1. Practice good password management
Change your passwords every thirty days. Use a mix of characters e.g. numbers, letters, lower case, upper case and punctuation marks. Don’t use the same password for multiple sites. Don’t share your passwords with others. Don’t write them down, and definitely don’t write them on a note attached to your monitor or even hidden in your desk drawer. Use a password manager to help you to manage multiple, complex passwords.
2. Never leave your devices unattended
If you need to leave your computer, phone, or tablet for any length of time – no matter how short – lock it so no one can use it while you’re gone. If you keep sensitive information on a flash drive or external hard drive, lock them up as well.
3. Don’t think that your mobile device is safe from threats
Mobile malware is the fastest growing segment of malware. When downloading apps, download from trusted sources and choose apps from trusted developers. Install a trusted security app on your mobile device.
4. Always be careful when clicking on attachments or links in an email
If it’s unexpected or suspicious for any reason, don’t click on it. Double check the URL of the website because bad actors will often take advantage of spelling mistakes and direct you to a harmful domain. Also, be aware that just because you’re at work and protected by security solutions, it doesn’t mean malicious spam can’t slip through.
5. Sensitive browsing should only be done on a device that belongs to you, on a network that you trust
This includes any form of browsing that includes accessing or divulging your banking details for example online shopping or online banking. If you do it on a friend’s phone, a public computer, or a cafe’s free WiFi – your data could be copied or stolen.
6. Be cautious about what you share on social networks
Criminals can befriend you and easily gain access to a shocking amount of information – where your children go to school, where you work, when you are on holiday. Information like this could help them gain access to more valuable data.
7. Browse with Care
Another favourite of cybercriminal’s is poisoned search results or black hat SEO. Malware writers use our curiosity against us by exploiting high-profile events. This could include a celebrity scandal, new tech gadget or major events like the Olympics, an election or sporting event. While search engines like Google are very good at protecting us from these threats, cybercriminals can successfully launch entire websites within hours of sensational news breaking. No matter how enticing these sites may appear, rest assured, they are designed with the sole purpose of delivering malware. It may take Google a few hours to identify and remove these sites from its search results, but in that time plenty of users can already be infected. Always be careful what you’re searching for and what sites you visit. Again, don’t assume you’re protected because you believe your work has good security. Threats – especially newly created threats – can always slip through.
8. Back up your data regularly and keep your anti-virus software up to date
The best defence against malware is to always update software programs when prompted. If a message appears on your screen to update a trusted software application, do it as the update will often be designed to correct an issue that may have serious security implications. If your organisation uses an automated patching solution, these updates should be deployed automatically. However, be mindful of Zero-day alerts from your IT team as these may instruct you to avoid using certain programs when a threat is identified.
9. Think before you plug a new device into your computer
Malware can be spread through infected flash drives, external hard drives, and even smartphones.
10. Think before your download
Cybercriminals know that users are concerned about security and often employ messages and pop-up screens that appear to be legitimate programs on your PC requesting updates. Clicking on these links can lead to downloading malware and installing rogue applications. These rogues may claim to be antivirus products or system cleaning programs. They look authentic, but they are designed to infect your PC to extort money from you, or to install additional malware on your computer. If you see a warning claiming your PC is infected, don’t click anything. Contact your IT team or provider. It is important to never take the chance.
11. Be wary offline as well as online
If someone calls or emails you asking for sensitive information, it’s normal to be wary. You can always call the company directly to verify credentials before giving out any information.
12. Regular monitoring
Check your financial accounts for suspicious activity. If you see something unfamiliar, no matter how small the amount, it could be a sign that your accounts have been compromised.
13. Employee awareness
Make sure that everyone is aware of the need to be careful and that they follow this guidance.