Awareness and Cybersecurity - Part Two
Part One of this article focused on why awareness is paramount in staying safe online. This time, I’d like to build on that and outline some ways to utilize that awareness to actually stay safe.
DO NOT: Leave your device unsecured
Although some of us - definitely not the author - feel naked when our phones or laptops are out of our sight, sometimes leaving our devices becomes unavoidable. And as we all know, leaving anything unattended becomes a flashing neon sign to any unscrupulous opportunist, who will happen to have to drop their keys next to your table; and the next thing you know, your device is gone. This by itself is trouble enough, but if an attacker can access your data and your applications as well, the consequences are huge.
To avoid being caught out, always be aware of your surroundings and how someone may take advantage of your absence or distraction. If you like to use your laptop in cafes or other open environments, consider investing in a Keynesian lock(link), to protect against physical theft. If you do need to leave them, always lock your devices and ensure that they are password protected and encrypted, so that even if someone does make off with it, they’ll have a harder job breaking into it.
DO NOT: Fall for phishing attacks
A phishing attack is where an attacker will send out seemingly official or innocent looking emails, social media messages or even physical letters that claim to need you to click on a link or visit a website. The purpose of these is to trick you into downloading compromised attachments or travel to a malicious website, which allows the hacker access to your device and your systems. Luckily, these are often easily detectable and falling for these scams can be easily avoided. You can also configure your network devices to block such messages, a process that Meta Defence Labs can help you implement. Look out for tell-tale signs such as bad grammar and spelling, ‘Urgent’ taglines and unnatural behaviour; if your organization uses only Google Docs, why are you now being asked to download a Microsoft Word attachment?
DO NOT: Acknowledge/ Forward chain mail
Chain mail has been around since the days of paper mail, when it was used to spread stories and then later on to initiate pyramid schemes. Now that technology has vastly improved the reach and speed of communication accessible to virtually everyone, chain mail has adapted to this unprecedented level of access and is now used increasingly as a way of spreading misinformation and more worryingly, phishing and malware attacks.
Chain mail has a few identifiable features; they may promise rewards for sharing them, ask for your email to be added to a petition or even ‘expose’ a sensational story that you need to spread. Forwarding chain mail not only exposes other people to these threats, but could compromise you too, as you may reveal sensitive information about yourself while doing so. Always carefully evaluate these, and use a web service such as Snopes to fact check stories.
DO NOT: Post sensitive information on social media
Social media is often portrayed as either one of the best or worst inventions since the Internet came into being. Whatever the case, social media can be used by unscrupulous individuals to gather information about you and your habits; and make no mistake, they will use these against you. Oversharing details such as location and personal data such as your birth date can allow a hacker to create a profile of you that can be used to impersonate, manipulate and compromise.
Think twice about what you post, such as ‘checking into’ a hotel and participating in social media ‘challenges’ that turn revealing information such as your preferences and biodata into a game. Take a minute to compare those challenge questions to the security questions your bank asks.
DO NOT: Plug in unknown or untrusted devices
Plugging in compromised removable media is one of the fastest, easiest and most convenient ways to get malware onto your device. An infected flash drive would be able to install and then run a malicious software on your device without you even knowing it, and this malware would then be able to spread further by duplicating itself and infecting other devices connected to it or more computers on a network.
Fortunately, it is fairly easy to avoid this situation by virtue of not plugging in or connecting to any untrusted device. If you must connect something to your computer, make sure that you have your device’s Auto-play feature turned off and that you use your antivirus software to scan it for malware before using it.
Stay aware and stay safe!
Author: Kavan Ranaraja
Original Post: https://www.linkedin.com/pulse/awareness-cybersecurity-part-two-kavan-ranaraja/