There’s stories about digital misery left and right. Cyberattacks on companies are an everyday occurrence, inflamed by the conflict in Ukraine. Apart from criminals who are looking for an accessible way to get their hands on your money, we’re also seeing a rise in attacks from state actors.
Governments. I have no idea why people “in the biz” feel like using a needlessly complex term for this word.
Anyhow. Time to get real: the biggest possible cause of a cyberattack on your organization is likely, well, you.
“Hold up! Are you saying I’m using my work devices to do shifty stuff?”
Not really. What I mean is this:
Let’s be honest: it could happen to anyone. Forewarned is forearmed. So I’ll show you some tips in this blog that you can use to arm yourself against malicious mails and wonky websites. Get your pens ready.
The five tips
Install a password manager
That using the same password for everything is unwise, is probably not news to you. But creating and remembering a password for each individual program or website you use is a lot of hassle. That’s where password managers come in.
A password manager is like a safe for your passwords. In essence, it means you need one master-password to access the rest of your login credentials. Pretty practical: you’ll only need to remember one password instead of 73 different ones. You’ll have to take a little time to set the software up, but it really will make your life much easier.
Examples of much-used, good password managers are LastPass (free, with premium options), Bitwarden (free, with premium options) en 1Password ($36 per year for personal use).
Use Multi-Factor Authentication (MFA)
You’ll recognize this: you’re logging in with your password, and then you’ll have to reach all the way down to your phone to confirm the sign-in by tapping a notification. Or worse: type in a whole code. Extremely annoying. That. That’s MFA.
MFA is based on the fact that just a password is no longer enough. When logging in, you’ll need to use a combination of two of these three points:
- Something you know, e.g. your password.
- Something you have, e.g. the email address a login code is sent to.
- Something you are, e.g. a fingerprint to unlock your phone and tap that notification
The idea here is that each of these factors makes it harder for cybercriminals to compromise accounts. More and more apps make use of MFA and some even require it. Annoying, having to enter a code each time, but also very safe.
Invest in proper security software...
There’s a lot of software in existence to keep your devices safe, such as virus scanners, back-up services and VPNs. And within those options, free and paid versions exist which each have their own functionality. I can imagine that sometimes you can’t even see the digi-forest for the software-trees. It’s impossible to give a detailed overview of all the options, but I can give you some points to consider when choosing security software.
- What’s the software specialized in?
Each security software suite has a focus in their features. Norton, for example, is a company that has their roots in antivirus-software (though they have since expanded their services). And e.g. NordVPN is a company that specializes in keeping your online activity private. Pick what you need for your situation.
- Price, quality & quantity
Many software suites offer package deals with licenses for multiple devices (e.g. installable on 5 different devices). If, for example, you own a PC and two laptops, this might be a good move because you can protect your devices with a single subscription. But there’s also security software that charges per single license. Consider what the best deal is for your mix of devices.
- Compare functionalities
Once, smiling contently, you have selected your shortlist of security software the real comparing begins. Make sure you properly check the features you’re paying for. “Smart Home Protection” sounds fancy but is not going to help you much if you don’t own any smart lightbulbs or fridges. Some software suites have a built-in password manager (see tip 1!) and others don’t. Compare carefully.
And once you’ve chosen your software of choice, you’re not done yet. It’s important to keep everything updated.
…and keep this (and other) software up-to-date.
Because there are enough examples of hacks and data breaches that haven’t come about through human activity but through exploits in software. This makes it all the more important to regularly update your software. Vulnerabilities in operating systems (like Windows), browsers and basically every other kind of software are discovered continually. Sometimes these vulnerabilities are fixed before anyone can misuse them, sometimes they aren’t.
Want to be sure that you’ve got the best level of protection possible? Make sure you always check for new updates. The easiest way to go about this is to simply enable “Automatic Updates” for your software.
Recognize suspicious emails and websites
Which brings us back to the picture above. Because none of the tips mentioned before aren’t going to magically help you if you do click on that email and enter your password on a fake website. (That is… with the exception of MFA, which specifically exists to counter this.)
To confirm whether the link in your email or the website you’re visiting is legitimate, there’s a couple of things you can check:
- Pay close attention tot he URL, design and any spelling errors
Closely observe the address of the website you’re on. Is it the right one?
- Check whether your connection is secured with HTTPS
This ensures that all traffic to and from the website is encrypted. You can tell by the lock-symbol next to the address bar in your browser. No lock-symbol? Symbol of an open lock? Be very careful about what you do on this website.
- Use a website Safety Checker
If you’ve checked the above and still doubt whether a website is legitimate, there’s two more things you can do. Tools exist to check the safety of a site. Google, for example, has a search page for the security status of websites that tells you whether they’re dangerous to visit or not. For a more comprehensive check that gives you more information, you can use URLvoid.
- Research a company’s social media presence
A last, effective method of investigating the legitimacy of a (company) website is to search for the company on social media. Take a look at their Facebook or LinkedIn page, for example. Does it look legitimate? How many people work there? Do those pages even exist?
Combining all of the above, you should be able to get a clear picture of how legitimate a website is. You’ll be able to determine how dangerous it is for you to visit that site.
And oh yeah, I was supposed to write something about recognizing email, but this blog’s starting to run long. Want to know how to spot a fake email, read on here.
And if you're still unsure about a situation...
…don’t hesitate to contact your IT provider. They’ll encounter cybersecurity-related information and incidents daily. If you’re having doubts about something, I’d recommend making use your IT-supplier’s experience.
Don’t have an IT-supplier or simply need a second opinion? Send us a message.