As cybercriminals become more sophisticated in their attacks, we must also adapt our protections in a kind of cat and mouse game. Nothing should remain static if we want to be safe.
This Cybersecurity Decalogue is not for the average person who believes that there are no risks or who simply thinks that these things will not happen to him. They are rather for those who are aware that this is the new world in which we have to live and that just as you do not leave your house with the key in the lock or your car unlocked, you do not forget these basic rules to protect what today is even more important: your data.
In the world of cybersecurity, it is often heard that there is no 100% security, there is always a small percentage that cannot be covered. That is true, but it is no less true that if you follow these basic rules you will find yourself among the few that have that 99% covered. Crooks don't want to waste too much time attacking someone well protected so they prefer to pick easy prey. If you put these recommendations into practice, you will be a very hard nut to crack and cybercriminals will not be interested in you.
Let's go there!
1.- Activate the double authentication factor. Also called 2FA, it is without a doubt the best security invention of this decade and solves 99% of account theft cases but very few people use it yet. A Microsoft report reveals that 99.9% of their hacked accounts did not use two-factor authentication. I think this fact says it all. Almost all major services have this functionality and you can easily activate them. Putting it in your mail and in your important accounts is vital and you should not be without it for a moment. It's so critically important that many service providers are already making it mandatory, like Google. In addition, with 2FA active, you will no longer need complex passwords that you cannot remember, because even if they discover it, they will not be able to steal your account. Activate all your important accounts such as your email.
2.- Install the best paid antivirus type EDR (Endpoint Detection and Response) on mobile and computer. Free antiviruses, in addition to not being reliable, actually sell our data to other companies. There is no such thing as "free". Every company must monetize their service in some way. If they don't do it directly for a sale of the service, they do it in another way that they don't tell you.....
3.- If you receive an email or call requesting personal or financial information, do not provide any. Even though they know a lot of information about us, don't let your guard down. We cannot imagine the amount of our private data that is available on the Dark Web and on social media.
4.- If the message invites you to access a website, through an attached link, do not enter. Phishing is the gateway to 90% of threats. It is easy to do and highly effective. It is not surprising why this is the attack vector that does not stop increasing every year. Here the human factor is the most important. Don't click if you're not completely sure what it is.
5.- Do not access from public networks. Everything that travels through that network can be seen by a criminal in the middle of the communication. Famous Man in the Middle attack
6.- Do not download or open files from untrusted sources. Avoid using applications downloaded from unofficial or pirate sites. You never know what comes with that software package. You may be installing malware, ransomware or spyware without your knowledge and endangering your computer as well as your entire business.
7.- Keep the software of our devices updated. Both the operating system and the applications. Vulnerabilities appear inevitably in all systems. Keeping your mobile and computer updated with the latest versions of the operating system is the first line of defense that you should take care of. Time is vital. Update soon and frequently.
8.- Use a password manager to create complex passwords and not reuse them on different sites. It will also prevent you from entering fake sites with them. If you are one of those who seek maximum security, save the database of these managers on your local drive or in private services such as Dropbox or OneDrive. If a security breach like LastPass 2022 occurs, your vaults will not be compromised.
9.- Sign up for data leak alert services such as https://haveibeenpwned.com/ or https://www.irongate.es/irongate-databreach and as soon as they notify you, change the password for that site. If you are an ironGate client, you can rest easy because you are already automatically subscribed. All our services include it without surcharge. You can check your leaks at https://www.irongate.es/databreach
10.- When it comes to cybersecurity the first rule is “Be calm but be suspicious by default”
Just 10 rules and enjoy being safe!
by Ricky Fuster https://www.linkedin.com/in/rickyfuster/
Irongate CISO https://www.irongate.es/