LEAN 365 – grab the cyber security tips of September

During September we shared a total of 9 cyber security tips in LinkedIn, Twitter and Instagram. Here is a compilation of the posts. Jump in together with Fitsec – and stay cyber safe!

175. Restrict the installation of software to authorized personnel

WHY? 

This reduces the risk of malicious software installations

176. Implement role-based access control

WHY? 

This restricts employee access to sensitive data and systems based on their job roles

177. Keep your apps up to date

WHY? 

Developers often release updates to patch security vulnerabilities and improve performance

178. Be wary of apps that request excessive permissions

WHY? 

Some apps request access to sensitive data or device features (e.g., camera, microphone, location). Make sure the permissions align with the app's functionality.

179. Regularly back up your mobile device too 

WHY? 

This can help to safeguard your data in case of loss or theft

180. Use secure instant messaging apps that support end-to-end encryption like Signal or Wire

WHY?

This ensures data integrity, security, privacy, and confidentiality in your communications

181. Protect the information related to your company's personnel, salaries, products, and sales

WHY?

A leak of confidential information can bring down an entire company

182. When dealing with visitors in your company, verify who you are dealing with by asking to see an ID card

WHY?

To prevent unauthorised access to your company’s premises

183. Join your local CERT authority mailing list for vulnerability alerts and other information

WHY?

To stay informed about the latest warnings of security vulnerabilities and events

LEAN 365 – grab the cyber security tips of August

During August we shared a total of 9 cyber security tips in LinkedIn, Twitter and Instagram. Here is a compilation of the posts. Jump in together with Fitsec – and stay cyber safe!

166. Don't use public computers like library computers for handling sensitive information

WHY? 

You can never be sure that the computer has not been compromised

167. Consider different backup storage options based on your needs and create a backup schedule

WHY? 

Regular backups are recommended to ensure the most up-to-date copies of your data

168. Guard your company premises carefully for example with guards, locks, and alarms

WHY? 

Physical weaknesses in infrastructures can be exploited. For example, to gain unauthorized physical access to servers or workstations.

169. Use backup software or built-in tools

WHY? 

Backup software can automate the backup process, making it easier and more efficient. Alternatively, your operating system may have built-in backup utilities, such as Windows Backup and Time Machine on macOS.

170. When creating software, check your code thoroughly for common errors like poor input validation, insecure data storage, or lack of proper error handling. A third-party audit of your software before release can be helpful.

WHY? 

Mistakes made during the software development process can lead to vulnerabilities 

171. Encrypt your backups 

WHY? 

If your files contain sensitive or confidential information, consider encrypting your backups. Encryption adds an extra layer of security to protect your data in case of unauthorized access to the backup storage.

172. Conduct regular security audits and assessments

WHY?

This helps organizations identify vulnerabilities and weaknesses in their environment and proactively address these potential risks before they are exploited by an attacker

173. Test your backups

WHY?

It's crucial to periodically test your backups to ensure they are functioning correctly. Attempt a restore process to confirm that your files can be successfully retrieved from the backup.

174. Implement redundancy by using backup systems, duplicate hardware, and failover mechanisms

WHY?

This way you can ensure continuity of service during disruptions

LEAN 365 – grab the cyber security tips of July

During July we shared a total of 8 cyber security tips in LinkedIn, Twitter and Instagram. Here is a compilation of the posts. Jump in together with Fitsec – and stay cyber safe!

158. Before clicking a link in an email message, you can hover your mouse over it to see the actual destination of the link

WHY? 

This can be used to identify potentially malicious links. For example, if the link text has a domain that differs from the actual link destination.

159. Don't buy cheap, no-name security cameras or other security devices

WHY? 

In addition to the old saying “buy cheap, buy twice”, cheap security devices often contain vulnerabilities and are not maintained by the manufacturer

160. On any devices that support it, make sure your screen automatically turns off and logs you out/locks itself when not in use

WHY? 

In case you forget to lock your device when leaving it unattended, your device locks itself and helps prevent unauthorized access to your device 

161. Don’t upload sensitive files to cloud services

WHY? 

Usually, the risk of an attacker gaining access to your account and sensitive files via cloud services is greater than an attacker gaining access to your local machine

162. Be careful with browser extensions 

WHY? 

Browser extensions can be malicious. If you haven’t heard of an extension or a website wants you to download one, you should be cautious. 

163. Periodically, check if your router still gets updates from your provider’s support page

WHY? 

If you are using a router that doesn’t get updates, it means it will not get the latest security updates and might leave you vulnerable for attacks

164. Don’t buy used USB drives or other storage devices

WHY? 

They might contain malicious files

165. Look out for social engineering. Do not trust just anyone and be suspicious if someone asks “too many questions” about your company.

WHY?

It is a technique that involves manipulating individuals to divulge confidential information or perform certain actions. It could be through impersonation, building trust, or manipulating emotions.

LEAN 365 – grab the cyber security tips of June

During June we shared a total of 7 cyber security tips in LinkedIn, Twitter and Instagram. 
Here is a compilation of the posts. Jump in together with Fitsec – and stay cyber safe!

151. If you must download a file from an email, scan it for viruses

WHY? 

Even trustworthy emails might contain viruses, it’s better to be safe than sorry

152. If you are an EU citizen you can ask companies to remove your data

WHY? 

In the EU, GDPR (General Data Protection Regulation) enforces the company to remove data when asked even if the company is not situated in Europe

153. Check email messages from unknown senders for grammar errors

WHY? 

If the message is full of grammar errors, it’s most likely a scam

154.  Don’t trust online converter websites (image, pdf etc.)

WHY? 

Even if these sites claim they won’t save your files, you have no way of verifying this is true. It’s best not to use them. These types of sites can also be used to infect your device with malware.

155. Consider enabling the ‘find my device’ -functionality on Android or Apple devices

WHY? 

If your device is stolen, you can use the find my device functionality to locate your device and remotely erase the data on your device to prevent your data from falling into the wrong hands

156. Make sure your important accounts have an up-to-date recovery phone number or alternative contact method

WHY? 

If your account is hijacked or compromised, having a recovery phone number or another email address makes it easier to get your account back. This can also make it harder for the attacker to change your credentials without access to your phone or other email.

157. Check your browser's privacy and security settings

WHY? 

Some settings like sending data for analytics might be enabled by default. For your privacy, it’s better to turn off settings that allow data gathering and sending.

LEAN 365 – grab the cyber security tips of May

During May we shared a total of 30 cyber security tips in LinkedIn, Twitter and Instagram.
Here is a compilation of the posts. Jump in together with Fitsec – and stay cyber safe!

121. When changing sim cards, always destroy the old one

WHY?

Old sim cards may hold some information like phone numbers and even some text messages

122. Clear your browser history from time to time

WHY? 

Your browser history and cookies are valuable information to an attacker. This information can be used to build a profile of you for future attacks against you.

123. Turn on memory integrity from your Windows settings

WHY? 

The memory integrity feature prevents malicious code being injected into high-security processes on your computer 

124. When traveling, keep your devices/valuables in the hotel room safe when not in use

WHY? 

If someone breaks in or has access to your hotel room, you have at least some protection against the theft of your devices

125. Do not enable automatic login on your device

WHY? 

If someone steals your device, they have instant access to all your data

126. Make sure the electric chip is broken to pieces from old debit/credit cards

WHY? 

If the electric chip is intact, someone might be able to get something out from it

127. Before disposing of delivery packages, make sure to get rid of any sensitive information on them

WHY? 

Someone could get your personal information from the package and use it for malicious intent

128. Be careful of malicious text messages and never click links in text messages

WHY? 

Text messages are often used for phishing attacks and clicking a link can get you compromised

129. If an account of yours is compromised, change the password immediately

WHY? 

It helps prevent the hacker from accessing your account again if they log off and, in some cases, logs the hacker out

130. Make sure your LinkedIn account is connected to your mobile device

WHY? 

Doing this will ensure you can easily reset/change your password and enable two factor authentication 

131. If the buttons, screen or info labels on an ATM/cash machine look misaligned or out of place, don’t use the ATM

WHY? 

There is a good chance that the ATM has been tampered with and can be used to steal your card information

132. When buying used devices, always perform a factory reset of the device

WHY? 

You never know what has been left on the device by the previous owner. It is not uncommon to find malware on used devices.

133. Don't use end of life operating systems like Windows 7 (end of life: "a product that is outdated or unsupported by the manufacturer")

WHY? 

End of life operating systems/products will not get important security updates and will leave you seriously vulnerable to attacks

134. Don't trust online quizzes

WHY? 

Online quizzes often have terms and conditions to allow them to sell your data to third parties. Even when you do not give any information, they can gather your IP-address, location, and possibly profile information if you’re logged in to social media services

135. Don't blindly trust caller ID’s or phone numbers

WHY? 

Spoofing phone numbers to scam or trick people is common. If something seems off, hang up and visit the website of the organization that is supposedly calling you and call them back on their officially listed number.

136. There are encrypted USB drives available for purchase, so consider buying them instead

WHY? 

The encryption will make it difficult for attackers to access the information on the drive if you happen to lose it or it is stolen

137. If your computer or device is stolen, change all passwords to any accounts you have

WHY?

If your device contains your passwords, they can be compromised

138. If you're suspicious of a website, for any reason, simply don't use it

WHY? 

Being suspicious is reason enough to not use it, better safe than sorry as the saying goes

139. If you live in Europe, choose a cloud provider that complies with GDPR

WHY? 

Generally, GDPR compliance ensures that your data will be handled properly and can be deleted upon request

140. Use a DNS filtering service that blocks known malicious websites

WHY? 

It helps with blocking malicious websites and known scam websites, keeping you safer on the internet

141. Disable notification content on your phone’s lock screen

WHY? 

To prevent others from viewing your sensitive information when your device is locked

142. Periodically check if your desktop machine has additional unknown devices attached to it

WHY? 

Unknown cables or peripherals can pose a risk to your system’s security. This type of technique has been used by bad actors in the past.

143. If you've been hacked, consider professional help

WHY? 

Going to a professional to aid you in this situation is far better than trying to fix it yourself. With professional help, the situation can be resolved faster, and the damages can be minimized or contained.

144. Don't use any personal information like your name, birth date, or phone number in your usernames

WHY? 

This can make it easier to gain or link sensitive and private information about you

145. If you see messages being sent from your email account that you didn't send, run a virus scan and change all your passwords immediately

WHY? 

This is often a sign that you have been compromised in some way. A quick response can minimize the damage.

146. Always follow the instruction/installation manual when installing a new device

WHY? 

It will give you a step-by-step guide to installing it correctly and safely, for example: many devices have security suggestions in the manual

147. Don't download apps from third-party sites

WHY? 

Apps from third-party sites have a greater probability of being malicious

148. If your virus protection puts something in quarantine, just leave it there if you don't know what you're doing

WHY? 

The virus protection put it there for a reason, it could be malicious or just suspicious, either way its best to leave it untouched

149. Don't trust online password checkers or generators, instead, make your own passwords

WHY? 

You have no way of verifying what the website is doing with the checked/generated password. To be safe, it’s better not to use these websites at all.

150. If you get an email stating that you have been “hacked”, and the sender demands payment, ignore it.

WHY? 

In most cases, this is a scam and used to extort money from you