the links to verify them before you click from your phone.

Vishing

(Voice Phishing)

These can either be voicemails or live voice interactions, basically another social engineering attack. A lot of times they will act as an authoritative figure alluding to you being in some kind of trouble or tell you that you won something, basically any way to give a call to action.

Again, since this is a type of social engineering attack, they have done their homework and know some of background about you, where you work,, and maybe a little about your personal life.

This was a fun section, Reza shares some examples by allowing us to hear a phone call he had with a hacker. Side note: there are some YouTube channels that expose these types of social engineering attacks that are educational and entertaining to watch as well.

Best Advice: hang up / don't respond!

or if you are like me, just ignore all unknown phone calls and voicemails 😅

Ransomware

Sometimes viewed as a digital hostage taking where the hacker somehow gets access to your files, encrypts them, then tells you that you need to pay them to get your files back. The encryptions that they use are incredibly strong and require a decryption key that only the hackers have.

Reza shows us the types of messages that are sent with these attacks and the amounts of money that are requested. The funny and odd thing with these is sometimes the amounts are not even large, or they ask for gift cards.

Best Advice: have an external copy of your files!

Social Engineering Red Flags

We have learned about some attacks that use social engineering, but there are some red flags that are good to know. Typically, hackers are trying to figure out your trigger and how they can convince you to respond. They will use various calls to action included in many different ways such as emails, voicemails, and text. Basically trying to pray upon your greed, fear, curiosity, or compassion (think about the famous Nigerian Prince emails).

By this time I feel like Reza is my best friend, I already know how he is feeling and can predict what he is going to share with each example. The power of learning!! 🤓

Best Advice: if it's too good to be true, it probably is!

Search Engine Optimization

SEO in itself is not harmful, it is something used to be able to search for your website online using keywords. Where the harm comes in is when hackers use their techniques to exploit this technology.

This one was new to me, I had to watch it a couple of times because I was so amazed by the examples Reza shares. This one is a very involved attack showing that hackers are quick on their feet!

Best Advice: don't click on Google Ads & look out for Google / browser warnings

Apple

Apple keeps things very tight knit which sometimes could be annoying but it is good for security. Most problems on the Mac deal with social engineering related to updates.

Apple does have less instances of attacks than Windows, but even though the numbers are not as high it is still good to be aware of the examples Reza shares.

There were also some neat features that Reza shares here to protect yourself on a Mac. Highly recommend for Mac users!

Smartphones and Mobile Apps

This is where it gets real scary because most everyone has a smartphone these days and may even have more than one.

If you have an iPhone, generally speaking, you are secure. Since the way Apple works in their own secure eco system. Google Phones also take precautions to make their devices secure. It is other phones that are more of an issue, primarily because they do not always push updates to the phones.

Examples here were fun as Reza shares some apps and app stores that you should be wary of purchasing from as well as some permissions that your should be configuring to protect yourself. This is the most important section, IMO, packed full of examples and tips. A must watch!

Best Advice: purchase apps only from reputable sources, be very wary of third party app stores, and keep your apps to a minimum on the Android!

Bonus Highlight: if you have a flashlight app, please uninstall it. These apps are not necessary and are highly at risk of abusing your phone's permissions

Password Management

This is one of my favorite topics when it comes to security, mostly because it is something that just about everyone can relate to and there is always room for improvement.

It is important to note that there is a balance between making your password strong and making your life easier. It is better and more secure to have a longer password than a more complex password (a mixture of special characters and numbers)! Even better to have a long password with complexity. Think about using a passphrase (like a sentence from a movie / song / quote).

Reza shares some great tips and tools to use here which will help you create passwords for all the hundreds and maybe thousands of accounts that you have. Spoiler alert, it involves password managers. Still a critical section to pay attention to because there are some important features to note and tools to use.

Best Advice: for the most critical accounts you have (like banking), only keep those passwords in your head and don't use a tool

Bonus Highlight: password managers can also be hacked,

but that is not as likely because hackers typically spend time on low hanging fruit

Two-Factor Authentication

(a.k.a. 2FA)

Two-factor authentication shuts down the ability for a hacker to get into your account if they get your password.

Factors Used to Authenticate

• Something you know (user name, password)

• Something you have (smartphone, physical security key)

• Something you are (biometrics: eyeballs, fingerprints)

Reza shares a fun example of how Mark Zuckerberg got hacked which was a great segue into his walkthrough of how to set up two-factor authentication for Facebook.

Best Advice: if you want to be ultra secure, use the physical security key!

Browser Security

Our browser knows so much about us: websites, search history, medical history, passwords, etc.

Therefore, we have to be careful which browsers to use (there are many)!

There are a number of problems that could exist with browsers, including: java script, cookies, third party cookies which allow for things like ads and trackers. Reza explains these problems in detail with examples and solutions.

Best Advice: when you are at work, make sure to confirm with your security team before downloading anything!

Internet Data Privacy

Think about big tech companies like Google, how do you think they get money... enter the ominous music... with our data!

Reza shares again about the different browsers privacy, as well as which companies are collecting and using your data. This section is probably the most eye opening for people that are new to the topic of data privacy and a great topic to become familiar with to ensure you are equipped with the background for how to protect yourself.

Identity Theft

If you thought the last topic was eye opening, hold on to your credit reports. Remember Equifax?

Reza shares a tip here on how you could freeze your Equifax credit report so that no one can pull your credit report without your specific approval. Important to note that a credit freeze is guaranteed by law that they will protect your account.

Another tip Reza shares is to call your phone carrier to add a pin on your account. Think of this like two-factor authentication for your mobile phone. This will prevent takeover of your mobile identity. You will want to tune into this session to learn about the details here, very interesting!!

Encryption

Encryption is basically scrambling your data so that no one else can read it. There are several tools you can use to encrypt your files in many different ways. Things that you can encrypt include: files, emails, text messages, connection to wifi.

If you are curious about encryption at work, it is likely that your security team has policies and procedures in place already. If you are curious about encryption for your personal files, you will not want to miss out on the examples Reza shares here.

Best Advice: think about who you are interacting with when sending and choosing your encryption tools.

Travel Advice: use a VPN to encrypt your internet connection

(also can be used at home if you wish to be super secure)

Internet of Things

(a.k.a. IoT)

IoT may sound a bit strange, but I assure you already know what this is. Basically, any device that is connected to the internet. First it started with computers, then smartphones, now everything seems to be connected to the internet like our refrigerators, washing machines, and even oil diffusers.

A forecast by International Data Corporation (IDC) estimates that there will be 41.6 billion IoT devices in 2025. All of these devices need to be secured! Why? They are paths into our network.

Reza gives examples of why these devices can be a risk and some examples you would only think you would see in the movies. If you enjoy SciFi, you will really enjoy this session!

Summary

A couple quotes from Reza that made me smile

This may sound a bit harsh, but it’s true.

The biggest takeaway is to be educated to the point where you know what to do to protect yourself and your company.

Thank you for reading, Thank you for supporting

and as always,

Happy Learning!!