Don’t Bite! 9 Essential Steps To Prevent Cyberattacks
Hackers never sleep. They also use tech innovations better than many of us. In recent months, we’ve seen criminals take computer systems hostage at hospitals across the U.S., target banks around the world via the SWIFT system, and steal $12.7 million in a massive ATM heist in Japan. As mobile devices proliferate and everything from TVs to cars gets plugged into the Internet, things will only get worse.
Fear is changing online behavior. A survey by the U.S. National Telecommunications and Information Administration recently showed that data security worries in the U.S. have curtailed online activity among 45% of households. We need a sea change in our collective thinking to defend ourselves against this onslaught.
What can you do as an individual or as a member of an organization? We all have to practice commonsense cybersecurity hygiene every day – and do what we can to prevent threats. That’s why you should think of your activities online like eating. You’d naturally be wary if a complete stranger walked up to you and offered you food. Suspicious messages, web pages, links and other cyber-morsels should be treated with similar caution. Here are nine practical steps you can take to mitigate the risks to your data and online accounts.
1) Think before biting into data
Phishing attacks are one of the most common ways users get hacked. That email from your favorite retailer may look legit, but once you click on one of its URLs, you could land on a hacker’s infected web page like a fly alighting on a spider’s web. So what do you do? Think of online information like food. Do not click on links you aren’t sure about – pretend they’re candy offered by a stranger. Similarly, be wary of USB devices claiming to charge your cell phone or other devices. Like undercooked or infected meat, they can poison you with malware or suck up info on your phone like a parasite.
2) Use authentication and strong passwords
Whenever possible, use two-factor authentication such as a password and cellphone SMS, which is increasingly available on Internet sites. Otherwise, make sure you don’t reuse passwords but try to make them easy to remember. For instance, think of a core memorable password, such as ’iLoveCOKE!’ then add letters or other characters to the beginning or end of the password to correspond to a given site, e.g. ‘FBiLoveCOKE!’ for Facebook.
3) Update all the time
Updating your operating system and applications is vital. Think of it as a spring cleaning, but do it more regularly than that. Check that frequently used applications, especially security products, are automatically updating. Meanwhile, you should uninstall old programs that you don’t use anymore. Also update the firmware for your router – if you can’t and it’s old, buy a new one. The same goes for all Internet of Things (IoT) devices, which can have dubious security measures to begin with. The point here is that it’s better to prevent attackers from getting in. Attackers are so sophisticated now that we can no longer depend on traditional security software to detect and remediate threats. It’s like ingesting poison and then trying to remove it from your body.
4) You’ll lose your phone, so lock it
Assume you’ll lose your phone, laptop or any other mobile device you take out of your home. With cybersecurity, resilience is key. So be sure to use onboard security features including PINs, passwords and biometric authentication to protect them from data thieves. The effort of that extra step can protect the sensitive info on your device – including the data you don’t remember is there. Make sure your devices auto lock within a reasonable amount of time, or at the press of a button or the closing of a screen. Additional security features such as the iPhone’s automatic encryption are even better. If possible, enable remote tracking and remote wiping features too.
5) Use a throwaway email account
Creating an email address is free and easy. Create one exclusively for sites that aren’t that important for you but require registration, such as shopping site newsletters. These email addresses may be sold or stolen if the company they’re registered with gets hacked, but you can always create another one if that happens.
6) Back up everything
Even pros fall for well-crafted phishing emails and sites. In the past, we used to keep backups of essential documents, pictures, and other material on floppy disks, CDs and other storage media. Improved PC resilience has led many to abandon this practice. Yet new cybersecurity threats require this level of resilience again – successful ransomware attacks, for example, can steal and destroy the data on your PC.
7) Be wary of public Wi-Fi
It’s nearly impossible to verify the operator of public Wi-Fi hotspots, like those found in hotels, airports and Internet cafés, that don’t require passwords. Hackers can capture sensitive password information for banking, email or shopping sent on a public Wi-Fi even though your browser shows the traditional key icon denoting security. Meanwhile, make sure your own Wi-Fi network is locked. While it’s convenient to allow friends to easily connect to your Wi-Fi when they come over, it also means criminals can join the party. If you must use a public Wi-Fi, make sure you use a VPN tool.
8) Remember security hygiene on social networking sites
Social networking sites can be hacked, and your private information can be stolen. Even if that doesn’t happen, be cautious about what you post. Assume that everything you upload is public and anyone in the world can read it. Thus, just like a postcard, assume anyone can see what you’re doing on your vacation. Think about it: is the risk of criminals getting that info worth the reward of sharing it with friends? Do you want everyone to know you’re away from your home?
9) Assume you’re under attack or being monitored
Whether it’s an Internet café or your work PC, assume you’re being monitored. Net cafés can have malware installed by third parties, and your workplace network could be compromised. Whenever possible, do not use your personal accounts on such devices.
All of these suggestions involve playing it safe – it’s useful to have a little healthy paranoia because you’ll reduce your risk of infection and data loss. Above all, remember that in cybersecurity today, following tips like these and using the right technology to prevent attacks before they occur is everything. If all we’re doing is detecting and analyzing attacks after they’ve taken place, then the attackers have already won. If you practice day-to-day prevention, just as you’d maintain your health and home, cybersecurity can be simple, effective and as routine as brushing your teeth.
Texto original: http://www.forbes.com/sites/williamsaito/2016/05/31/9-essential-steps-to-prevent-successful-cyberattacks-and-why-clicking-is-like-eating/3/#23fd07e32310