Ten good cyber security resolutions for 2022

In fact, it is already becoming apparent that 2021 was one of the most successful years for cybercriminals. In the first half of the year alone, the theft of almost 19 billion data records became known. Damage caused by cybercrime reached a record sum of 223.5 billion euros in Germany in 2020, for example (source: Bitkom). Here, it is not only companies offering online services that have a duty to take security precautions. It is just as important that private users take responsibility for their security online.

10 cyber security resolutions

Security software maker ESET reveals the ten worst habits of Internet users that they should reconsider in 2022.

1. Use outdated software: Vulnerabilities in operating systems, browsers and other software on PCs and devices are one of the most important attack opportunities for cybercriminals. The problem is that more and more of these flaws are being discovered every year. The good news is that this task doesn't have to interfere too much with everyday life if you enable the automatic update function and click through when prompted to update.
2. Poor password hygiene: Passwords are the keys to the digital four walls. On average, Internet users have to remember about 100 passwords. Using the same password for multiple accounts and easily guessed login data gives hackers a big advantage. They have software to crack weak encryptions, try commonly used variants, and try to use cracked passwords for other accounts. Instead, use a password manager to create and retrieve strong, unique passwords or passphrases. And enable two-factor authentication (2FA) for all accounts that offer it.
3. Use of public WLAN networks: Nowadays, we are all on the move more. This also leads to more frequent use of public WLAN networks. But that carries risks. Hackers can use these same networks to eavesdrop on users, access accounts, and steal identities. To be safe, you should avoid these public hotspots altogether. If you must use them, don't log into important accounts while connected. Moreover, you should always have a VPN enabled while doing so.
4. Don't think before you click: Phishing is one of the biggest cyber threats ever. The attacker tries to trick his victim into clicking on a malicious link or opening a malware-infested attachment. The attackers take advantage of the gullibility of many users and often try to force quick decisions by giving the message a sense of urgency. The most important rule to thwart these attacks is to think before you click. Verify with the person or company sending the email that it is a legitimate sender.
5. No security on all devices: It goes without saying that in this age of numerous cyber threats, all PCs and laptops should have an IT security solution installed from a trusted vendor. Research shows that users spend nearly 5,000 hours on smartphones and tablets every year. And during that time, there are many opportunities to encounter malicious apps and websites. That's why these devices should be protected with a reliable security app as well.
6. Use of unsafe websites: HTTPS websites use encryption to protect traffic between the browser and the website in question. This serves two purposes: It authenticates the website as genuine and not a phishing or fraudulent one, and it ensures that cybercriminals can't eavesdrop on the communication to steal passwords and financial data. This is not a 100% guarantee that nothing bad will happen, as even many phishing websites use HTTPS these days. But it's a good start. Therefore, users should always look for the padlock icon while browsing.
7. Do not separate work and private life: The Corona pandemic has led to a blurring of the once clearly defined boundary between work and private life. As that line has become increasingly blurred, cyber risks have crept in. One example is the use of work emails and passwords to register on shopping and other websites. What happens if these sites are hacked? Attackers could use them to hijack the company account. Using unprotected personal devices for work also poses an additional risk. Keeping work and personal life separate is worth the extra effort.
8. Giving out data on the phone: Just as email and SMS phishing use social engineering techniques to trick users into clicking, voice phishing, also known as vishing, is a popular method of eliciting personal and financial information from victims. The scammers often disguise their real number to lend legitimacy to the attack. The best rule of thumb is not to reveal confidential information over the phone. Ask who the caller is and where they are calling from, then call the company directly to verify - and don't use phone numbers provided by the caller.
9. No backups: Ransomware costs companies hundreds of millions of euros every year. That's why it's sometimes easy to forget that there are still variants lurking for consumers. One horror scenario: the home PC is locked and no access is possible anymore. All the data on it, and possibly cloud storage, could be lost forever - including family photos and important work documents. Regular backups give you peace of mind in case the worst happens.
10. No protection for the smart home: Almost a third of European homes are equipped with smart devices such as voice assistants, heating thermostats, smart TVs and security cameras. However, by being networked and connected to the Internet, these devices are also an attractive target for criminals. They can be hijacked and turned into botnets to launch attacks on others, or used as gateways to the rest of your devices and data. Change default passwords at startup to ensure the security of your devices. Also, be sure to choose a vendor that fixes known vulnerabilities in their products and learn about potential security holes before purchasing a device.

Source: ESET