Awareness
Individuals, families & self employed
IN THIS SECTION
Why cybersecurity is important?
The Internet has become an everyday life reality for almost every individual. Using the Internet not only has many benefits, but it can also bring many risks. Criminals may infect your devices with malware (malicious software) and steal your personal date or money or trick you into doing something you would not usually do. Therefore, everyone should provide minimum security measures to ensure the safety of devices such as computers, laptops, tablets, and smartphones. On this page you will find useful information regarding the security of individuals in cyberspace.
No security measure gives 100% certainty that we will not become a victim of the attack. Security measures are designed to make the attack more difficult for attacker and to induce him to resign.
Most common cyber threat against individuals
Phishing is the most popular method of cybercriminal activity targeting individuals. By definition it is a fraud method where a cybercriminal impersonates another person or organization. It does not require technical skills and is mainly based on social engineering. Its aim is to persuade the victim to take specific actions that will allow cybercriminal to obtain specific information, such as passwords, PINs or sensitive information about the organization.
One of the vectors of a phishing attack that is difficult to identify is impersonating financial organizations and extorting money. Cyber criminals create fake websites similar to the original websites of banks or financial gateways that we usually use on a daily basis. By e-mail or text messages, they try to persuade us to transfer money or provide access data to the bank account.
Phishing is also often a way to infect your computer with malicious software. That can happen by clicking on the attachment or links send via e-mail. Through this we can run malware on our computer without even knowing it.
Unfortunately, it is very easy to become a victim of phishing. In order to lower the probability of a successful phishing, you need to follow a few tips:
- Check the content of the message in terms of grammatical correctness as well as spelling mistakes, if there are many of them, it may be phishing.
- Check the correctness of the sender’s e-mail address, in many cases of phishing, the addresses seem to be correct, but often they may differ slightly from the original, which indicates that someone is impersonating the sender.
- Pay attention to the attachments you receive in the e-mail, do not open them if the message seems suspicious to you. The same goes for pop-ups on your computer screen.
- Verify the addresses of the websites you are visiting. Check if it does not differ from the one you have dealt with before.
- Treat emails from unexpected senders with caution
How to protect yourself against cyber threats?
Basics rules of cybersecurity for individuals
- Passwords
Almost every electronic devices or applications are protected by password or offer such possibility that is why . the basic principle of cybersecurity for individuals is using a strong password. This applies to the use of a password containing characters from various categories – upper and lower case letters, numbers, special characters. Additionally, it is required to use a password of minimum length and frequently changed appropriately. If there is an option to use two-factor authentication for any device or account, it is highly recommended to use it, your device or account will be harder to breach.
Moreover, it is extremely important to use different passwords for each platform. Remember that the most important accounts, for example for financial services or containing sensitive personal data, should have their own dedicated passwords.
Remembering passwords for many accounts is very difficult, so if you have a lot of them and experience difficulties remembering them, use a password manager – these are simple applications that can store all of your passwords. Applications works in such way, that you only need to remember the one main password for that particular app (this password must be especially strong). Many of them are free to download from the Internet, such as: LastPass, KeePass, KeePassX.
- Antivirus software
The key to keeping your devices safe is to have antivirus program that will protect you from malicious software. When making your choice about an antivirus program, you can use one of the many commercial solutions available. Free antivirus programs are also very effective. Remember that the antivirus is functional when it is systematically updated, it makes it possible to detect and block new threats.
Free and fully functional antivirus software are for e.g. Microsoft Security Essentials, Avast, Avira, Agnitum, BitDefender, Kaspersky Security Cloud.
- Data backup
It often turns out that despite complying with all the indicated security measures, we are not able to avoid the threat or situation of damage, loss or theft of a computer or smartphone. As a result we may lose all data stored on a given device or application including those sensitive that we are most worried about. .
To avoid such situation, it is recommended to make systematic copies of data, especially those data that are most important to us. Remember to perform a backup whenever significant changes are made to your device for e.g. in the case of computer reinstallation. Moreover, backup should always be performed on a storage medium other than the computer’s hard drive, it is best to use external media such as dedicated hard drives, network drives, or data storage in the cloud. Furthermore, data that contains confidential information should be additionally encrypted.
- Software update
To attack, cybercriminals usually use vulnerabilities in the software we use. In a situation where new ways to attack computers appear almost every day, updating the software you use has become one of the most important security measures. This applies to all programs you use as well as the operating system itself on any device you have – a computer, tablet, smartphone. Software and operating system manufacturers are constantly working on introducing patches to their products, so when you notice a new update available, try not to postpone it.
Safe configuration of applications such as e-mail and web browsers definitely increases your security.
Web browser
The service providers themselves write in detail about the security of web browsers, presenting possible settings that increase security and privacy. Below links to sources with descriptions of specific security measures for the most commonly used web browsers are presented:
– Microsoft Internet Explorer: http://windows.microsoft.com/en-us/internet-explorer/ie-security-privacy-settings
– Microsoft Edge: https://support.microsoft.com/en-us/windows/microsoft-edge-browsing-data-and-privacy-bb8174ba-9d73-dcf2-9b4a-c582b4e640dd
– Mozilla Firefox: https://support.mozilla.org/en-US/products/firefox/privacy-and-security.
– Apple Safari: http://help.apple.com/safari/mac/8.0/ and select “Privacy and security” on the menu.
– Google Chrome: https://support.google.com/chrome#topic=3421433
– Opera – http://help.opera.com/opera/Windows/1857/en/private.html#badges
E-mail is the primary platform for the exchange of information on the Internet. Therefore, it must be properly configured to ensure its security. Below you will find a few rules that will increase the security of your e-mail:
– Disable execution of ActiveX elements and Java scripts. They are practically unnecessary in the operating the e-mail app. You can easily find information with detailed instruction how to do this in the Internet.
– In the case of spam messages (these are unwanted messages of a usually commercial nature sent to a large number of recipients via e-mail), it is worth using built-in or external message filtering programs. Apart from unnecessary advertisements, unwanted messages can carry many threats through malicious attachments or links.
– It is worth paying attention to the security of communication channels. Always choose secure SSL (protocols for outgoing and incoming mail).
– If you need to send messages containing confidential data encryption is recommended You can use a free program for this purpose, which enables end-to-end encryption e.g. Enigmail, ProtonMail, Mailvelope . But if you do not have much time or recipient of your massage cannot use the same encryption method you can send a password-protected archive, e.g. ZIP or RAR. Archiving programs are usually pre-installed on your computer or easily available on the Internet, e.g. 7-zip. Send the password to open the archive by other means of communication, e.g. the archive by e-mail and the password by SMS
- Physical security of devices
Cybersecurity for individuals also means taking care of physical security in order to prevent the device being lost or stolen. Such a scenario will result in the fact that we will not only lose equipment but also all data if it has not been properly secured. Therefore, it is worth remembering about few rules that will reduce the risk of a cybercriminal taking your device over.. First of all, never leave the device unattended, especially in public places. In case you move away from your device, you should block access to it. Do not throw away equipment that you no longer use, it can cause easy access to data. Before you dispose of your device, you should permanently delete data from it by formatting the hard disk or using special programs that erase data permanently. Moreover, all confidential data on your computer should be additionally encrypted to make it difficult to access.
What to do when you became a victim of cybercrime?
If you notice that your computer is behaving strangely, you may have become a victim of cybercrime. Pay special attention if: your computer is very slow, icons, files or entire folders on the disk have disappeared, you can see some new icons and folders that you do not recognize, you have received information from others that you are sending spam, your antivirus program informed you about an infection, there are errors in the operation of the application, the system suddenly stopped working or turns off completely.
In such a situation, try to report it as soon as possible to the entity responsible for IT security in your company. If you do not know where to report it, provide such information directly to your supervisor who will tell you what to do in this situation. Fast action and correct reaction can save you from the negative effects of an attack on your computer. If you have made a report, follow the instructions that will be given to you.
In case that this scenario applies to your private device or resources, please fill out the form available at the link: https://cert.tg/en/individual-person/