SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
Ten hacker security measures to prevent cyber attacks
Wed, 18th Oct 2023

The human factor continues to be one of the entry vectors for cyberattacks on organisations. Cybersecurity awareness also remains a pending subject for everyone, although users are increasingly aware of the dangers of the digital world and try to avoid them within their means. 

Entelgy Innotec Security says are hacker security measures that businesses should all implement.

Safety basics

  • The basic day-to-day protective measures of a cybersecurity expert or ethical hacker are several:
  • Authenticate, whenever the system allows it, with double authentication factor.
  • Save credentials in password managers (never in the browser or elsewhere).
  • Encrypt the hard disk of all your computers.
  • Encrypt any item that is uploaded to the cloud (although it is not recommended to use this tool).
  • Use GPG (a system for encrypting files) for sensitive information transmitted by e-mail.
  • Use virtual machines and do not perform analysis on your own system.
  • Always use a VPN.

An old-fashioned telephone?
Although it is not the norm, in the world of hacking there are those who do not use smartphones, but prefer to opt for old classic terminals. According to Entelgy Innotec Security, they are aware that in our pocket we not only carry a phone, but also a microphone, a database, a photo album that is updated every day, a camera that could be activated without the user's permission... Avoiding such exposure is essential for many. However, it is not uncommon for anyone working in cybersecurity to have a smart phone in their hands.

Reliable e-mail
Although it is no longer common for a hacker to set up his own email server, these types of professionals tend to value those platforms known to be more secure than the usual ones, especially recommended for sending personal documents, communicating with public entities or managing banking, Entelgy Innotec Security says.

They rely on options such as Protonmail or Tutanota. 

"They are technologies with a higher degree of confidentiality than those provided by larger companies, which offer private mail service without advertising, without automatic scanning of content," says Gonzalo Snchez Delgado, Hacking Service Manager at Entelgy Innotec Security. 

"Of course, it is necessary to exercise trust, since 100% security does not exist, you always run some risk," he says.

Instant messaging on another level
With regard to social networks and instant messaging applications, as a general rule, security experts also tend to use the usual ones for the most trivial aspects. 

"If you need to deal with something more private, you use alternatives such as Signal or private Discord servers," says Delgado. 

"For normal conversations, encryption is widely used, although we know that nothing is completely secure."

Maintaining anonymity
On the other hand, it is becoming increasingly common for cybersecurity experts to avoid uploading their own images to social networks and, if they do, they tend to cover their faces. 

"Because you don't know where something you share online is going to end up and you don't know how it's going to be used, especially with the evolution of generative artificial intelligence, this is being nipped in the bud," Delgado says.

Watermarks on sensitive documents
Have you ever wondered what might happen to the private information you have sent to an official entity when it suffers a cyberattack? Although it is not advisable to send sensitive information electronically, if it is mandatory to, for example, activate a service in a company, cybersecurity experts recommend using watermarks on documents to specify where they can be used and where not. This means, for example, specifying on a DNI that it can only be used for a specific purpose. 

"This way, if tomorrow your ID falls into the wrong hands and people try to register new services with it, it should not be able to be used," Delgado says.

Computers for different uses and own router
The vast majority of cybersecurity experts use one device for very private tasks (accessing online banking, handling cryptocurrencies, etc.) and a different one for surfing the internet, watching series.

"Although in general the sector has relaxed a bit, we are not so paranoid, we now maintain a thread of connection with the outside," the specialist assures," Delgado says.

"However, many of these professionals do not use the router provided by their internet provider, but have their own router bastioned and secured so that no one can access their wifi easily."

Under the cloud
"Having your most personal files in the cloud, such as your ID card, your photos or your tax return, is very unusual; people shy away from it.," Delgado days.

"In the sector, having control of personal information is highly valued, and that means having custody of that information yourself. In this sense, few people use cloud-based photography platforms (which we all have almost by default on our cell phones)."

Nothing intelligent
They also move away from all technology considered smart, such as speakers that listen to and record your voice and other household appliances or wearables that keep an almost complete record of a person's day-to-day life. 

"In all this technology, the problem of improper access to the information collected or directly a misuse of it, is known after some time, when little can be done," Delgado says. 

"This is how we have learned of the biggest privacy scandals on the Internet months and even years later. For this reason, it is better to be cautious and avoid voice recordings or the general collection of information of any kind."

Parental Controls
Cybersecurity also involves children's devices. 

"I am not in favoor of keeping children away from technology, but of educating them in its conscious use," says Delgado.

"Among industry peers he says he sees how minors can have a console or tablet with parental controls and configured so that they can't make purchases, that no one can contact them, etc.," he says.

"Especially we know that the devices they use are not at all reliable, they can be easily compromised, so they are not used for other more important matters. Those tablets or smartphones are considered exclusively gaming devices."