In the wake of the recent hack of @FFH_HQ, as a cybersecurity professional, I would like to provide the best practices that you can use to secure not just your #FPL accounts but all your personal accounts. Here are my two cents for the #FPLCommunity
First, let's start with passwords. If you have a habit of setting very generic passwords or passwords that relate to you, your name/family members/your address, it's the easiest low-hanging fruit for a hacker. It is important that you create passwords that are unique and complex
and something that only you should remember. If you find out that your account or the service that you use got hacked, immediately change your password while you can still access the service and notify the relevant people (Technical Support/Account Managers/Community Reps)
If there are financials involved in the hack like your bank information or credit card information. immediately inform the concerned authorities. Financial institutes do not mess around and will provide you with new debit/credit cards. Make sure credit authorities are informed.
This brings me to the next best practice - Password Management. There are some really good password management tools that are freely available in the market. I personally use @Bitwarden. @LastPass @1Password @dashlane are a few more
tools that I can vouch for. The best part about a password manager is that you have to remember only 1 password and that is the password to log in to your password manager account. The password generator option is also a great feature where these tools generate complex passwords.
Another thing to remember about password managers, if you forget your master password, chances are the password manager will lock you out or freeze your account. Be very careful and diligent while setting this password. You don't need another password manager for this😏
Use @haveibeenpwned to check if your PII (Personal Identifiable Information) such as email accounts/passwords/phone numbers were ever found in any data breach. There are several data breaches that happen every year. Be diligent and conduct regular checkups to verify security
Next: Multi-factor authentication (MFA). MFA adds an extra layer of security on top of your passwords. When you log in to your account, MFA or 2FA requires an additional piece of information to authorize your login. In general cases, it is a 6 digit code sent to your phone
or email. In my opinion, avoid using your phone number as a means to receive your 2FA code. Utilize email, FaceID, BioMetrics, Authenticator apps such as Google Authenticator or Microsoft Authenticator if your accounts are easily integrated with these tools.
You should set MFA for your email accounts/bank accounts/financial accounts with priority and also utilize the option wherever available.
Next: VPN (Virtual Private Network). A VPN secures your internet connection and guarantees that the data you are sending and receiving..
Next: VPN (Virtual Private Network). A VPN secures your internet connection and guarantees that the data you are sending and receiving..
..is encrypted and prevents hackers from snooping on your traffic. I personally use @NordVPN but there are many really options like @expressvpn @IPVanish @ProtonVPN which work perfectly fine.
Next: Secure / Private browsing. Use a web browser that prevents user data collection, trackers, and blocks ads. @brave @firefox @torproject are some of the really great ones.
Next: Review permissions to Apps and Social Media. You won't be able to fathom what level of data is collected by tech companies. Review the permissions assigned by your phone to each app that your use. Why does a game that I installed on my phone need access to my call logs?
Well, that's how they collect your data. Thoroughly go through all the app permissions on your phone and deny permissions if you need it's unnecessary. The same with social media, ensure you review the permissions that are assigned by default to your social media applications.
Last: Be aware of Phishing. Phishing is means of harvesting PII that hackers carry out by disguising as a trusted person or account or company. Phishing mainly happens via email where you receive an email that looks very legitimate and contains a link..
.. which takes you to a fake webpage where one can enter credentials. Once that happens, your creds belong to the hacker and they can do anything with them. This is a very sophisticated social engineering attack that can wreak havoc! How can you avoid getting phished?
1) Make sure you read the sender's email address. 99% there are spelling mistakes in the email address. If you receive an email from johnsmith@gmaaiil.com, then means that it's a phishing email.
2) Verify if you are unsure. Reach out to the person directly and verify.
2) Verify if you are unsure. Reach out to the person directly and verify.
3) Do not click on any links unless you are sure that the received email is from legitimate sources.
4) Educate yourself with all the technical resources available on the internet so that you will be able to differentiate between a standard email and a phishing email.
4) Educate yourself with all the technical resources available on the internet so that you will be able to differentiate between a standard email and a phishing email.
I apologize for the very long thread but this is what I do every day and want everyone to benefit from. I hope this best practices thread helps you all in safeguarding your online presence. Thank you! #FPL #FPLCommunity
@FFH_Will @FFH_HQ @FPL_Salah @FPLGeneral @BigManBakar @FPL_Heisenberg. I am sure the FFH team is working hard to recover from this hack. We stand in your support and hope for this thread can help spread cybersecurity awareness for everyone.🙌
• • •
Missing some Tweet in this thread? You can try to
force a refresh
