The principles of cyber hygiene
Basic hygiene is an effective method of preventing viruses. Today this is especially true for both the physical and the cyber worlds.
In 2020, all people across the globe have experienced a dramatic change in their lives. While governments have been looking for ways to fight COVID-19, companies have been trying to adjust to the swiftly changing environment. The transition to remote work, in an effort to keep business going, has become a challenge for many. However, this problem appears to be even more complex with cybercriminals boosting their activity to take advantage of the turmoil surrounding the pandemic.
To protect yourself and business, everyone must abide by some basic rules of cyber hygiene — as simple but equally important nowadays as washing hands and using sanitisers. In our guide on ‘How to Protect Yourself in the Digital Space?’, we outline the main cybersecurity principles for users and end point devices.
Stick to these principles and prevent the spread of the digital epidemic.
Avoid connecting to public Wi-Fi networks: cafés, restaurants, airports, hotels, etc. Mobile internet is more secure.
If, nevertheless, it is still necessary to connect to a public Wi-Fi network, follow the rules below:
- Use a VPN (Virtual Private Network) to protect confidential data;
- Do not allow other devices to detect your PC during the connection;
- Avoid automatic connection by deleting from the list of trusted networks the Wi-Fi networks you do not intend to connect to in the future;
- Switch off the Wi-Fi module of the operating system (OS) and installed software. Do not postpone the updates.
Deleting a Wi-Fi network on Windows OS
Deleting a Wi-Fi network on iPhone
Working on your PC
Configure automatic updates операционной системы и установленного программного обеспечения. Не откладывайте установку обновлений.
If you utilise Windows OS, install antivirus software. Always update it and run full the Windows OS checks at least once a week.
Encrypt your hard disk and external storage drives. Store the password in a safe place.
Install only verified software which you receive from trusted sources or one that can be downloaded from the vendor’s official website. Never download programs from dubious websites or torrent trackers.
Change passwords to your accounts regularly. The minimum recommended password length is 9 characters. A password must contain upper- and lower-case letters, as well as as well as numbers and symbols. Ensure that your password is not easy to guess and does not contain personal information, e.g. names or dates of birth. It is strongly recommended to use different passwords for different services.
Working with email
Do not send confidential data and files via public mail services (gmail.com, yahoo.com, outlook.com, etc.) — use your corporate email account.
Before sending an email, make sure that the recipient’s address is correct to avoid leakage of confidential information.
When receiving emails with attachments and links, check the sender’s address thoroughly. If you do not know the sender, refrain from following the links or opening the attachments — the email could have been sent by a criminal.
Social engineering (phishing)
Phishing is the most widespread fraudulent method. The attackers pass themselves off as someone the users can trust and approach the victim through a variety of methods: phishing emails, SMS and social network messages and fake websites Even a telephone call could be phishing. To avoid falling for such tricks, you should learn to detect fraud:
Phishing prompts the user to immediate action (follow the link, open the attachment). Likewise, the user can even be involved in an activity they would not otherwise consider.
The sender’s email address usually looks like a real one, however, with one or two characters substituted. For example, you might receive an email from firstname.lastname@example.org that resembles a legitimate address email@example.com.
In the case of a fake website, the link at first glance might seem to lead to a legitimate website www.outlook.com, but instead it leads to a fake copy www.outilook.com. Fraudsters often utilise short-link services that hide the destination website (e.g. tiny.cc/8r81mz instead of www.google.com).
In social networks and messengers your friends might start behaving unnaturally. For example, your old friend might ask you for money or try to find out your personal data. Such behaviour should signal that your friend’s account has been hacked.
Working with messengers
Do not transfer confidential information in messengers. If you really are out of options, use the most secure application with the chat encryption feature enabled.
Do not store chat archives on external resources.
Configure two-factor authentication in your messenger.
Working with browsers
When entering passwords, credit card information or other confidential data, make sure the page utilises the HTTPS encryption protocol (shown in the address bar) and the browser recognises the website certificate as valid (otherwise the browser is likely to show a warning).
Make sure the website in front of you is legitimate and not a phishing one.
Do not visit websites with dubious content.
Be careful when using plug-ins (e.g. ad blockers). There are plug-ins that deliver all the entered data back to their developers.
Working with mobile devices
Set a password to unlock your mobile device. Keep it secret.
Only install applications from trusted developers and official web stores.
Be reasonable when granting access to applications. Only allow access to items required for an application to run. If an application requests questionable authorisations, delete it (e.g. the Flashlight application does not need to access your contact list or your camera in order to function).
Do not utilise applications that have caller ID recognition features. As a rule, such applications copy all your contacts to a server and that may lead to them being leaked.
Only legally registered organisations may apply, therefore be sure to enter your corporate email address. Applications from personal email accounts may not be accepted.