Watch: Top Cybersecurity Habits to Protect Yourself in 2023

Date July 26, 2023

Highlights of the July edition of the HBK Risk Advisory Services webinar series hosted by William J. Heaven, CPA/CITP. CISA, CSCP, Senior Director, HBK Risk Advisory Services.

Watch On-Demand.

Practical advice for protecting yourself and your company from cybersecurity attacks.

How hackers obtain personal identifiable information (PII): the most sensitive personal informatio.n

  • Credential stuffing and stealing (stuffing account credentials like combinations of user i.d.s and passwords, which they can sell for use on the dark web)
  • Social engineering
  • Malware (malicious software)
  • Public wifi
  • Password spraying: looking for other accounts for same person because people use the same password for multiple accounts (similar to credential stuffing)
  • Data breaches: information stolen that is held by another organization, like a retailer or medical insurance firm
  • – Use the site to check for breaches from data bases and learn where you might have compromised data or what has been compromised, such as email or phone number. The site also provides recommendations.

    Biggest takeaway about responding to emails, etc: Be skeptical.

    Key takeaways from the 2023 Verizon Data Breach Investigations Report (DBIR).

    Key components of a data breach:

  • Stolen credentials
  • Phishing
  • Exploitation of vulnerabilities
  • Hacker motivations:

  • 95 percent motivated by financial gain
  • Espionage, a very distant second, less than 2 percent
  • Pretesting on the rise:

  • Half of all social engineering incidents in 2022 used pretesting – a script to gain entrance
  • Business email compromises: almost all pretending be a vendor
  • Ransomware involved in 24 percent of cyber attacks in 2022:

  • External actors looking for money and data involved in 83 percent of braches
  • Internal actors cause 19 percent of data breaches
  • Errors (intentional or unintentional) down in 2022 but continue to be a trend
  • The PII Market

    Surface Internet equals about 5.5 billion pages, only 4 percent of total internet.

    The Deep Web: typically not searchable by general public, such as healthcare or academic records, legal documents; equals 90 percent of data on internet.

    Dark Web: about 6 percent of internet pages

  • Difficult to get to; need special browsers
  • Don’t want to go there because likely to pick up malware or viruses
  • What you can get there: credit card data; social media user accounts; forged documents (scans); forged documents (physical); email database dump (can buy 10 million U.S. based email addresses for $120); online bank account login for U.S. banks; and hacking tools, including malware and DDOS attacks
  • Hygiene Habits to Mitigate Risk


  • Composition and length (to make it harder to crack)
  • Brute force password cracking
  • Use a unique password for each login
  • Use password manager to store passwords and gain access without remembering them
  • Turn off “save password” feature in your internet browser
  • Password composition and length:

  • Don’t use a single word or numbers in sequence
  • The more characters in your password, the longer it will take for a hacker to crack it
  • Averages: Most corporate passwords use 8 to 10: 8 character takes a day; 10 characters takes 5 years
  • Recommend using a passphrase combining numbers, symbols, uppercase, and lower case characters
  • Phishing/Smishing/Vishing:

  • Phishing: a social engineering attack via email
  • Smishing: a social engineering attack via text
  • Vishing: a social engineering attack via phone/voicemail
  • Ways employed to trick you:

  • Domain name is misspelled or spoofed
  • Use of cryllic alphabet
  • Antivirus and antimalware:

  • Top antivirus solutions in 2023: Bitdefender, McAfee, Malwarebyes, Norton
  • Run one of these programs to make sure you’re clean
  • Be careful:

  • Using out-of-office attendants: don’t give where you’re going, dates you’re traveling, any contact information
  • Replying to unsubscribe links: similar risks as out-of-office attendant
  • Using social media: giving too much information
  • Online Accounts:

  • Regularly monitor the account and sign up for alerts by email or text
  • Log in regularly to bank accounts to make sure your balances are accurate
  • Identity Protection:

  • Use your free annual credit report (; one free report from each of three credit bureaus
  • Freeze your credit (even though you can’t get your annual free report)
  • Use mutifactor identifications
  • Shred documents containing PII
  • Use fictitious answers to security questions to avoid giving away personal information (have to remember the answers you make up)
  • If you are hacked, report it to the Internet Crime Complaint Center at

    Speak to one of our professionals about your organizational needs

    "*" indicates required fields needs the contact information you provide to us to contact you about our products and services. You may unsubscribe from these communications at anytime. For information on how to unsubscribe, as well as our privacy practices and commitment to protecting your privacy, check out our Privacy Policy.