Many employees have access to work-related apps and files on their own devices, possibly because their company encourages a BYOD (Bring Your Own Devices) policy. Therefore, they should always follow certain security measures to keep both themselves and their employer safe. How can you make that happen? Here are a few handy tips that you can teach your employees.
1. Follow basic principles of online safety
Hold on to security habits that are easy to manage and are sustainable in the long term.
- Use secure passwords.
- Use a different password for each of your accounts.
- Store your passwords in a reliable password manager (your IT department may help you find the right one for you).
- Add an additional layer of security by using multi-factor authentication (MFA).
- Don’t share too much personal, work-related, or sensitive information on your social media.
- Take into account that not all downloads are safe, and some may contain malware.
- If possible, don’t connect to public Wi-Fi networks, especially if they are not protected by a password and you are not using a VPN.
- Keep your software, apps, and internet browser updated. If you need help, don’t hesitate to ask your IT support.
2. Get to know the most common online threats
What are some of the common threats you may encounter while browsing the internet?
Phishing and other social engineering attacks: There are many social engineering attacks you can come across, most of which rely primarily on human error. Phishing continues to be the one that is most frequently used. Get to know various social engineering attacks, keep in mind that you should always stay calm and rational while on the internet, and if you come across anything suspicious, don’t hesitate to consult your IT team.
Malicious plug-ins: You may want to upgrade your browser by downloading one or more of the many accessible plug-ins. But before you do so, remember that some plug-ins can be used to collect your data or install malware on your device. Always opt for verified plug-ins or discuss their safety with your IT team.
DNS poisoning: When you write a website’s name into your search bar, a domain name system (DNS) “translates” it into an IP address to redirect you to the page. Unfortunately, hackers can alter some pages’ DNS, so when you type the web address into your search bar, you may be taken to a malicious website. A way to prevent that is by using security solutions, such as ESET PROTECT Advanced.
Man-in-the-middle attacks: Cybercriminals can position themselves between two parties – such as the website and the user – to collect sensitive data or install their software on the user’s device. This can happen, for instance, when you use public Wi-Fi, which is why you should always follow basic security principles while connecting to Wi-Fi.
Malicious links: Apart from being careful about what you download, you should always be cautious when clicking on any links. Malicious links can present themselves as seemingly legitimate (while often hardly believable) ads. Once you click on them, criminals may install malware on your computer or take you to a malicious site. To avoid this situation, don’t click on unknown links in your email or on suspicious-looking pages.
3. Learn to recognise dangerous websites
While browsing the internet, you may encounter malicious websites designed to collect your data or infect your computer with malware. Once you learn how to recognise these pages, it will be easier for you to avoid this risk. Here are some tips for spotting them.
Look for misspelled URLs and ambiguous characters. Have you ever heard about homoglyph or homograph attacks? Cybercriminals may create a page with a name similar to another site. The change is often difficult to uncover.
Homoglyph attack Can you spot the difference between “Linkedln” and “LinkedIn”? While the latter refers to the well-known social media site, the former includes a lowercase “L” instead of a capital “I”. This trick may lead you to a malicious site if registered by hackers. |
Typosquatting is a similar type of attack that uses typos in the name. To fight this issue, some websites have even bought other domains to protect their users. For instance, you can access Google both through gooogle.com and gogle.com. To avoid falling victim to typosquatting or homoglyph attacks, always check the links and website names carefully, especially if you’re visiting a page where you are expected to fill in your login details.
Check the website online. Google, for instance, offers a Safe Browsing site status, where you can enter a link and the tool will analyse the address. You can also use VirusTotal’s URL checker or the Who.is page, which should give you more information on the site’s owner or a date of registration.
Look for the privacy policy and contact information. If you’ve entered a site and you are uncertain about whether it is legitimate, look for the attributes that safe pages usually have.
Don’t view HTTPS as a clear sign of security. If a website has an HTTPS protocol, it only means that the communication between the site and the user’s browser is encrypted. It gives us no information on the legitimacy or security of the actual site – even hackers can obtain an SSL/TLS certificate. If you want to find out more about the HTTPS protocol, you can check the agency that issued the certificate by clicking the padlock icon in the browser’s address box. If the agency is trustworthy, it is probable that the site you are on is safe.
Trust your gut. If a website looks suspicious to you – for instance, because it is filled with links and ads keep popping up every second – believe your instincts and leave the page.
4. Use a reliable digital security solution
If you want to remain protected even in your free time, count on reliable security solutions, such as ESET PROTECT Advanced. It is able to scan a website and look for potential dangers or compare a page to a blacklist of known dangerous sites. With a good solution, you can enjoy the benefits of the online world to the fullest.