Free Privileged Account Discovery Tool: Identify & secure credentials to stop lateral movement. Download Free

BeyondTrust
  • Products
    Privileged Password Management
    Discover, manage, audit, and monitor privileged accounts
    Password Safe DevOps Secrets Safe
    Endpoint Privilege Management
    Manage privileges on Windows, Mac, Linux, and Unix endpoints
    Windows and Mac Unix and Linux Active Directory Bridge
    Secure Remote Access
    Centrally manage and secure remote access for service desks and vendors
    Remote Support Privileged Remote Access
    BeyondInsight Analytics
    See All Solutions
  • Resources

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

    Watch Video

    Learn

    Case Studies
    Competitor Comparisons
    Datasheets
    Glossary
    Product Demos
    Whitepapers

    Attend

    Events
    Go Beyond
    Training
    Webinars

    Support

    Changelog
    Professional Services
    Technical Documentation
  • Blog
  • Partners
  • Contact
  • Support
  • Services
  • Training
  • Events
  • Company

3 Security Tips to Keep your Halloween Cyber-Trick-Free

October 31, 2018

  • Blog
  • Archive

Cyber-Trick-or-Treat-Halloween-300x151.jpg

The holiday season brings out the best in people, and the worst in cyber scams. Starting with Halloween, there is a significant rise in phishing attacks, playing on human nature to watch a cool video, participate in an outrageous costume contest, or shop the pre-holiday sales you can expect from your favorite retailers.

If you simply search holiday phishing scams, you will find claims that up to 80% of individuals fall for phishing attacks during the holiday season. It is just human nature to want to believe in something good, but also fall for something bad. And, Halloween is where it all starts.

A blog posted by the Better Business Bureau highlights this problem and attempts to raise general awareness of phishing attacks, malware, and “click bait” used in modern attacks. The blog is a year old, but remains relevant today whether at home, for our children, or with phishing attacks at work praying on a cyber trick or threat treat.

As we consider the risks, let’s outline three basic cybersecurity hygiene steps that can help mitigate the impact of these threats--even if you should happen to fall victim.

1. Make your everyday computing account a standard user account

By default, when you set up a new Windows or MacOS device, the first account you create is an administrator account. Most consumers use that account every day for email and for surfing the Internet. Most businesses, however, deny access to that account and create a domain account with limited privileges (i.e. a standard user) for you in order to better control your behavior and limit the exposure of threats and accidents. For businesses that still allow local users to have administrative rights, and for consumers still using the default administrative account, consider creating a new account and assigning it standard user rights to logon.

Why? Because 80% of malware requires administrative rights in order to infect a system. If the malware does not have privileges, it cannot contaminate the computer, and thus, the threat is mitigated. That new standard user account – and not the default administrator account – is what you should use every day for routine computing. This alone can save you a world of pain, should you make a mistake and fall for an attack.

2. Ensure security patches and updates are applied often

Both Microsoft and Apple have gone to great lengths to ensure that security updates are applied almost every month. Let them automatically patch and update your operating system as needed. In addition, Adobe, Java, Google, and many other vendor apps have auto-update capabilities. Make sure they are turned on so that security patches will be applied when necessary.

Why? Modern phishing attacks can also prey on vulnerabilities. If the link, file, or browser plugin has a vulnerability that can be exploited, then your system can be compromised as well. Keep your system patched at home and at work—do not ignore the pop ups requesting to apply an update. The patch alone may stop a threat in its tracks, should you make a mistake and fall for a phishing attack.

3. Back up your files

I know this sounds simple – and it really is! If you store files locally, consider using a file-based cloud service like Office 365, iCloud, or Google Drive to back up your files. For your business, you can use a corporate backup program or a business-based cloud file share system too.

Why? In the unlikely chance you do fall victim to a phishing attack that contains ransomware, a data backup will help you recover your files, without having to pay a potentially an outrageous ransom. In addition, if you do back up your files, make sure your backups are secured as well. Sensitive data on a USB drive that is physically not secured opens up an entirely different set of threats and potential data governance issues—especially at work.

If you welcome these three tips as your cybersecurity treats, you might just avoid a cybersecurity trick this Halloween and holiday season!

For your business, BeyondTrust can help manage privileges and identify vulnerabilities to help you address and mitigate these threats. Contact us to learn how.

Morey J. Haber

Chief Technology Officer and Chief Information Security Officer at BeyondTrust

Morey J. Haber is Chief Technology Officer and Chief Information Security Officer at BeyondTrust. He has more than 25 years of IT industry experience and has authored four Apress books: Privileged Attack Vectors (2 Editions), Asset Attack Vectors, and Identity Attack Vectors. In 2018, Bomgar acquired BeyondTrust and retained the BeyondTrust name. He originally joined BeyondTrust in 2012 as a part of the eEye Digital Security acquisition. Morey currently oversees BeyondTrust strategy for privileged access management and remote access solutions. In 2004, he joined eEye as Director of Security Engineering and was responsible for strategic business discussions and vulnerability management architectures in Fortune 500 clients. Prior to eEye, he was Development Manager for Computer Associates, Inc. (CA), responsible for new product beta cycles and named customer accounts. He began his career as Reliability and Maintainability Engineer for a government contractor building flight and training simulators. He earned a Bachelor of Science degree in Electrical Engineering from the State University of New York at Stony Brook.

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

You May Also Be Interested In:

Webcasts | February 24, 2021

Your PAM 2021 Blueprint: Securing Privileged Accounts for On-Premises and Cloud Assets

Whitepapers

Evolving Privileged Identity Management (PIM) In The 'Next Normal'

Webcasts | January 21, 2021

Welcome to 2021: A BeyondTrust Global Partner Update

BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Videos
  • Webcasts
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press

Languages

  • English
  • German
  • French
  • Spanish
  • Korean
  • Portuguese
  • Japanese
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2020 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.