In 2021, we saw a record number of ransomware and cyberattacks on organizations across the globe. And it’s not slowing down. While many of us are taking time off during the holidays, cybercriminals aren’t taking a holiday break. Threat actors have conducted increasingly impactful attacks around holidays and long weekends.
While the trend isn’t new, CISA and the FBI have issued a joint reminder to warn individuals and businesses about potential cyberattacks during the upcoming holidays. Here are actions that every individual can take today to proactively protect themselves and their organization through the new year.
Think before you click; Avoid unknown emails, links, and attachments
Cybercriminals use phishing and other social engineering tactics to target individuals and organizations with legitimate looking emails, social media, and text messages to steal credentials and personal information. Phishing scams are so common because they are easy to launch and distribute and highly effective. Here are some ways to recognize a phishing message:
- Bad spelling or grammar and generic greetings
- Urgent messages that urge you to click, call, or open attachments immediately
- Notices of suspicious activity or log in attempts
- Requests to verify personal information
- Payment requests or notices of an issue with your account or payment settings
- Mismatched email domains
If you receive a suspicious email, don’t click any links or attachments. Report it to your IT department or to the ‘Report Phishing’ feature built in to most email providers.
Maintain good password hygiene and protect your credentials
The easier it is for you to remember your password, the easier it is for someone else to guess it. According to Forbes, there are more than 15 billion stolen credentials, from 100,000 data breaches, available to cybercriminals. Doing the math, this is essentially two sets of account logins for every person on the planet. Secure your online accounts with these password tips:
- Do not use personal information
- Do not use real words
- Create longer passwords, with a minimum of 10 characters
- Do not write them down
- Change passwords on a regular basis
- Use different passwords for different accounts
- Use a password manager for extra protection. Now available on both endpoints and mobile, it has never been easier to secure your credentials. A password manager automatically creates secure passwords and can help protect you from phishing attacks.
Use multi-factor authentication (MFA)
While important, usernames and passwords are vulnerable to brute force attacks and can be stolen by third parties. Multi-factor authentication (MFA) offers an extra layer of security, requiring users to provide at least two forms of authentication. The first is typically your username and password. The second is something you have (a code pushed to your phone or a USB key) or something you are (fingerprint or other biometric data). In combination with MFA, single sign-on (SSO) can increase password strength and provide a more streamlined experience by allowing users to log in using an already trusted third-party verification.
Install security, software, and OS updates as advised by IT
Every new piece of software can open the door to a cyberattack. Regularly updating computer programs, operating systems, and applications helps to protect you from malware and other cyber concerns. Proactively updating technology has the strongest effect on improving defenses against ransomware and zero-day attacks. Don’t delay operating system updates as they often include new or enhanced security features.
Use secure Wi-Fi or VPN
In our connected and mobile-first world, using free public Wi-Fi has become a daily routine for many. But public Wi-Fi is an easy target for cybercriminals. Open wireless networks often have no or weak password protection, misconfigured routers, and outdated router software — and of course, a network is only as secure as its weakest user. Devices connected to public Wi-Fi are susceptible to identity theft, data breach, malware infection, and packet sniffing or eavesdropping. To stay protected, avoid using public Wi-Fi for sensitive transactions. Use a secure VPN, turn off Bluetooth and file sharing, use an antivirus, and enable your firewall.
This blog was the second in our 12 Days of AppsMas series.