May 14, 2024
Read time: 6 min.

Cybersecurity Awareness Guide

by Taras Zeles, IT Department Manager at Vector Software

Security awareness of employees plays a key role in saving company information. Equipping employees with the necessary knowledge and skills to navigate the online sphere safely ensures that organizations safeguard their data, thereby fortifying their defenses against cyber threats.

In the absence of a robust cybersecurity framework, organizations remain vulnerable to data breach attempts, making them an attractive target for cybercriminals. 

SAFEGUARDING YOUR EMAIL

Phishing and spam

Phishing attacks frequently result in severe consequences such as identity theft, fraudulent use of credit cards, ransomware infiltration, data breaches, and substantial financial losses for both individuals and corporations.

When aiming to disseminate malware or extract personal data, individuals may employ deceptive emails containing enticing “bait,” distributed broadly to deceive recipients by masquerading as a trustworthy company, service, or individual. To stay safe, it’s best to avoid clicking on email links. Instead, directly access the website by typing its URL, using a bookmarked link, or conducting an independent search for the organization.

Spam refers to irrelevant or unsolicited messages sent across the internet, often to multiple recipients, for advertising, phishing, or spreading malware. Using a technology-based spam blocker is essential to manage these messages. 

Never click, open, or respond to messages that appear to be spam or originate from untrusted or unknown sources. 

Some companies profit by selling email addresses to spammers or marketing firms. Just as you wouldn’t freely give out your home address, the same caution should apply to your email. When sharing your email on classified ads or public websites, consider using a separate email distinct from your primary one to shield your main inbox from resulting spam.

Example of phishing emails:

What can be phishing:

  • Requests for sensitive or personal information, or to update profile or payment information;
  • Requests to send or move money;
  • File attachment(s) the recipient did not request or expect;
  • Threats and mentioning the urgency of solving any issue (“Your account will be closed today…”) or, for example, asking a colleague to pay the bill immediately;
  • Poor spelling or grammar, inconsistent or spoofed sender address.

Recommendations for spam protection:

  • Avoid opening suspicious emails. Never click, open or respond to spam messages;
  • When posting your email address on a website or signing up for a promotion or contest, use a separate email address to prevent spam from going to your primary inbox;
  • Don’t click any links on an email unless you can guarantee who it’s from.

INTERNET SAFETY

Why HTTPS is important? 

If the website you are on uses HTTPS, it is seen in the web address bar (displaying a lock icon). Clicking on the lock in the address bar will give you more information about the security of that site.

Example of a lock icon: 

It means that any information you submit is encrypted and will securely reach the intended website, and is unable to be intercepted and deciphered along the way by cybercriminals.

Even though a page is secured by HTTPS, it does not automatically mean the page is safe. It ensures that the information you send gets to the receiving website securely, but if the receiving site isn’t reputable, they could use it maliciously.

Recommendations: 

  • Be very careful when entering personal or sensitive information, even on HTTPS websites; 
  • Look for the lock icon in the address bar;
  • Pay attention to misspellings, grammatical errors and icons that don’t look right as these are good identifiers that you should not trust this site. 

Public Wi-Fi

Public Wi-Fi, in general, is very insecure. You should treat every single public Wi-Fi connection as compromised or unsafe because all of that data can be intercepted by someone else in this network.

Recommendations for using public Wi-Fi are:

  • Check the validity of available Wi-Fi hotspots. If multiple hotspots are present under the same establishment, confirm with the staff to prevent connecting to a fraudulent hotspot;
  • Ensure all websites you interact with start with “https://” to encrypt transmitted data;
  • If possible, use your smartphone data plan instead of public Wi-Fi for internet access;
  • Avoid accessing sensitive websites like banking or social networking platforms while using public Wi-Fi.

Search Engine Safety

Despite a website’s credibility, displayed advertisements could potentially infect your computer or mobile device with malicious content. Hence, it’s crucial to remain cautious not only about websites but also about the advertisements they display.

Moreover, free items such as music, movies, game cheats, and similar content are frequently loaded with malware and often do not match their descriptions. Engaging in piracy is not only illegal, but also exposes individuals to malicious actors who specifically target those seeking free content.

Recommendations for search engine safety:

  • Stick to clicking on sites on the first page of results;
  • Malware commonly masquerades as free things.

PASSWORDS

Personal Info In Passwords

Typically, users are very honest when it comes to security questions. Especially about details like their mother’s maiden name or pet’s name. This becomes a significant concern, particularly when people have social media accounts. It’s advisable not to provide truthful answers to these questions, because given information can be found on the internet. 

Password Hygiene

It’s common practice to use identical passwords across multiple websites, which can become a gateway to potential identity theft. Once unauthorized individuals gain access to your passwords, they have the power to significantly disrupt your life by altering them, sending unauthorized emails, and accessing accounts that you wish to keep private.

Password Management

Most people use weak and repetitive passwords across various websites. The best solution here is a password manager. While web browsers like Chrome, Firefox, and Internet Explorer have their own built-in password managers, these options can’t match the security of dedicated ones. Browser-based managers like Chrome and Internet Explorer store passwords on your computer in an unencrypted form, risking exposure to anyone who accesses your computer files unless your hard drive is encrypted. 

Password managers offer encrypted password storage, assist in generating secure, random passwords, provide a more robust interface, and enable convenient access to passwords across multiple devices. With a dedicated manager, you only need to remember the master password.

Two-Factor Authentication

Use two-factor authentication to safeguard against weak or compromised passwords. Prefer mobile apps or push authentication for enhanced security over SMS or text messages, as SMS relies on your cellular service. Although rare, if an attacker gains access to your phone, they could bypass your password or fingerprint by transferring the SIM card to another device and receive one-time passwords, compromising the security of your accounts.

Recommendations for password safety:

  • Utilize unique passwords across all websites/applications.
  • Enable and utilize 2FA on all websites that allow it;
  • Avoid using any real personal information in answers to security questions (enter something completely unrelated);
  • If a data breach occurs, fully change your password. 
Share:
Cybersecurity Awareness Guide

by Taras Zeles, IT Department Manager at Vector Software Security awareness of employees plays a key role in saving company information. Equipping employees with the necessary knowledge and skills to navigate the online sphere safely ensures that organizations safeguard their data, thereby fortifying their defenses against cyber threats. In the absence of a robust cybersecurity […]

https://itcluster.lviv.ua/wp-content/uploads/2024/05/vector_stattya-2.png
Copied!