At Bugcrowd, we’re committed to making the digitally-connected world a safer place. And we couldn’t do so without the creativity and skills of our Crowd.
So with October and National Cybersecurity Awareness Month (NCSAM) wrapping up, we wanted to share some tips for organizations and consumers alike to stay secure — and what better way than to call on the brilliant minds within our community?
NSCAM is a collaborative effort between government and industry to raise awareness about the importance of cybersecurity and to ensure that consumers have the resources to be safe and secure online. While we appreciate that the cybersecurity industry has a whole month dedicated to spreading the mission of safe cyber practices, it’s important to keep in mind that these should extend beyond October and be observed year round.
Here’s some top tips from our Crowd to help you and your organization gain a Hacker’s Advantage:
“Daily collaboration between developers and security teams is key in your SDLC. Also, don’t hesitate to invest in offensive security training for your blue team.”
“One of the most commonly overlooked causes of breaches is exposure on third-party platforms that are often out-of-scope or left unmonitored by an internal security team. A few significant breaches in the past few years have involved platforms like GitHub, and while there are definitely mitigations like multi-factor authentication, it’s important to keep on top of it and closely monitor your external attack surface — not just on your infrastructure, but also on third-party platforms.”
- Understand that security is a process, not a product — cybersecurity in the 2020 era can’t be treated as the middle child of IT.
- The use of plugins and core security policies defined by browsers is a must, but also not enough. There is a high chance that a malicious user won’t access your platform from conventional browser clients.
- Bug bounty programs for web application frameworks, and all frameworks of sorts, are an inevitable necessity.
- For bug bounty platforms: reach out to more security-minded professionals to contribute who can think outside of the box.
- Read Violet Blue’s book, The Smart Girl’s Guide to Privacy. It’s a great gift for adolescents and teenagers.
- The IRS and Police departments don’t call you before they arrest you, it’s a scam!
- Two-factor authentication is your friend, and it’s a pain in the butt for evil doers.
- As cool as your dog names are, it’s pretty easy to find out this information for password resets. Instead, generate random strings with LastPass and save this information if you ever need to reset your account. PSA: LastPass has a family plan, I get it for my relatives as a holiday gift.
“The most effective of all hacking methods, the high art of deceiving, is social engineering. So organizations and consumers need to be aware of social engineering attacks to stay safe from the digital world!”
“Clearing caches and browsing history is something users should be aware of, particularly those accessing the internet via public wifi or a shared computer. Also, internet spammers and phishers are on an exponential rise and sometimes they too pose a risk. Awareness is the key!”
Many thanks to all our researchers who contributed to this blog, stay safe out there!
Got more ideas? DM us on Twitter at @Bugcrowd.