Platform
Рус
materials

navigation
How to protect yourself in digital space?

The principles of cyber hygiene

Download PDF



Amid the global turmoil, cybercriminals are boosting their activity. Cyberattacks are growing both in number and complexity. Attackers are utilizing ever more sophisticated tools to target companies and people, steal sensitive information, and achieve financial gains.

To protect yourself and business, the least one can do is abide by some basic rules of cyber hygiene. In our guide How to protect yourself in digital space?, we outline the main cybersecurity principles for users and endpoint devices.

Stick to these principles and stay safe in the digital space.

Wi-Fi

Avoid connecting to public Wi-Fi networks: in cafés, restaurants, airports, hotels, etc. Mobile internet is more secure.

If, nevertheless, it is still necessary to connect to a public Wi-Fi network, follow the rules below:

  • Use a VPN (virtual private network) to protect confidential data.
  • Do not allow other devices to detect your PC during the connection.
Do not allow
  • Avoid automatic connection by deleting from the list of trusted networks the Wi-Fi networks you do not intend to connect to in the future.
Deleting a Wi-Fi network on Windows OS
Deleting a Wi-Fi network on Windows OS
 
Deleting a Wi-Fi network on iPhone
Deleting a Wi-Fi network on iPhone
 
  • Switch off the Wi-Fi module on your smartphone or PC when you are outside the trusted wireless hot-spot area (out of home, office, etc.).

Working on your PC

Configure automatic updates of the operating system (OS) and installed software. Do not postpone the updates.

If you use Windows OS, install antivirus software. Always update it and run full Windows OS checks at least once a week.

Encrypt your hard disk and external storage drives. Store the password in a safe place.

Install only verified software which you receive from trusted sources or one that can be downloaded from the vendor’s official website. Never download programs from dubious websites or torrent trackers.

Change passwords to your accounts regularly. The minimum recommended password length is nine characters. A password must contain uppercase and lowercase letters as well as numbers and symbols. Ensure that your password is not easy to guess and does not contain personal information, such as names or dates of birth. It is strongly recommended to use different passwords for different services.

Working with email

Do not send confidential data and files via public mail services (gmail.com, yahoo.com, outlook.com, etc.)—use your corporate email account.

Before sending an email, make sure that the recipient’s address is correct to avoid leakage of confidential information.

When receiving emails with attachments and links, check the sender’s address thoroughly. If you do not know the sender, refrain from following the links or opening the attachments—the email could have been sent by a criminal.

Social engineering (phishing)

Phishing is the most widespread fraudulent method. The attackers pass themselves off as someone the users can trust and approach the victim through a variety of methods: phishing emails, SMS and social network messages, and fake websites. Even a telephone call could be phishing. To avoid falling for such tricks, you should learn to detect fraud:

Phishing prompts the user to immediate action (follow the link, open the attachment). Likewise, the user can even be involved in an activity they would not otherwise consider.

The sender’s email address usually looks like a real one, however, with one or two characters substituted. For example, you might receive an email from john.doe@yah0o.com that resembles a legitimate address john.doe@yahoo.com.

In the case of a fake website, the link at first glance might seem to lead to a legitimate website www.outlook.com, but instead it leads to a fake copy www.outilook.com. Fraudsters often utilize short-link services that hide the destination website (e.g., tiny.cc/8r81mz instead of www.google.com).

Phish message

In social networks and messengers, your friends might start behaving unnaturally. For example, your old friend might ask you for money or try to find out your personal data. Such behavior should signal that your friend’s account has been hacked.

Working with messengers

Do not transfer confidential information in messengers. If you really are out of options, use the most secure application with the chat encryption feature enabled.

Do not store chat archives on external resources.

Configure two-factor authentication in your messenger.

Working with browsers

When entering passwords, credit card information, or other confidential data, make sure the page utilizes the HTTPS protocol (shown in the address bar) and the browser recognizes the website certificate as valid (otherwise the browser is likely to show a warning).

Make sure the page utilizes the HTTPS encryption protocol

Make sure the website in front of you is legitimate and not a phishing one.

Do not visit websites with dubious content.

Be careful when using plug-ins (e.g., ad blockers). There are plug-ins that deliver all the entered data back to their developers.

Working with mobile devices

Set a password to unlock your mobile device. Keep it secret.

Only install applications from trusted developers and official web stores.

Only install applications from trusted developers

Be reasonable when granting access to applications. Only allow access to items required for an application to run. If an application requests questionable authorizations, delete it (e.g., the Flashlight application does not need to access your contact list or your camera in order to function).

Do not use applications that have caller ID recognition features. As a rule, such applications copy all your contacts to a server, which may cause their leakage.

We use cookies (files that store information about your visits to the website) to personalise our services and to improve your browsing experience. By continuing to use this website, you agree to our use of cookies and similar technologies. If you do not consent to the use of these files, you should adjust your browser settings accordingly.
Accept