“There are no free lunches. If someone mysterious wants to give you something from the kindness of their heart, it’s almost always a scam. Leave the wealthy aunt to her imaginary riches.”
Taking care of cybersecurity doesn't actually seem that hard, right? Use authentic validated software, keep it up to date and fire up the antivirus. Job done.
Well, not quite. While the above-mentioned measures are still valid and necessary, it is becoming increasingly difficult to maintain cybersecurity, for individuals and organisations alike. Everything from loose lips in public to old potentially dangerous assets can pose a threat to cybersecurity. And that wealthy aunt offering massive riches is still bombarding people with e-mails...
That's why Cybernetica's cybersecurity experts have come up with 5 things you can do right now to improve your cybersecurity. Have a read and stay safe on the internet.
Get your passwords in order
When it comes to managing log-in information, the weakest link is usually, well, you. Do you have a favourite password you like to use for all of your accounts? Or maybe you’re using slight variations of that one password? If that’s the case, you are making yourself a juicy target for a cyber attacker.
People use the same password because remembering a bunch of different ones can be a hassle. Luckily this problem can be solved safely and securely by using a password management tool. Good tools are for example LastPass and Bitwarden and for more advanced users KeePassXC, which uses industry-standard encryption to protect your information and works on Windows, macOS, and Linux platforms. The software is open-source, meaning it is free of charge and provides the opportunity to examine the software code to facilitate trust in the software.
In addition to your accounts, you should also not forget about your password-protected devices. You’d be wise to change the user and admin passwords of your routers, smart-TVs, and other similar appliances. It can be surprisingly easy for hackers to find manufacturer passwords for all sorts of different devices by just using Google.
Oh, and one more thing: please use two-factor authentication! It’s a very simple and effective safety net that can protect you when your passwords are compromised.
Each organisation has a set of rules that dictate what is allowed for the employees and how they should act in the workplace. However, such codes of conduct almost always forget that for modern companies the internet is also a place of work and therefore requires its own set of safety measures.
An organisation that is committed to cybersecurity should establish rules about what employees are and are not allowed to do on the company’s network and devices. Is it okay to save passwords in the browser? Should USB sticks from unverified sources really be connected to computers? Oftentimes we don’t think about situations like these too much, but they can pose serious threats to your company’s cybersecurity.
Imposing a set of strict rules is one thing, but actually following them shouldn’t be so difficult it gives you a nosebleed. Reporting threats and potential security breaches should be rewarded and made as simple as humanly possible. You want your company’s assets to be protected, right? Then enable and encourage all of your employees, not only the IT department, to become the most effective line of defence against cyber threats.
Learn what you have to lose
Do you know what you own? This might seem like a silly question to ask but for organisations looking to defend themselves from cyberattacks, it’s an absolutely crucial one.
You have way more physical and digital stuff than you probably know. Have you forgotten about the thousands of old e-mails, spreadsheets, and documents, all containing varied in-depth information about all aspects of your organisation? They’re still out there and can potentially be used to harm you. Or what about old company phones and computers full of files, passwords, and other sensitive data?
This is where asset inventory comes in handy. In order to discover potential vulnerabilities, it is useful to map out your system and all of your assets, be they physical, virtual, remote, or cloud-based. Preparation is key to a good defence and you can only protect what you know you have.
Asset inventory is one part of Cybernetica’s new cybersecurity risk assessment offering. Our experts document your assets, evaluate how they are supported, and provide suggestions for regular reviews and updates of the inventory of all system assets. You can learn more about Cybernetica’s cybersecurity offering here.
Be careful in public
Readily available public WiFi has made life more convenient than ever. Nowadays most public places provide free and unlimited access to the internet to everybody. However, the price of such comfort is paid in drastically reduced security.
Public networks are goldmines for cyberattackers. If at all possible, don’t use WiFi networks that everybody has access to and that are not password protected. At airports, cafes, and other public locations it is much safer to opt for mobile data. It’s still not completely safe, but now you only have to trust your mobile service provider and not a random WiFi network.
In public, our high-tech gadgets are susceptible to another threat that no firewall or a cryptographical solution can help against: a good old pair of human eyes! Be mindful of what kind of information you have on your screen while strangers are around. Over-the-shoulder spying, both by prying eyes and cameras, has caused information leaks in the past, so lock the screen when you leave your device. Not only in public, but in the office as well. And definitely never leave your device unattended in public – a skilled attacker can use this time to plug in a USB stick that executes malicious actions.
It is also a good idea to establish a company-wide rule not to discuss clients, projects, deadlines, and other potentially sensitive data during off-time in public. When meeting with a couple of colleagues at a pub, the worst thing you want to worry about in the morning is a hangover, not an information leak. The walls have ears!
Learn to recognise scams
Isn’t it weird that so many people have been offered immense riches by a wealthy aunt, and yet nobody can name a single person who has ever seen even one cent of the fortune?
In an age where literally anyone with internet access can reach you directly with an e-mail, the mysterious wealthy aunt and her accomplices are hard at work perfecting their craft. Scams are getting harder to recognise and news about people losing a lot of money to cybercriminals are unfortunately not uncommon.
So what can we do? Always verify that the organisation or person asking for your information is actually legit. If you get a suspicious e-mail from your boss asking to transfer some money to another account, don’t hesitate to ask your supervisor to confirm it. Call up your bank if you think the notice you got from them looks fishy. And don’t open suspicious-looking attachments like imagepng.exe, paycheck_pdf_.js, WireTransferError.exe, or YourFedExPackage.pdf.exe.
And last, but not least: there are no free lunches. If someone mysterious wants to give you something from the kindness of their heart, it’s almost always a scam. Leave the wealthy aunt to her imaginary riches.