Recently my Twitter account was hacked. That teaches me to use simple passwords. This account was quite old and unused for a while. When i started to use it again it got a bit more visibility and was take over. I got it recovered quite quickly, but cleaning-up takes a while.
Just a few minor tips:
- Do not re-use passwords (this was my luck, i never do. Multi-level protection password managers help me here).
- Check past likes you have not made yourself and look “off-beat” – do this FREQUENTLY.
- Many services provide “recent user activity/logon” info (sometimes difficult for me, since i use VPN’s of many types with different countries as target).
- Verify profile changes and email notifications regarding your accounts (never click on those email links, always go to the page directly to take action).
- Change password periodically (every year, when using 2factor?).
- Use multi factor authentication (with few trusted devices) where possible.
Simple chart with classification of different InfoSec threats.
- poisoning (arp,dns)
- Social engineering,
- Social network attacks,
- SQl inject,
- code injection,
- path traversal,
- buffer overflow,
- Replay attacks,
- Session Hijacking,
- Brute force,
- Rainbow(hash) tables,
- Shoulder surfing
- Heuristic commits
- Secure boot,
- threat Scanning
During the validation of control activities you should attempt to make security easier on users and more difficult for attackers.
Activities to verify may include (not limited to):
- Prevention (2FA, least privilege, reduce deniability, …)
- Delay (strong encryption, layering, …)
- Detect (monitor, detect change, audit, automate, …)
- Compliance (implementation of corporate policy and standards, including configuration best practices)
- Recover (verify the ability to reset to the last known good state)
NOTE: validation of control activities is not considered an audit. Auditors should also be evaluated by watching the watcher & comply with segregation of duties. Example: auditors should NOT define the governing policy or have the ability to implement change.