LearnKey Blog

Author: Wayne Seavolt

Your QRF (quick reaction force) of device security

Just as in natural or organic life, in cyberspace, a virus is something that you do not know you have until it reveals itself.

Silhouetted figures against a bright sky, climbing on a giant rope net in an outdoor setting. The ropes crisscross to create large squares. The climbers are at various points on the net, grasping and stepping on the ropes, suggesting a military exercise.

Note: Names have been changed in this post to protect individuals’ privacy.

While reading cybersecurity headlines, a cadence from my military days and a story sprang to mind:

Up in the morning at the break of day;
I don’t like it—no way!
Eat my breakfast way too soon;
Hungry as a hippo by noon.
Went to the mess sergeant on my knees:
“Mess sergeant, mess sergeant, feed me, please!”
Mess sergeant said with a big ol’ grin,
“If you wanna be airborne, you gotta be thin.”

Once, we were flying our unit into our base camp during a deployment. After landing the helicopter, the soldiers were egressing out of the aircraft, and we could see something was wrong. We noticed one of the soldiers, Pvt. Royce, had a jaw that had swollen to twice its normal size, and he looked like some blue cartoon genie character, minus the being blue and living in a lamp. He had an infected tooth, and the altitude had made the infection fester and spread. He was given antibiotics to isolate the virus and remove it from his system before he could get the tooth removed and back to normal—or at least normal for him.

I know you’re wondering what this has to do with cybersecurity. Just as in natural or organic life, in cyberspace, a virus is something that you do not know you have until it reveals itself. As you might have guessed, we are discussing why you need to install antivirus software and do patches or updates.

1. Install and maintain antivirus/anti-malware software

Why is antivirus necessary? Consider Pvt. Royce’s swollen jaw as an analogy. Pvt. Royce was given antibiotics to kill and stop the infective bacteria from multiplying. He needed to follow a strict dosing schedule and take the entire regimen of pills. Similarly, an up-to-date antivirus that performs regular scans will actively detect, isolate, and remove malware from the system before it causes irreparable damage to a system.

An antivirus on your computer creates a safety barrier and an early alert for your local intranet, keeping it safe from viruses before infection happens. Yes, I spelled ‘intranet’ correctly, for the record. Just like there is the internet, the world wide web that connects everyone around the world (think infinite cosmic powers, all at your fingertips), there is also what is called the intranet. Think of it as a smaller, private version of the internet that is custom-built for your home or workplace (mini, somewhat infinite cosmic powers in your living space).

With the wide acceptance of remote work, a Windows computer can be safer in a coffee house wi-fi than at your home. What do I mean by that? With all the safety features turned off at home, any device with malware on your local intranet that connects to your device can infect it. Every day, you can open the cybersecurity headlines and find where a virus, trojan, or some malware has infected a device and part of the CPU is being used for nefarious purposes, such as illegal crypto mining, slowing down your performance, or, worse yet, being added to a botnet to launch a DDoS (distributed denial of service) attack against a target.

There are many suitable antivirus applications you can purchase or use. Windows Defender is already built into Windows, and there are several alternatives with different strengths and weaknesses. For my devices, my personal favorite is Malwarebytes. This blog is not a paid endorsement unless Malwarebytes wants to change that. Anyone? Anyone? Well, maybe next time. Back to Pvt. Royce. If he had not taken the antibiotics or followed the schedule, his infection could have been fatal. Whatever antivirus you choose to use, install it and keep it on with at least hourly updates and twice-daily scanning.

2. Don’t forget about your internet browser!

For most of us, our internet browser (Firefox, Chrome, Edge, Brave, etc.) is our computer’s primary connection to the world outside our intranet. Your computer’s antivirus provides some protection against web-based threats, but your browser, like Pvt. Royce’s teeth, deserves special attention and additional protection.

Optimize browser security settings and practices. Remember that security starts with you! Never save passwords in your browser. Explore your browser’s security settings, especially cookie handling and privacy preferences. Changing your cookie settings to “Ask me each time” gives you better control over the data websites collect and enhances privacy and security.

Install browser antivirus extensions. Add extensions to block ads, tracking, and threats to enhance your browser’s built-in security. Browser extensions—uBlock Origin, Malwarebytes, or Privacy Badger, to name a few—can give you an extra layer of protection by identifying and blocking malicious websites or scripts:

A close-up of a stethoscope resting on a laptop keyboard, illuminated by blue light. The stethoscope's diaphragm is centered and in focus, implying a metaphorical diagnosis or maintenance of computer health

3. Patch and update your systems

Regularly update software and systems. Keeping the operating system (Windows, Mac, and Linux) and software applications up to date is imperative. On average, according to the University of Maryland, every 39 seconds, a computer is attacked while online. On average, that is 2,244 times a day! Software and operating system updates are your first line of defense. They often contain security patches that fix known vulnerabilities. Many attacks can be stopped in their tracks by simply updating your OS and apps.

In the military, we had what was known as the QRF (quick reaction force). These soldiers were the early warning system and were considered expendable; their job was to hold off an attack and provide alerts to keep the core unit safe while waiting for backup. Think of updates as your QRF. As attacks are reported to developers, they release patches to seal the hole for found exploits.

Automate your updates. By enabling automatic updates for your operating systems and software, you ensure that you receive critical security patches, which reduces the risk of an attack. Regarding software, here’s my rule of thumb: if I have not used it in six months, I remove it. Everything you keep needs to run occasionally to check for updates.

Conclusion

Well, it’s time to land this chopper. Remember, you need a healthy antivirus to fight off, well, the viruses. If you have a hole in your patching, things will slip through, so automate it, if possible. Deploy your QRF tools or your quick reaction force to keep you alert and able to react to threats. Get busy protecting your data, or else you’ll need to—as we used to say in the military—get ready to suck it up, buttercup.

A Super Passion for Cybersecurity and Advice for Newbies

“My advice to everyone trying to be more cyber-secure is to start at the beginning: passwords.”

In the BBC series Sherlock, the pilot episode begins with Dr. Watson, an ex-soldier, being told to start a blog and write about everything that happens to him. His response is, “Nothing happens to me.” My employer asked if I would write a blog about cybersecurity events and how an analyst thinks. Before I switched from my previous career to cybersecurity, I would have said the same thing as Dr. Watson—“Nothing happens to me.” Being a military veteran myself, when you compare the life of a soldier to others’ lifestyles, it seems like nothing happens in the civilian world. But, like Dr. Watson, once one finds a career that brings their passion back, they can suddenly blog. I have found my passion again in all things cybersecurity, and I hope you find that passion helpful and engaging. I will not be sharing any cases, but tips and practical advice on how to be a blue teamer or defender.

As a defender, you are not an avenger. Instead, you protect—you establish risks, set up parameters, and do cyber hunting in your domain. If you’re wondering where to begin, my advice to everyone trying to be more cyber-secure is to start at the beginning: passwords.

Passwords and MFA (Multi-Factor Authentication)

If you are new to cybersecurity, a password must be replaced with a passphrase and, if possible, a password manager.

Creating a passphrase

1. Level Up Your Password Game. When it comes to passwords, go for the ultimate power-ups! Craft them with a mix of uppercase and lowercase letters, numbers, and epic special characters. Beware of newbie moves like using birthdays, common words, and cliché phrases. And to really power up and go for the bonus levels, use a passphrase. Take a quote from your favorite book or movie and mix it up or combine multiple. Here’s an example mashing quotes from The Avengers with The Lord of the Rings:

All who wonder, lack conviction.

We’ll take that passphrase and change certain letters to symbols:

A//whoW0nder,la(kConviction!

Now you have added your signature move with special characters!

2. Save Your Game by Using a Password Vault. Do not let it be game over because you reuse your passwords, or because they are not strong enough, or worse, because you forget them. Get a trusty password vault, and be the superhero of

your online security! With a password vault, you’ll organize your accounts and generate long, strong passwords that even Sherlock Holmes couldn’t crack. With a password vault, you only need to memorize one passphrase or cheat code: one vault to rule them all, one place to find them, one vault to bring them all… well, you get it.

Utilizing MFA

3. Enable Multi-Factor Authentication (MFA): Block Like a Fighting Game Hero! MFA is your secret move, the combo that makes you unbeatable. To unlock MFA, you must master the trifecta of authentication: something you know (your username/password combo), something you have (like your trusty authenticator application), and something you are (like your thumbprint or facial recognition).

First, you unleash your cyber knowledge uppercut, entering your username and password. Next, unleash your right cross and let it fly through the interwebs to connect to your authenticator app, generating a unique code that only you can access to your digital passcode power-up box. With MFA, you become the hero of your digital security. Blocking unauthorized access, you’re ready to TKO an advisory in their tracks from accessing your accounts!

Are you ready to get in the game and ignite your passion for cybersecurity? Then select the start button, stop reading, and start working!