What Can Be Used For Long-Distance Shoulder Surfing?

Shoulder surfing may also be done from a distance using binoculars or other vision-enhancing gear.

·       When a coworker sits next to an employee while they converse on the phone about confidential business, a coworker can listen to the employee's call and take notes. 

·       Furthermore, if a person uses a public Wi-Fi network without utilizing a VPN, hackers can intercept important information.

o   Install a privacy filter

o   Maintain the awareness of your surrounding

o   Use a password manager

o   Protect pins

o   Avoid using public networks

A dumpster does not have limitations. It goes through access code passwords written down in sticky notes, and sensitive information such as phone call list, meeting minutes or calendar events and can be used by attackers using social media techniques to gain access to the network.

Disposed computer storage devices are can be a gem mine for attackers because information can be recovered from them, including those that have been improperly formatted or erased.  This will include trusted certificates and sensitive passwords. The equipment related to the TPM (Trust Platform Module) data or other hardware IDs that are trusted by an organization is included.

o, Ensure all identical information and data are removed from computer equipment before being disposed of or resold.

o   Use a matching secure storage media deletion method

o   Maintain a data retention policy and keep sensitive data clean.

o   Educate the employee about the risk while disposed organizational equipment

o   Using locked trash and trusted recycle bins

A dictionary attack is a method of breaking a network or a password protected computer by using words in a dictionary as a password. It can be used when asymmetric cryptography (encrypt/ decrypt) is done. This risk was created because personal users and businesses use ordinary words as passwords. These attacks usually fail due to the password policy being much updated.

o   Allow only three password attempts

o   Require a period of 5 – 15 minutes to re-attempt

o   Use meaningless letters, numbers and symbols

o   Use multi-factor authentication in user account

o   Allow only three password attempts

o   Require a period of 5 – 15 minutes to re-attempt

o   Use meaningless letters, numbers and symbols

o   Use multi-factor authentication in user account

o   Use encrypting and hashing algorithms

o   Enable two-factor authentication

o   Limiting failing login attempts

o   Implementing CAPTCHAS

o   Increase password complexity

o   Implement proactive threat hunting methods

o   Implement IT hygiene setup and updated security policies

An attack's purpose is to steal personal information such as user names, passwords, other account information, and credit card numbers. Users of banking apps, SaaS enterprises, e-commerce websites, etc...

o   Avoid open network Wi-Fi connection

o   Immediately log out from an application when it is not in use

o   Not using public networks

o   Paying attention to browser notification 

o   Use multifactor authentication

o   Use end-to-end encryption algorithms for applications

o   Using virtual private network

o   Secure browsing plugins

In other words, a replay attack is an assault on the security protocol that uses replays of data transmission from a different sender onto the intended receiving system, misleading the participants into believing the data communication was successful.

o   Use advanced digital cryptography

o   Using one-time password
o   Use third party authentication

 

o   Use strong password related to password policy (numbers, letters – ^uppercase and _{lower case}, symbols)

o   Enable two-factor authentication

o   Get to know about network traffic of the using network

o   Create a DOS response plan

o   Scale up your bandwidth

o   Move to the cloud

o   Use a unique password for each service

o   Use a web application Firewall

o   Limit authentication requests and send notification

o   Use multi-factor authentication

o   Use Firewall

o   Install a password manager

o   Update the system

o   Consider other additional security tools

o   Change your password

o   Do not click on unknown links

o   Do not give information to unsecured websites

o   Rotate password regularly

o   Do not ignore security patch updates

o   Install firewalls

o   Do not be tempted by pop-up messages

o   Use authorization and authentication mechanisms

o   Use Firewalls

o   Use Digital Signatures

o   Enable multi-factor Authentication

o   Enforce the  use of strong passwords

o   Review passport management programs

o   Create security awareness in workplace