Avoid “secure enough” mentality
Security requires a particular mindset. It requires you to put yourself in the mindset of the exact person you are trying to protect against. If you find yourself thinking “it’s secure enough” you are most likely going to be an easy target for malicious activity. Don’t become too comfortable with your current security because security must always evolve to meet new threats. Try to be in the mindset of “it could always be more secure”.
Keep software up-to-date
It is estimated that 80% (or more) of hacks are indirectly caused by outdated software. Skipping an update because you are in the middle of something, or feel you do not have the time, is never a good idea. Failure to update makes you vulnerable to attacks, and can prevent your anti-virus software from doing its job properly. These updates can also come with new features and capabilities with other devices. While the pop ups can be annoying, bear in mind they are keeping your information safe and improving your experience.
Keep hardware up-to-date
Use anti-virus and anti-malware
SSL on your website
Know your company
Safe & secure wifi
Lazy passwords & 2-factor authentication
If you think no one will guess that clever password you have been using since 1992 you are wrong. Cyberthieves have developed powerful algorithms that can correctly guess difficult passwords in seconds. It is best to update your passwords at least once per year. Traditional password advice suggested using a long password of 12 characters at minimum with a mix of numbers, symbols and capital and lower-case letters.
While this is a good strategy, no password is unguessable. Using 2-factor or multi-factor authentication provides the best protection. Two-factor authentication is an additional security measure that requires a second security step such as a text message code or email link before access is granted to the program or resource.
External storage devices
Preventing a hack is much easier than recovering from one.
A computer virus, much like a flu virus, is designed to spread from host to host and has the ability to replicate itself. Similarly, in the same way that flu viruses cannot reproduce without a host cell, computer viruses cannot reproduce and spread without programming such as a file or document.
In more technical terms, a computer virus is a type of malicious code or program written to alter the way a computer operates and is designed to spread from one computer to another. A virus operates by inserting or attaching itself to a legitimate program or document that supports macros in order to execute its code. In the process, a virus has the potential to cause unexpected or damaging effects, such as harming the system software by corrupting or destroying data.
Spyware is a type of malware that’s installed on your device without your knowledge or permission, covertly gathering intel about you. Its surveillance of your sensitive information can do everything from causing pesky advertising and pop-ups to appear on your device all the way to tracking your keystrokes and login credentials. As for the data spyware collects? It might supply that to the spyware author or a third party.
And while the term “spyware” is generally reserved for software with malicious intent, it’s worth noting that not all software that tracks your web activity does so for bad reasons. Some online tracking is used for things like remembering your login information or customizing your website experience.
There are four common types of spyware. Their function ranges from tracking your browser activity so marketers can target your interests, for instance, to monitoring your keystrokes and nearly everything you do on your device.
Phishing, Smishing & Vishing
Vishing, phishing, and smishing: All three types of attacks only differ by the threat vectors they employ. Phishing has been around since at least the early days of e-mail, and both vishing and smishing are combinations of the word “phishing” and the communication method used. Vishing (voice phishing) occurs through voice communication, and smishing (SMS phishing) uses SMS text messages as an attack medium.
Phishing is an attack in which the threat actor poses as a trusted person or organization to trick potential victims into sharing sensitive information or sending them money. As with real fishing, there’s more than one way to reel in a victim: Email phishing, smishing, and vishing are three common types. Some attackers take a targeted approach, as is the case with spear phishing or whale phishing.
Anyone can be targeted with a phishing attack, but some types of phishing are done to very specific people. Some threat actors will send out a general email to many people, hoping a few will take the bait based on a common trait. An example would be saying something is wrong with your Facebook or Amazon account, and you need to click this link right away to log in and fix it. The link would likely lead to a spoofed webpage where you might give away your login credentials.