Cybercrime is one of the fastest-growing crimes in the world. As it continues to impact businesses in all industries, people need to be more proactive. Unless you want your company or firm’s name to end up in the headlines because of a security breach, you need to pay more attention to cybersecurity tips and best practices. It is difficult to keep up when cyber criminals are persistently looking for new security risks.
Don’t ever say, “It won’t happen to me.” We are all at risk. Cybersecurity is everyone’s responsibility. By following the tips below, you are doing your part to protect yourself and others.
Avoid Phishing scams – look out for suspicious emails, text, private messages and phone calls. Phishing scams are a constant threat – using various social engineering ploys, cyber-criminals will attempt to trick you into divulging personal information such as your login ID and password, banking, or credit card information. Phishing scams can be carried out by phone, text, or through social networking sites – but most commonly by email.
Be suspicious of any official-looking email message or phone call that asks for personal or financial information. the alphabet groups will not call you if they want you.
We recently blogged that phishing scams are nastier than ever this year. In a phishing scheme attempt, the attacker poses as someone or something the sender is not to trick the recipient into divulging credentials, clicking a malicious link, or opening an attachment that infects the user’s system with malware, trojan, or zero-day vulnerability exploit. This often leads to a ransomware attack. In fact, 90% of ransomware attacks originate from phishing attempts.
A few important cyber security tips to remember about phishing schemes include:
Bottom line – Don’t open email from people you don’t know
Know which links are safe and which are not – hover over a link to discover where it directs to
Be suspicious of the emails sent to you in general – look and see where it came from and if there are grammatical errors
Malicious links can come from friends who have been infected too. So, be extra careful!
Protect Your Sensitive Personal Identifiable Information (PII)
Personal Identifiable Information (PII) is any information that can be used by a cybercriminal to identify or locate an individual. PII includes information such as name, address, phone numbers, data of birth, Social Security Number, IP address, location details, or any other physical or digital identity data. Your credit card information should be protected by companies if they follow the PCI DSS standards.
In the new “always-on” world of social media, you should be very cautious about the information you include online. It is recommended that you only show the very minimum about yourself on social media. Consider reviewing your privacy settings across all your social media accounts, particularly Facebook. Adding your home address, birthdate, or any other PII information will dramatically increase your risk of a security breach. Hackers use this information to their advantage!
Update your PC, MAC, tablet, or any device regularly. Any connection to the Internet is vulnerable, and it’s a key feature hackers try to exploit. Keep every connection, operating system, and application up to date with patches and enhancements. Implementing software and system security updates quickly limits exposure to vulnerabilities.
Installing software updates for your operating system, hardware and programs are critical. Always install the latest security updates for your devices:
Turn on Automatic Updates for your operating system.
Use web browsers such as Chrome or Firefox that receive frequent, automatic security updates.
Make sure to keep browser plug-ins (Flash, Java, etc.) up to date.
Avoid opening suspicious emails and links. Avoid visiting unknown websites or downloading software from untrusted sources. These sites often host malware that will automatically install (often silently) and compromise your computer.
If attachments or links in the email are unexpected or suspicious for any reason, do not click on it. If you have questions, reach out to someone you trust who can help.
Only install these programs from a known and trusted source. Keep virus definitions, engines and software up-to-date to ensure your programs remains effective.
Implement VPNs for all connections
Networks that are protected only by generic security measures are more vulnerable to attack. Implement virtual private network (VPN) connections between office locations and make their use easy—and mandatory—for mobile employees who may connect through public Wi-Fi services.
Strong passwords are one of the first lines of defense against breaches and changing them occasionally may help keep hackers out. But most staff will not voluntarily update their passwords, even when prompted. Make regular password updates mandatory and teach users how to create and remember strong passwords.
We all have too many passwords to manage – and it’s easy to take short-cuts, like reusing the same password. A password manager can help you to maintain strong unique passwords for all of your accounts. These programs can generate strong passwords for you, enter credentials automatically, and remind you to update your passwords periodically.
Our Protecting Your Credentials how-to article contains detailed recommendations for keeping your password safe.
Back up important data
Back up regularly – if you are a victim of a security incident, the only guaranteed way to repair your computer is to erase and re-install the system.
The physical security of your devices is just as important as their technical security.
If you need to leave your laptop, phone, or tablet for any length of time – lock it up so no one else can use it.
If you keep protected data on a flash drive or external hard drive, make sure their encrypted and locked up as well.
For desktop computers, lock your screen or shut-down the system when not in use.
Keep high-level Protected Data (e.g., SSN’s, credit card information, student records, health information, etc.) off of your workstation, laptop, or mobile devices.
Securely remove sensitive data files from your system when they are no longer needed.
Always use encryption when storing or transmitting sensitive data.
Considering how much we rely on our mobile devices and how susceptible they are to attack, you’ll want to make sure you are protected:
Lock your device with a PIN or password – and never leave it unprotected in public.
Only install apps from trusted sources (Apple AppStore, Google Play).
Keep the device’s operating system up-to-date.
Don’t click on links or attachments from unsolicited emails or texts.
Avoid transmitting or storing personal information on the device.
Most handheld devices are capable of employing data encryption – consult your device’s documentation for available options.
Use Apple’s Find my iPhone or the Android Device Manager tools to help prevent loss or theft.
Password managers create and store your usernames and passwords in an encrypted vault that you can access across your devices and UC Berkeley offers FREE LastPass PremiumAt a minimum, separate your work/University and personal accounts and make sure that your critical accounts have strong passwords — and multi-factor authentication when available.
Pay by credit card, not debit card. Credit cards offer protections that may reduce your liability if your information is used improperly. Debit cards typically do not have the same level of protection. A related tip is to use a separate credit card only for your digital transactions. While this won’t prevent theft, it will limit your exposure and make online fraud easier to detect.
Less reputable apps can include malicious software (“malware”) designed to steal credit cards and other sensitive information. Get yours from an official store and keep your apps up to date.
Ignore pop-up offers and deals sent to you via text. Just delete them and don’t respond, click on any links, or call any phone numbers. Similarly, don’t respond to popups saying that you need to buy anti-virus software or software to “clean your infected computer.” These are all scams.
Use a six digit pin or biometric (fingerprint or facial scan) and set a timeout that locks your devices after a period of inactivity.
When you’re on public Wi-Fi, never access anything private. Accessing sports scores? Cool. Accessing your bank account? Not so much. If you use a business’s Wi-Fi, make sure to ask the owner for the exact name and password of the network.
According to McAfee Labs, your mobile device is now a target to more than 1.5 million new incidents of mobile malware. Here are some quick tips for mobile device security:
Create a Difficult Mobile Passcode – Not Your Birthdate or Bank PIN
Install Apps from Trusted Sources
Keep Your Device Updated – Hackers Use Vulnerabilities in Unpatched Older Operating Systems
Avoid sending PII or sensitive information over text message or email
Leverage Find my iPhone or the Android Device Manager to prevent loss or theft
Perform regular mobile backups using iCloud or Enabling Backup & Sync from Android
Another important cybersecurity tip revolves around making online payments. When you make an online payment, avoid using debit cards. Or anything tied directly to your bank account in fact.
Instead, use options that give an extra layer of protection between hackers and your bank accounts. This could be a credit card with insurance or a type of online payment method like PayPal.
A lot of websites allow you to save your credit card information to make future buying faster and easier. Don’t do it. Breaches happen all the time. There’s nothing to steal if your credit card isn’t saved on the site. It may seem like a hassle, but we promise that it’s not as bad as having your information stolen.
In this age of social media, it’s easy to share a link online. But, exercise caution when visiting new sites. It’s possible these sites carry “drive-by download attacks” that can threaten your data.
With a drive-by download attack, a user doesn’t even have to click on anything for their computer to get infected. Just visiting a site is enough to pass on malicious code. So, it’s best to stick to well-established sites you know and trust. Although these sites can be hacked too, it’s less likely.
Social media is a great way to keep in touch with friends and family. But, be aware of what you are sharing online. Criminals and hackers can learn a lot of information about you by observing your public profile. And just like you wouldn’t share all your personal information with a stranger, you shouldn’t share it all online either.
Downloads are a prime tactic hackers use to gain access to your network. To protect your computer and your data, limit your downloads. Any unnecessary software or browser extensions should be avoided. And in an organization, employees should need authorization before downloading anything from the internet.
If you deem a download safe, always choose a custom install and watch carefully. If any add-ons or extensions pop up during automatic installations, decline them.
Although many things online are secure, it’s better to be safe than sorry. Be aware of any links you are clicking, software you are downloading, and sites you are visiting. Keeping a little healthy paranoia towards email, social media, and the internet can help you catch things that would otherwise slip by.
This is one of the most important Cyber Security email tips that you can use and follow regularly to keep your data safe. Stay cautious of the unknown links you receive through emails, messages, or while visiting other web pages that are not secure enough.
Clickjacking is among the most common methods used by hackers to gain access to your personal data. Just because you are capable of clicking these links does not imply that you should because if these links are malicious then, it can cause you to lose hefty amounts and can damage your life in several ways.
Links in mails in the form of password recovery emails, bank statements, etc. are among the most popular methods used by hackers to trick you and gain your personal information. The fake sites connected to these links are too similar to the real ones where the hackers will get you to provide your personal details and gain access to your account using the same.
Hackers can attack your systems and networks through various methods, such as malware, viruses, phishing attacks, trojans, spyware, etc., to gain access to your data. With the help of anti-virus software and firewalls, your system will be capable of defending itself against these attacks. You need to ensure that your firewall or the software that you are using is updated regularly and prevents such cyber threats before they occur.
You can use antivirus software like McAfee, TOTAL AV, Norton, etc., and firewalls, such as NGFW, NAT firewalls, etc. In order to keep your data protected from all possible threats, it is important for you as a user or an employee to have Cyber Security awareness.
Learn About Phishing Attacks
In phishing attacks, hackers assume a different identity in order to trick you so that you provide them with your credentials, click on a malicious link, or open files or attachments that can attack the system with viruses or other malware. This can lead to a ransom attack. Some of the tips you can use in order to prevent this from happening and avoid getting caught in a phishing scam include:
Do not open emails from unknown people or sources
Hover over the links before clicking to figure out where they direct and if the link seems unsafe, do not click it
Check for any type of grammatical errors and the id of the sender
Educate your friends and family about such types of errors so that they avoid opening such emails or forward them to you without any knowledge
If you are using public WiFi, make sure that you use a Virtual Private Network (VPN) along with it. VPN allows your device to be secured as it encrypts the traffic between the server and your device. This increases the difficulty of hackers when they try to access your personal data by hacking into your device. If you do not have a VPN on your device, you should use a mobile network or other connections to use the internet.
It takes only a few seconds to secure your computer and help protect it from unauthorized access. Lock down your computer every time you leave your desk.
Set up a screen-saver that will lock your computer after a pre-set amount of time and require a password to log back in.
If your computer is used by more than one person, you may want to create individual accounts, with unique login and passwords for each user.
Choose a strong password. A good password should always include upper and lowercase letters, numbers, and at least one special character. Do not set the option that allows a computer to remember any password.
When you monitor your accounts, you can ensure you catch suspicious activity. Can you recall everywhere you have online accounts and what information is stored on them, like credit card numbers for easier payments? It’s important to keep track of your digital footprint, including social media, and to delete accounts you’re not using, while ensuring you set strong passwords (that you change regularly).
When hackers can’t find a security vulnerability, they’ll attack in other ways. Enter social engineering. This type of attack is more of an attack on the mind of the user, rather than on the device, to gain access to systems and information. Especially with the information publicly available online and over social media, cyber criminals come up with creative ways to dupe users.
As soon as you get notified about software updates for your operating system, perform them, as they contain the latest security patches. Here’s how to do it on the most popular types of devices: