The term “security awareness” involves making people aware enough to act, it demands, not only a set of rules but for a security mindset to be created. Just being aware of the threats is not enough, understanding the threats and their impact on the people, organization, and oneself it’s also a big part of being cyber aware. And with that understanding, appropriate action must be taken.
A popular story about security awareness is about USB flash drives. A security researcher sprinkled a parking lot with some USB flash drives in order to see what would happen. Some were picked up by company employees, and in one test, over half were inserted into ports onto the company computers. They could have contained malicious malware that could have hurt the company. In fact, this has been used in the past as a genuine attack vector.
The expected lesson is to never stick unknown devices into your computer. However, the real problem was that the ones that plugged in the USB drives lacked the mindset that would tell them that the drives could have malicious malware and be a threat. The correct response should be to turn them into the security team in case they were genuinely lost. Security professionals could have made a more informed decision.
Being cyber aware is not something that people will develop on their own; they need some kind of education. This is often called “Security Awareness Training” or “Cyber Security Awareness Training”
It’s important to highlight that it’s everyone’s job to ensure online safety at work. With several aspects of this theme, including the education and training of the security staff, end-users training for awareness as well as operational considerations such as risk management, resilience, and resistance. Nonetheless, the most important and fundamental factor that gets right to the heart of organization security is ‘’Security is something we all have to participate in, it doesn’t just magically happen to us”.
Here are some Cyber Security Tips to help you become more cyber aware.
1. Keep Your Software Up To Date
Ransomware attacks have been a major attack vector for both businesses and consumers for the last several years. One of the most important tips to mitigate ransomware is patching outdated software, operating systems, and applications. This is a great help to remove critical vulnerabilities that hackers exploit to access your devices. Other quick tips include:
Turn on the automatic system updater.
Make sure your web browser uses the automatic security updates features.
Keep browser plugins like Java, Flash, etc. updated.
2. Make Use of Anti-Virus Protection & Firewalls
Software protection from antivirus has been the most predominant solution to fighting malicious attacks. These antivirus programs block malware and any other malicious viruses from entering the device and compromising important data. It’s important to use anti-virus software from trusted vendors and only run one at a time on your device.
Using a firewall is important when defending against malicious attacks. A firewall helps filter out hackers, viruses, and other malicious activity that occurs over the internet and determines what traffic can be allowed to enter your device. You should also have a firewall built in your router to prevent attacks on your network.
3. Use a Password Management Tool & Strong Passwords
Strong passwords are critical to online security, and the truth is that they are essential in keeping hackers away from your data. When creating passwords you should consider:
Dropping the cray and complex mixture of upper and lower case letters, numbers, and symbols. Instead, go with something more user-friendly but with at least 8 characters.
Don’t use the same password for two different logins.
Choose something easy to remember.
Reset your password when you forget it. But it’s also good to change it once a year as a general refresh.
To make remembering your passwords easier, you can try using a password management tool or a password account vault. LastPass, Bitwarden, and 1Password are great options.
4. Use Two-Factor or Multi-Factor Authentication.
This type of authentication is a service that adds an additional layer of security to the standard method of online identification. Without two-factor authentication, you would simply enter a username and password. But with two-factor or multi-factor authentication you would be prompted to enter one additional authentication method such as a code, another password, or even a fingerprint.
5. Learn About Phishing Scams
In these instances, the attacker poses as someone or something so the person receiving the email clicks a malicious link, opening an attachment that infects the user’s system with malware, trojan, or zero-day vulnerability exploit, or even divulges credentials. Any of these usually lead to ransomware attacks.
Bottom line: Don’t open emails from people you don’t know and be suspicious in general of the emails sent to you.
6. Protect Your Sensitive Personal Identifiable Information (PII)
PII is any information that can be used by a hacker or cybercriminal to identify or locate an individual. It includes information like name, address, date of birth, phone number, Social Security Number, location details, IP address, or any other information.
It’s important to be careful of the information that you share online. It’s recommended that you only show the very minimum about yourself on social media. Consider reviewing your privacy settings across all your social media accounts, notably Facebook.
7. Use Your Devices Securely
According to McAfee, your mobile device is now a target to more than 1.5 million new incidents. Some quick tips to improve your security are:
Create a difficult mobile password (different from your birthday or ban PIN)
Install apps only from trusted sources
Keep your device up to date.
Don’t send PII or sensitive info over email or text message.
Perform regular backups.
8. Regularly Backup your Data
Regularly backing up your data is a step commonly overlooked in personal online security. IT and security managers recommend following a rule called the 3-2-1 backup rule. Its idea is to keep three copies of your data on two separate types of media (external and local hard drive) and one copy on an offsite backup location, like cloud storage.
This way, if you become a victim of malware or ransomware, erasing your systems and restoring them with a backup to restore your data won’t feel like much of a problem.
9. Don’t Use Public Wi-Fis
If you don’t have a VPN, using public Wi-Fi can be dangerous. VPNs encrypt the traffic between your device and the VPN server, this means it is much more difficult for a cyber attacker to obtain access to your data on your device.
10. Participate In Regular Security Education
It’s important to constantly keep pace with changing threats, security technologies and regulations. This constant growth means that there should be constant training. For example, when companies move to the cloud, security and IT staff need to understand what this implies and what are the requirements to extend the security to the cloud.
Extra Measures To Keep Your Information Secure
Add levels of security: Passwords are no longer enough, add extra security layers to keep data safe.
Look for the next-generation anti-virus software: New anti-virus software are cloud-based, updated constantly, and the software constantly reviews servers and workstations looking for problems.
Guard and lock your server room: This may sound silly, but it is actually a common and easy way for data to be stolen.
Add antivirus software to every device: Providing your staff with antivirus software on their personal devices. This may sound costly, but ransomware is even more expensive.
At the end of the day, cybersecurity awareness is the knowledge that your data is under a threat and recognize what needs to be done about it. It’s not something that you learn once and then leave it alone, it’s an ongoing process to keep your and your customer’s data safe.