Tomas Foltyn, security writer at ESET explains how some essential steps can increase your online safety for now and in the long run too
October is recognized as European Cyber Security Month in Europe and as National Cyber Security Awareness Month across the pond, giving us all ample opportunity to pause to think about the growing importance of cybersecurity and about ways to stay safe online.
And that’s not all as far as special dates go. October 5, also happens to be World Teachers’ Day. Frankly, the timing for recapping, or brushing up on, some of the most essential cybersecurity skills could hardly be better. In line with ECSM’s theme, “Practice basic cyber hygiene”, here are a few basic tips for staying safer online.
Know the risks
It all starts with the awareness of the risks along with the realization that everybody is a potential target. Much of what we do every day involves the internet positively in one way or another. On the other hand, the digital world is also inhabited by criminals who never miss a chance to steal fellow netizens’ data or money, or both. First of all, then, it pays to be clear-eyed not just about the benefits, but also about the security and privacy risks of cyberspace.
This ties in with the fact that attackers deploy ever more advanced tools and techniques to attack their targets. While we hold no sway over attackers’ capabilities and incentives, we can make their “job” harder by acknowledging and addressing the vulnerabilities in ourselves, as well as in our devices and software.
To err is human, but …
Speaking of our weaknesses, attackers are keenly aware of them, too. You’re too trusting, curious or willing to help, you’re prone to panicking and making rash decisions, and so on: these are some of the most common traits in human behavior that are exploited by phishing campaigns.
Phishing scams are designed to steal your sensitive data and/or money through malicious emails, websites or text messages that have the look and feel of official communications from legitimate entities. And, due to their effectiveness, these scams are a constant threat.
The key line of defense is not to blindly trust any message you receive and beware anything that can be clicked, such as links or attachments. Indeed, you’re best-advised not to click anything in messages that arrive out of the blue or sound too good to be true, as a click or two can have far-reaching consequences. Double-check that the message and its sender are legitimate. If in doubt, throw it out and never look back.
Keep it current
You know that already but, still, for what it’s worth: software is not free from flaws, either. However, installing updates and patches for all your software as soon as they’re released is a rather effortless way to reduce the number of openings that attackers can use to compromise your systems. Regardless of whether it’s your operating system or the myriad applications along with their plugins and add-ons, you do yourself a disservice if you don’t apply the fixes in prompt fashion.
Left unpatched, the vulnerabilities can act as an easy entry into your devices. This is doubly true for software that is known to often contain vulnerabilities exploited by cybercriminals. The easiest way to plug known holes in your software, in home settings anyway, is enabling automatic updates.
In addition, it is extremely important to enable auto-updates also for your dedicated security software. A reputable security solution uses multiple layers of defense and a variety of detection techniques with an eye towards preventing the increasingly sophisticated and constantly evolving threats of today from compromising your machine.
Play safe on social
A great deal of the internet’s appeal involves connecting with people, including those we rarely see in real life, as well as with complete strangers. It’s only natural that such networking commonly involves the sharing of seemingly innocuous but still rather personal information. On social media – where the atmosphere is often casual and where we are surrounded by pals (and “pals”) – we’re prone to relaxing our vigilance.
However, the resulting blithe (over)sharing of details from one’s life can backfire if the information ends up in the wrong hands. Social platforms are a trove of valuable information for scammers, who can leverage information divulged by the victims in order to orchestrate effective spearphishing campaigns that can lead to account takeovers.
Additionally, if one of our friend’s accounts is taken over, it can be further misused to spew out malicious messages or links to contacts or followers. The hack of the Twitter account belonging to Kevin Bacon – who doesn’t happen to be our friend – from a few years back provides a good example.
The key preventive measure is to be sensible when it comes to divulging private information online. Also, review your accounts’ privacy settings on a regular basis and, ideally, limit who can see what you’re up to.
Lock down your logins
Passwords are often keys to your online identities, which alone is enough to highlight their importance. Choose strong and unique passwords or passphrases, especially for accounts that are home to sensitive information about you, such as email, social media, or banking accounts. Refrain from re-using your password, since that puts other accounts of yours at risk, too. Should you fall prey to, say, a phishing attack and one of your accounts is taken over, having a unique and complex password for each account significantly bolsters your defenses from credential stuffing. More than four out of every ten login attempts globally were recently found to be made by automated tools deployed to break into users’ accounts.
Moreover, it’s worth enabling an extra layer of security beyond the password by adding an extra authentication factor. While not a panacea, two-factor (or multi-factor) authentication will normally go a long way towards shielding your valued online accounts from harm. In fact, in a world where login credentials are stolen or leaked by the millions and phishing campaigns are rampant, a failure to implement 2FA on valuable accounts can be seen as tantamount to asking for trouble.
With information technologies increasingly woven into the fabric of society, going about our days without the internet is next to unthinkable. That alone is, in fact, enough of a reason to make sure that, whenever you navigate the internet, security is – and remains – your top-of-mind concern.
You may also want to read our brief reflection from earlier this week on why being cyber-smart is important and why it is a shared responsibility.