000 Cyber Security 101 Threats and Preventions
Being online exposes you to attack at all times. There are scammers, phishers, viruses, etc. Be safe and follow these guidelines.
-
- NEVER use weak passwords e.g. digits only, letters only, pet names, emails as passwords. Use password generators e.g. https://www.roboform.com/password-generator
-
- NEVER give anyone your passwords
-
- CREATE your own wallet privately and do not share your private keys(mnemonics) with anyone.
-
- NEVER share your emails, passwords, mnemonics, private information
-
- NEVER click links send via emails from unknown sources. Always verify them. Never download .exe files because they might destroy or damage your devices
-
- NEVER trust online people, amoung them we have dishonest ones and these may be pretending all the time. Be always suspecious and report suspicious activities
-
- REPORT verbal abuse, bots, DMs, etc This will help prevent harm to others too.
-
- ALWAYS stay up to date on Cyber Security Principles, search on AI for best ways to stay safe.
-
- Be warned, no one is always safe
Suggested Threats and Prevention
| Threat | Example | Prevention |
|---|---|---|
| Phishing | Fake bank email asking for login details | Verify sender, don’t click unknown links, enable email filters |
| Malware | Infected attachment installs a trojan | Use antivirus, avoid suspicious downloads, patch software |
| Ransomware | Files locked with demand for Bitcoin | Keep backups, use endpoint security, train staff |
| DDoS Attack | Website overwhelmed with fake traffic | Use firewalls, CDNs, traffic monitoring, rate-limiting |
| Man-in-the-Middle | Hacker intercepts Wi-Fi communications | Use HTTPS, VPN, strong encryption |
| SQL Injection | Hacker injects SQL code to bypass login | Input validation, parameterized queries, WAF |
| Identity Theft | Stolen SSN used for fraud | Use MFA, monitor credit reports, secure personal data |
| Password Cracking | Brute force attack on weak passwords | Use strong unique passwords, MFA, password managers |
| Social Engineering | Hacker poses as IT support to get access | Awareness training, verify identities before sharing info |
| Zero-Day Exploit | Attack on unpatched software vulnerability | Apply updates quickly, monitor threat feeds, use intrusion detection |
Case: A user receives an email from a fake “PayPal” asking them to confirm account details. Best Practices:
- Always check sender addresses carefully.
- Hover over links before clicking.
- Use anti-phishing filters in email clients.
- Train employees with simulated phishing exercises.
Case: Downloading a “free” software installer that installs spyware in the background. Best Practices:
- Install reputable antivirus/anti-malware software.
- Keep operating systems and applications updated.
- Download only from official sites.
- Regularly scan USB devices and external drives.
Case: Hospital systems are encrypted, forcing downtime until ransom is paid. Best Practices:
- Maintain offline/cloud backups.
- Don’t reuse administrator credentials across systems.
- Use application whitelisting to block unauthorized executables.
- Educate staff on avoiding malicious attachments.
Case: An e-commerce site goes offline on Black Friday due to a DDoS flood. Best Practices:
- Use content delivery networks (CDNs) and load balancers.
- Deploy rate-limiting to block suspicious spikes.
- Set up DDoS protection services.
Case: A hacker intercepts data from unsecured public Wi-Fi. Best Practices:
- Always use VPNs on public Wi-Fi.
- Enable HTTPS Everywhere browser extensions.
- Use strong encryption protocols (TLS 1.3+).
Case: Attackers extract usernames and passwords from a vulnerable login page. Best Practices:
- Use parameterized queries instead of string concatenation.
- Validate all user inputs.
- Conduct regular penetration testing.
- Deploy a Web Application Firewall (WAF).
Case: A stolen SSN is used to open credit cards. Best Practices:
- Enable credit monitoring services.
- Use multi-factor authentication (MFA).
- Limit sharing of personal data online.
Case: A hacker brute-forces weak passwords. Best Practices:
- Enforce minimum password length (12+ characters).
- Use password managers to avoid reuse.
- Implement MFA everywhere possible.
Case: An employee is tricked into giving their login credentials to a fake “IT admin.” Best Practices:
- Train staff to verify requests via alternate channels.
- Never share sensitive info over phone/email without verification.
- Encourage reporting of suspicious interactions.
Case: A browser vulnerability is exploited before a patch is released. Best Practices:
- Enable automatic updates for software.
- Monitor vendor advisories and security bulletins.
- Use intrusion detection/prevention systems.
- Consider bug bounty programs for proactive discovery.