Cybersecurity awareness – again?

Awareness

Cybersecurity awareness has, unfortunately, become a necessity for being online. And as the methods of cybercriminals are evolving, so must our competence. This means that building cybersecurity awareness is not a one-time effort but a continuous (life-long?) process. 

We are all potential targets for cyber-attacks ranging from mass-distributed phishing emails to sophisticated and well-designed attempts, often also well timed e.g., during time of tax-returns or holidays. 

Our first line of defense is awareness. Being aware of the types of threats that exist, from malware and phishing to risks related to open networks and portable media. And again, it’s about understanding that these threats are continually evolving and that we must stay updated to stay one step ahead.

Cybersecurity awareness extends beyond our personal lives. In the workplace, employees at all levels need to be educated about the importance of cybersecurity. This education should include training on recognizing and responding to potential threats, as well as understanding the organization’s policies and procedures related to cybersecurity.

In an organization, cybersecurity awareness is about fostering a culture of security. It’s about recognizing that cybersecurity is not just the responsibility of IT departments and professionals, but of everyone. By promoting cybersecurity awareness, we can all contribute to making the digital world a safer place.

Social Engineering and Phishing Awareness

Social Engineering is a term that includes a broad range of malicious activities conducted through human interactions. It involves using psychological manipulation to trick users into making security mistakes or giving away sensitive information.

One of the most common forms of social engineering is phishing, where attackers pose as a reputable entity or person in email, SMS and/or other communication channels. The attacker typically creates a sense of urgency, fear, or curiosity to compel the victim to reveal sensitive data, click on malicious links, or open attachments that infect their systems with malware. These malicious links often lead to websites that look identical to legitimate sites, tricking users into entering their personal information or login credentials. These websites can also host malware, which can automatically infect the user's system upon visiting the site.

Social media best practices

Social media platforms are more popular and common mediums for social engineering attacks. These attacks exploit human psychology and trust dynamics to manipulate individuals into sharing sensitive information or performing harmful actions. Attackers often create fake profiles to befriend the target and gain their trust. Once trust is established, they can send malicious links, phishing messages, or directly request sensitive information. Given the widespread use of social media today, these tactics pose a significant risk.
Some things that you should think about when using social media can be:

• Privacy Settings: Check and adjust your privacy settings on social media platforms. This is to limit the visibility of personal information. Many social media platforms have the option to limit who can see your activity and information to only include your friends.
• Avoid Oversharing: Don’t share sensitive details publicly. Cybercriminals can exploit personal information for targeted attacks.
• Friend Requests: Be cautious when accepting friend requests from unknown persons and also check if a potential friend is who he or she claims to be. To effectively use this function, it is useful to limit who you have as friends. 
  
  

Device control and hygiene

Cybersecurity is also crucial when we consider the various devices, we use daily. These devices, including PCs, mobile devices, and even USB drives, can be potential entry points for cyber threats if not properly secured.

• PCs, both desktop and laptop, are often targeted through phishing attacks, malware, ransomware, and other forms of cyber threats. Protecting PCs involves, in addition to awareness, a combination of practices including the use of strong, unique passwords and keeping software and operating systems updated.
• Mobile devices such as smartphones and tablets are essentially handheld computers with access to sensitive personal and professional information. They can in addition be targeted through malicious apps or unsecured Wi-Fi networks. Regular software updates, strong passcodes, and careful app permissions are some ways to enhance mobile device security.
• USB drives, for instance, can carry malware or viruses. If an infected USB drive is plugged into a device, it can potentially infect that device and even spread to connected networks. Therefore, it's important to only use trusted USB drives and regularly scan them for threats.

Password 

Passwords are in the first line of defense in securing user accounts from unauthorized access. They are a form of credentials used to verify the identity of users during the authentication process. The strength of a password often depends on its length, complexity, and unpredictability. However, passwords alone are not always sufficient to protect accounts from breaches, especially if they are weak or have been compromised. This is where security features like Multi-Factor Authentication (MFA) can help.

MFA is a security measure that requires users to provide two or more separate forms of identification to verify their identity for access or transactions. These forms can be something the user knows (like a password or PIN), something the user has (like a smart card or mobile device), or something the user is (like a fingerprint or using face recognition). By implementing MFA, the security of user accounts is significantly enhanced. Even if a password is compromised, an attacker would still need access to the second factor, making unauthorized access much more difficult.

Conclusion

In summary, cybersecurity awareness should be a top priority in our digital age. Understanding evolving threats, from phishing to ransomware, is crucial for individuals and organizations alike. Beyond personal vigilance, fostering a culture of security ensures that everyone contributes to a safer digital world. Remember, cybersecurity is a shared responsibility, transcending IT professionals to encompass all users of digital technology.

Test yourself!

Nemko has put together an informal test where you can check your awareness – do you get a 100% score?