LEAN 365 – grab the cyber security tips of February

During February we shared a total of 28 cyber security tips in LinkedIn, Twitter and Instagram. Here is a compilation of the posts. Jump in together with Fitsec – and stay cyber safe!

32. Be cautious of who might see your computer screen when travelling or working in public. To help with this, use a privacy screen protector.

WHY?

All information is worth something to someone if the person seeing it has bad intentions

33. Protect yourself from phishing: Use common sense and do not open suspicious emails, always doubt!

WHY?

Someone can try to pose as an authoritative or well-known entity and exploit this to obtain information that can be used to steal money or cause other harm

34. From time to time clear your cookie cache in your browser settings

WHY?

Over time, cookies accumulate a wealth of information and can be used to for example track your browsing history and personal data

35. Always question messages that prompt you to act urgently - if you are not completely sure of the legitimacy of the sender and/or the message content, double check the legitimacy directly with the person supposedly contacting you (for example in person or by phone)

WHY?

Often scams tend to rely on conveying urgency, which leads to mistakes being made. You can never be too careful.

36. More sensitive activities like online banking should be avoided on devices that you don’t own

WHY?

You can’t be sure what software is installed on the device and your information may be compromised as a result

37. Always follow your organization's information security guidelines

WHY?

When all personnel work together as agreed it is easier to keep your organization secure

38. Use good judgement and common sense when downloading files from the internet. It is a good idea to scan the downloaded file with your antivirus product.

WHY?

There is an increased risk of malicious code being run on your computer when opening files downloaded from the internet

39. The best place to store your passwords is in your own memory: use memorable passphrases to help with this

WHY?

It is simply the safest solution

40. Keep your backups in a safe place, like in a trustworthy cloud service or a safe

WHY?

Without backups, you might lose some important information for good

41. Be careful not to reveal your personal identity information to anyone. Carefully destroy all the material containing this kind of information when you don’t need it anymore.

WHY?

Identity theft can lead to any number of problems for you. Your identity could for example be used to take loans in your name and you will be responsible for them.

42. Remember to read the reviews before trying a new app: If there are many complaints about its functionality or if every review is praising the app, carefully consider before using it

WHY?

Malicious apps are not that uncommon and are frequently found on legitimate marketplaces (google play, apple app store etc.). Creators of these apps can also source fake reviews of their apps to entice new users to download them.

43. It is a good idea to use incognito mode/private window when browsing the web on public/shared computers

WHY?

It prevents the next person using the same computer from accessing your browsing history and information related to it

44. Memorize or write down your bank’s deactivation service number

WHY?

In case your credit card is lost, or your bank account is compromised, you can quickly call to lock it

45. Delete unused accounts

WHY?

They could still contain sensitive data and you wouldn't even notice if they are compromised

46. Buy devices from known manufacturers

WHY? 

Off-brand devices generally have more security flaws and are not usually kept up to date

47. Always use a VPN when you are connected to a public Wi-Fi network

WHY? 

Unsecure public networks might give an attacker access to your sensitive data

48. Don’t plug in unknown USB devices to your computer

WHY? 

Unknown USB devices may harm your computer

49. Do not leave data protection material lying around unattended. The material should always be stored in the places designated for them, e.g. in a safe, fire safety cabinet or in a locked box/cabinet, depending on the sensitivity of the material.

WHY?

Because you can't be sure who has access to them otherwise

50. Take advantage of password managers, they generate unique and strong passwords and keep them safe

WHY? 

This makes it easier for you, so you don’t have to remember all of them

51. Don’t use auto login features. Always have some form of login authentication on your devices.

WHY? 

If your device is stolen and does not have a password/pin code, the thief will have immediate access to your device

52. Remove or destroy the hard drive from broken devices before disposal

WHY? 

You have no way of knowing where your device is going to end up after disposal. Even fully broken devices might have data left on the hard drive.

53. Remember that if something seems too good to be true it probably is

WHY? 

Many scams try to lure you with amazing prizes and offers

54. If you need technical support, use the official website of the vendor/manufacturer

WHY? 

A common scam is to target users of popular software and devices via fake support websites

55. Purchase tickets to events from official ticket vendor websites

WHY?  

Criminals often create fake websites and target consumers looking for deals. These websites steal your payment information and personal details.

56. If you are not using a password manager, update your passwords frequently. It is recommended to change passwords every 90 days.

WHY? 

If a service you use is compromised, there is a better chance of your account being safe

57. Don’t google search your own bank or other sensitive services. Type the URL directly in the search bar.

WHY? 

Criminals often target these types of services by advertising fake websites that look just like the real ones. These fake websites are then used to capture your login details and personal information.

58. Be mindful of what you put out on the internet 

WHY? 

What you put on the internet will stay there forever

59. Avoid software that is not supported or updated anymore

WHY? 

Unsupported/older software won't be updated with the latest security patches and could be vulnerable. This can ultimately lead to your device being compromised.

LEAN 365 – grab the cyber security tips of January

During January we shared a total of 31 cyber security tips in LinkedIn, Twitter and Instagram. Here is a compilation of the posts. Jump in together with Fitsec – and stay cyber safe!

1. Do not give any sensitive information over the phone

WHY?

Someone might be spying

2. If possible, use multi-factor authentication for all services

WHY?

To ensure that you and only you have access to your account


3. When you stop using your phone and sell it or give it away, make sure to do a factory reset and remove all attached cards (sim and memory cards).

WHY?

Otherwise, someone else might get access to your information

4. Do your employees have a direct channel to report security incidents or risks? Has the channel been announced to all employees?

WHY?

When using an easy and direct reporting channel, the ability to quickly react to security incidents improves substantially.

5. Always dispose of all physical (paper) data protection material properly - by burning, shredding or using a data security bin.

WHY?

To prevent sensitive material ending up in the wrong hands

6. Make sure your VPN is always on when you are working outside the company premises

WHY?

Public networks cannot always be considered safe

7. Before giving away (for destruction), overwrite your computer hard drives 3 times

WHY?

To ensure that no one can restore your information

8. Only use your work email for work matters

WHY?

Using your work email for personal communications might endanger your organization's cybersecurity

9. If an email contains a link, do not click on it or copy it, but write the address in the address bar of the browser itself. (EVEN IF the sender seems trustworthy!)

WHY?

Otherwise, you cannot be sure where the link leads

10. Use passphrases, not passwords

WHY?

Because they are easier to remember, but harder to guess or crack

11. If you notice any concerns or shortcomings in the security practices of your organization, make sure to report it to your supervisor.

WHY?

Shared responsibility helps minimize risks

12. Use numbers and special characters in passphrases

WHY?

To make them harder to crack or guess

13. When receiving an email, check the sender’s email address

WHY?

Do not trust just the name, also check the email address and be certain of who you’re dealing with

14. Remember to take backups regularly

WHY?

This way you can make sure your information is saved, even if something happens to your device

15. Do not open attachments from unknown senders

WHY?

You cannot be sure, what the attachment contains and it could be malicious

16. Do not give your login information to anyone

WHY?

Because it is always possible that they end up in the wrong hands

17. Remember to always lock your computer when you leave your desk

WHY?

So that no one can access your information or do anything malicious while you are away

18. 3-2-1 -method: Always keep at least 3 copies of your data: 2 on different devices and 1 in a separate service.

WHY?

If one place with your data would be destroyed, you still have two copies intact

19. Keep your device and software updated to the newest version with the latest security updates

WHY?

Regular updates ensure you are prepared for the newest cybersecurity threats in the best possible way

20. The ideal length of passwords should be at least 14 characters – containing both upper and lower case letters + numbers and special characters.

WHY?

To make them harder to crack or guess

21. Dispose of electronic data protection material as carefully as physical material - the file itself should be overwritten 3 times. 

WHY? 

Because just deleting the file does not ensure that it cannot be restored

22. Use a safe way to share files, like a trustworthy cloud service with sufficient encryption

WHY?

For example emails with attachments might end up in the posession of third parties

23. Use your work computer only for tasks related to your work, not for your personal activities

WHY?

Your personal activities may result in infecting your work computer with malware, and possibly your organization overall

24. It is not a good idea to share your travel plans and current location on social media posts

WHY?

These types of posts let criminals know you are not at home and have been used to commit burglaries

25. Think twice about what you post on social media and who can view your post 

WHY?

You may end up sharing potentially sensitive information to unwanted third parties

26. Make sure to continuously educate your employees about the latest cybersecurity threats

WHY?

Keeping your employees up to date with current threats helps to strengthen your defences

27. You should consider using automatic data backups. They are usually a built-in, optional feature on your device.

WHY?

Because it saves time and increases the reliability of your backups

28. Do not use the same password in many places

WHY?

If someone gains access to your login info, only one of your accounts is compromised

29. Do not download illegal copies of software or other media, no matter how harmless it seems

WHY?

They often contain malware and your device along with your information will be compromised

30. Notify your company's information security officer of any anomalies, for example, where you see information on the company's network that you shouldn't actually see.

WHY?

Cybersecurity is a collective effort and individual observations can help strengthen your security posture

31. Always change the default credentials after receiving a new device with pre-set credentials

WHY?

Because attackers can easily find/guess the default credentials and compromise your device

Make cyber security LEAN in 365 days

 

Tips: CSIRW | Connectivity & applications

 

Tips: CSIRW | Targeted attacks