Since the digital revolution has brought the entire world within reach of cybercriminals, cybercrime has become a highly lucrative business. In fact, the Cost of Data Breach Report 2022 highlighted that India’s data breach costs has increased to 176 million in 2022, nearly 25% over the past 2 years.
Neglecting cybersecurity can cause a significant financial hit, but its impact can be even greater. It is essential that our online security defenses improve as we become increasingly dependent on technology. We all need to take responsibility for cybersecurity – but sometimes it’s difficult to engage people in security and best practices. This month is Cybersecurity Awareness Month, which is a great time to consider how you can raise awareness about cybersecurity among employees. In order to safeguard your digital safety and become less vulnerable to cyberattacks, you need to practice these seven habits.
- Keep your endpoints and devices up to date: Having the latest security software, web browser, and operating system are the best defences against viruses, malware, and other online threats. Enable automatic updates to receive the latest fixes as soon as they become available.
- Protect your passwords: Never reveal your passwords to anyone. Use long, strong, unique passwords, and use multi-factor authentication (MFA) when possible. Make sure you use different passwords for different accounts and don’t let apps and websites remember your passwords.
- Be careful from social engineering attacks like Phishing, Smishing and Vishing – Phishing scams use fraudulent emails and websites to trick users into disclosing private account or login information. One of the ways could also be to scan fraudulent QR Codes. If you are not familiar with any of the sources, do not click on any unreliable links / scan QRCode, open attachments, or open pop-up screens. Take care with attachments, even if the email appears to be from someone you know. Don’t reply to the email because the sender’s identity might have been compromised. Through Smishing, an attacker sends generic greetings with spelling errors in SMS texts that may be suspicious, hence go directly to the source (if known) for verification. Through Vishing, an attacker may make unexpected phone calls, hence avoid giving personal details to unknown people on call and take control of the conversation (example – offer to give a call back directly to the institution later).
- Back up critical files: Store backups in a physically separate location from the originals and periodically test them. For critical work files, use storage options that are officially approved. Securely store personal files on a separate drive (e.g., cloud or encrypted USB).
- Keep personal information personal: Hackers can use social media profiles to figure out your passwords and answer those security questions in the password reset tools. Ensure your privacy settings are locked down and don’t post birthdays, addresses, and mother’s maiden name. Be wary of requests to connect from people you do not know.
- Secure your internet connection: Always protect your home wireless network with a password. Whenever you use a public Wi-Fi network, be cautious what information you send over it. Always verify that the web address begins with https. In addition, check to see if there is a tiny padlock symbol on the page.
- Be careful before providing access permission that is required for installing mobile applications. Few of the imp permissions to check are –
- Access to Internet: Be careful that the permission being asked for is appropriate to the app
- Access to phone and call information: apps will be able to view your call history, send text messages and incur additional costs without you knowing.
- GPS & precise location: does the app really need your precise location or even access to your GPS?
- Access to photos/media/files: ensure you only give access to trustworthy apps; with these permissions they have the ability to access a lot of data on your phone.
- Camera & Microphone access: Apps can access them at any time and take photos or record audio without you knowing. Make sure you provide access to apps you trust.
- If you’re unsure about why the app is asking for you to provide a particular permission, you can always contact the developer and ask them to clarify.
(The author is Mr. Tushar Haralkar, IBM Security Software, Technical Sales Leader, India / South Asia Region and the views expressed in this article are his own)