Cybercrime has quickly become a major problem for
businesses, governments and citizens all over the globe.
While awareness of this multifaceted threat is
increasing, we’re still making the same blunder when it comes to cybersecurity,
as a recent study by the Pew Research Center alluded to.
Here are a few security mistakes to be aware of.
Email: This ruse is
nothing new
Social engineering tactics are as old as the day is long, yet
people keep falling for them. Today, phishing via email has become incredibly
commonplace.
Although criminals are improving the ‘quality’ of
these emails, with some targeted – known as spear phishing – emails looking
incredibly authentic most do not (telltale signs
include poor spelling, random email address and far-fetched claims that you’ve
won millions).
Keep yourself safe by carefully checking the
recipient, the request, and use some common sense – search via Google rather
than using the enclosed website address. Also, be cautious of attachments, as
they may be malware-infected. It’s important to check file extensions and to
only open files deemed safe and from legitimate sources.
Social media: New
hunting ground
Social media has become the go-to-market for
cybercriminals eager to compromise people. It’s no surprise, as many
users still fail to adequately look after their networks (for example, a 2016
survey showed that 58% of people do not know how to update their privacy
settings).
As with email, and post too, always check the
authenticity of the sender (do they look credible?), the message and the link
(which will likely be shortened). Beware trending hashtags too, as many as now
using these to catch out unsuspecting Twitter and Facebook users trying to
catch-up with the latest breaking news.
Attitude: It won’t
happen to me
Forget technology for a second, culture is arguably
the biggest issue with security right now, and this has been the case for 20
years. CEOs think they won’t be targeted and citizens think much the same (i.e.
it won’t happen to me).
This complacency is misguided, as everyone is a
potential target. Accordingly, this attitude can often result in
poor security habits, with individuals and organizations treating, for example,
password and Wi-Fi security not as seriously as they should.
This is despite the fact that good cybersecurity
can be achieved relatively easily, through good password hygiene, regular
software updates, anti-virus and even password managers, VPNs and secure
encrypted messaging apps.
Passwords: The easy
way in
Generic, guessable passwords can be easily cracked,
and they can open a can of worms if you use the same password across several
accounts. Brute-forcing passwords is increasing fast and easy for criminals
today equipped with either huge computing power, or access to buy such
expertise on the dark web.
Weak passwords, such as 123456; password; 12345678;
and qwerty remain commonplace, with many people failing to see how this
‘low-hanging fruit’ is an entry point for cybercriminals. According to Forrester, 80% of all attacks involve a weak or stolen password.
Fortunately, some web providers now forcing you to
generate random passwords, or create complex ones. You may want to consider a
password manager, as well as passphrases.
Software updates: A lack of
Whether on desktop, laptop or mobile, there’s
always another software update for an app, our operating system or
security solution. Interestingly, the constant pop-ups irritate us, with many
people failing to understand just how important they are.
If we fail to update, we’re effectively leaving our
software and devices vulnerable to attack, as cybercriminals look to exploit
out-of-date flaws. Configuring automatic updates from trusted providers can
make sure these are installed regularly.
https://www.welivesecurity.com/2017/05/19/ignoring-software-updates-youre-making-one-five-basic-security-mistakes/?utm_source=feedburner&utm_medium=email&utm_campaign=Feed%3A+eset%2Fblog+%28ESET+Blog%3A+We+Live+Security%29