...
Phishing
Don't click on links; hover and check the URLs
Don't open attachments (unless you trust the sender)
If in doubt, ask an IT member (e.g., via Slack)
Windows Technical Support
"Windows Technical Support has noticed that you have viruses or other malware on your computer..."
Baiting
Seemingly innocent (or attractive) abandoned USB, CD, and DVD media with autorun
Public WiFi (e.g., coffee shop, airport, library, ...)
Turn off sharing
Don't automatically connect to unknown WiFi hotspots.
Confirm the network name - know the name of your hotspot!
Turn on your local firewall.
As usual, never enter your name or password information:
when on an insecure (non-HTTPS or SSL encrypted) connection , or
to a site that you have not verified is correct (by examining the URL)
...
Open System Preferences, click the Security & Privacy icon, and switch to the FileVault tab. If you see a button that says "Turn Off FileVault..." then congratulations, your disk is already encrypted. Otherwise, click the lock icon in the bottom left to make changes, and click "Turn On FileVault...". Google "FilevaultFileVault" for more information.
Much more technical detail on securing your Mac: macOS-Security-and-Privacy-Guide. This is useful but well beyond what is required by Axelerant.
...
One of the best ways to protect yourself from being hacked (other than via a social engineering pathway) is to keep the software on your computers and phones up-to-date. Sometimes you may reasonably want to wait for a .1 or .2 release before updating after a new major release, but don't get far behind. Also, if you have a Windows machine, you must maintain an up-to-date anti-virus package.
Protect Your Privacy
Axelerant believes privacy is a right, and private communication can benefit the business. Here are some tips on how free and open-source tools can help:
Secure your Laptop
The operating system and software applications on your laptop - and all computers, phones, tablets, etc., in your house - should be updated with new versions and security patches that ensure it presents a minimal attack surface to potential adversaries.
Additionally, your laptop should lock (require a password to resume) on-screen close and after 15 minutes of idle time.
Sharing Online Service Accounts
...
If a service allows individual accounts, use only personal accounts and not share credentials.
...
Prefer services that allow individual accounts, TFA, and secure password policies.
...
"
...
Shared account passwords should rotate to ensure that only those users needing access continue to have access, revoking individual accounts, mainly when people leave.
...
Please choose a password manager that encrypts locally (in your browser, so you don't have to trust the provider it; we provide it to keep their your data safe) with iPhone and Android apps that will auto-sync with the manager.
...
1Password provides secure password management, especially when unlocked via Two two-factor authentication. Storing new passwords created in 1Password in your browser completely defeats this security, enabling anyone to access your browser access to all your sites. If asked by your browser asks, "Do you want to save this password in your browser?" answer "No." Then disable this insecure action altogether:
...
As a final, crucial step, you must have backup codes for all your TFA accounts. Imagine using a Token generator app from your phone to unlock a tool, and you lose your phone. Without a backup code, access to your accounts would be prevented. So it would help if you had backup codes, make sure ; whenever you set up two-factor authentication, you save the back codes in a place where you can to access them easily without needing your phone’s phone's token generator app.
SMS can often be an easy backup if the tool allows multiple methods. Services that provide TFA generally enable multiple two-factor options and a downloadable set of single-use "backup codes" that you can download, print, and keep in a safe place.
Recommended mobile apps to be used as Token generators for two-factor authentication, ; they also sync with the cloud, allowing you to install them again on a new device,
...