Digital newcomers in the online environment
What was unthinkable a few years ago has become a reality with the advent of the pandemic. Children learn remotely, teachers give them assignments via online tools and, of course, the way of working in companies is completely different. We spend time in online meetings, work from home, and use tools we had no idea existed just a few years ago. But the new standard also brings a dark side. A lot of people have moved into the online environment who don't understand it and have no awareness of how it works. It makes so much sense. You can't want and expect people who understand their craft, like teaching our kids, accounting, finance, or any kind of design, to be cybersecurity experts at the same time. That is, they will know the traps that await them there. Unfortunately, this form of IT literacy is required nowadays. If you do not know the risks and the possibilities of defense, you can very quickly get on the front pages of the newspapers or your company can be laid to rest or completely destroyed. Attacks have increased and techniques have improved.
Anyone can be a target
IT security is the responsibility of each of us and each of us is a potential target. In most cases, however, it is not a specific person. The victimized user or recipient of a phishing attack is only taken as a means to get ahead. Just get your credentials, sensitive information or make you open a malicious attachment in the email. Then the attacker can get into your employer's environment and do damage there.
The user as the most vulnerable link
A person is always the most vulnerable link of the whole security - specifically his emotions such as fear, curiosity or a simple desire to help and comply. According to Kaspersky Lab, 46 % attacks go through employees. You can put a lot of effort, energy and money into protecting your infrastructure. But everything can go wrong very quickly. One successful email or phone call is enough and the gateway to your systems and data is free. So don't forget to educate your employees about security. If they know what they can face and how to recognize the risk, they can defend themselves.
Ten Cyber Security for Users
- Use a key fob (eg Bitwarden) for passwords and generate strong passwords.
- If you need to come up with a password, use phrases that are close to you (For example, I drink.plzeň.but.miluju.budvar).
- Do not use the same password in multiple places. Once it escapes, everything you use it on is at risk.
- Turn on the second factor wherever possible. This is an additional form of verification to your username and password. It is often an authorization code in an SMS or consent in an application, which you probably know from your bank. You can set up this authorization in many places, such as when accessing your Office 365 or for social media accounts.
- Use a VPN (Encrypted Transfer of Your Data) wherever possible.
- Do not log in to your services or enter sensitive information on public WiFi networks.
- Use a mobile hotspot rather than public WiFi. You never know who is listening on the same WiFi, the hotspot is only yours.
- Do not upload sensitive files to online services and check attachments before opening.
- A phishing attack is always characterized by urgency, coercion and a challenge to sensitive data.
- Think about your digital footprint and what we give away for free. If we are not paying for the product, we are the product.
Interested in more? This article was published in the magazine of the South Bohemian Chamber of Commerce, you can find it on page number 12, the entire spring issue dedicated to cyber security can be found in electronic form here.
More articles about life with technology on my blog then here.