What cyber pitfalls to avoid in 2021
Hardly any other year has digitalization in the private and professional spheres gained more momentum than in 2020. Whereas home office as a working model was previously unthinkable in many companies, it is now a reality. Thanks to video conferencing, meetings are climate-neutral, and WhatsApp, Zoom and the like have recently conquered the living rooms of the 70+ generation. This digitalization push has also contributed to the fact that the current year has been very successful for many online criminals.
ESET, the cyber security specialist, has summarized the most important "don'ts" for Internet users for 2021, so that users do not repeatedly fall into the same cyber pitfalls in the new year. After all, working in a home office has accentuated certain risk areas.
Home digitization: Trust is good - control is better!
During the lockdown, many households upgraded technologically and also implemented digitization within their own four walls. But even ambitious home administrators have difficulty maintaining an overview and control of the home network. Thanks to the home office, private and professional devices are also mixed in the same (W)LAN. A weak point in the smart device, on the private computer or router is quickly enough to endanger not only private data, but also sensitive company data.
Security tip: Smart helpers
Users should first get an overview of which devices are integrated in their own network. This can be done quickly and easily with an Internet security package that has a built-in home network scanner. In the next step, users should then separate smart and work devices in the network. The easiest way to do this is with the help of the guest WLAN function, which is available on all routers. The devices still use the same router for online access, but have a different IP address range than the home network and are thus separated from it. This means that attackers cannot establish a connection to network storage (e.g., Raid systems), PCs or notebooks in the home network, even via insecure smart home devices.
Avoid password traps and keep track
A common cyber flaw is the use of passwords. In every second security guide, users are urged to use complex passwords for every online service they use. A commendable request, but hardly feasible in practice, because hardly any user is able to remember a separate password for each service. How could they? Without problems, users would have to remember ten or more different complex passwords. In practice, therefore, there are either passwords that are too simple and easy to crack or many password doubles, i.e., two to three passwords are used for ten or more services. This makes it easier for cybercriminals to do their work, because password thieves can quickly access different user accounts, such as social media accounts, in one fell swoop with just one captured password. If they succeed in taking over the e-mail account, they are able to create new passwords for online stores and then go on a shopping spree at the victims' expense.
Security tip: Passwords
PC users should use password managers to create a different and, above all, secure password for each purpose and save it in a protected manner. Caution: Saving them in the browser is not a secure alternative, as some of them are unencrypted on the end device. This means that any user with access to the device can easily read the files.
Logging in with the help of two-factor authentication offers the highest level of security. In addition to the user name and password, an individual one-time code is sent to the smartphone via SMS or app, or the login must be confirmed via APP. A large number of providers have been using this very secure method for some time - users simply have to activate it for the respective service.
Biometric methods, such as fingerprints or FaceID, are also suitable for unlocking smartphones. These methods are much more difficult to crack than a simple combination of numbers or swipe patterns.
Four basic rules that always apply against cyber fatalities
- Use Internet security software that scans removable media such as USB sticks, the network interfaces and RAM for malware in addition to emails and websites.
- Automatically install updates to the operating system, installed software, apps or firmware. Known security gaps are thus closed and can no longer be exploited by attackers. If an automatism is missing: Regularly check for updates and also install them immediately.
- Simply delete mails of unknown origin - as a rule, they are always SPAM. Even if a supposed lottery win is promised or bargains are enticing: Do not click on links or open file attachments under any circumstances, as this can lead to your computer being infected with malicious code.
- Create regular backups of your digital treasures. These backups should be created on external hard disks, which should be disconnected from the computer immediately after data backup. Even if your computer is infected with ransomware and your data is encrypted, the malicious code has no chance to access the backup media.
And last but not least: If an alleged Microsoft employee calls you, you should hang up immediately. Because it is always a criminal who is just trying to trap Internet users and remotely inject malicious code onto the PC.
Source: ESET
