Talking about cybersecurity sounds like what companies do to avoid being robbed and spied on by organisations of teenage cybercriminals. Still, unfortunately, the reality is much more severe, and the truth is that I guess that at least 25% of attacks globally are carried out against users and not against companies. So believing that you don’t need protection against that threat is as naive as thinking that shrugging your shoulders in the rain won’t get you wet.
In most cases, speaking of plain antivirus is simplistic since the current concept of security is much broader. Instead, we should discuss security solutions since they integrate different tools to protect systems against computer threats.
About corporate email, social engineering techniques are as old as computing, but people continue to fall into the trap of cybercriminals. Unfortunately, the reality is that it remains one of the primary attack vectors. Although cybercriminals have been improving the quality of emails to give them a more legitimate appearance and are constantly working to deceive the user. There are some signs that they continue to be false. “Spelling errors, texts that seem to routinely translate from another language, strange topics such as that you have won millions of bucks or senders with random addresses and domains.
That has nothing to do with the person who claims to be sending the message should be more than enough reasons. So that our alarms would go off”, says Josep Albors, Responsible for awareness and research at ESET Spain. Suppose the email raises doubts due to an alleged impersonation of a well-known online service. In that case, they advise accessing these trusted services’ websites by manually entering their address in the browser instead of following the link included in the email.
Those containing attachments deserve special attention, as some could infect with malware. It is essential to check extensions and only open those from trusted sources. Those containing attachments deserve special attention, as some could be sick with malware. It is necessary to check extensions and only open those from trusted sources. Those containing attachments deserve special attention, as some could be ill with malware. It is essential to check extensions and only open those from trusted sources.
Today, they are one of the preferred scenarios for cybercriminals to spread threats massively cybersecurity. From ESET Spain, they recommend verifying the authenticity of the shared information and the profiles that we accept on the networks. In addition, you have to be especially careful with shortened links and messages that attract attention. Such as “check this out!”, “Change your WhatsApp colour” or “transfer the new emojis. Caution with trending topics is usually used as a hook to attract victims on Facebook and Twitter.
passwords are predictable, and if they use in more than one online service, a cybercriminal could access all of a user’s accounts or services with minimal effort. Cybercriminals can use brute force to try to guess predictable password combinations or buy stolen and leaked
password bases. Despite the recommendations of cybersecurity companies such as ESET, every year, “123456”, “password,” or “qwerty” are still some of the most used passwords, and many users still do not realise that a weak password represents a gateway accessible to cybercriminals. According to Forrester, 80% of attacks tell an invalid password guessed or stolen.
Recommendations to Better Manage Passwords
- Require the use of complex passwords that incorporate special characters and numbers.
- Enable double factor authentication ( 2-Factor Authentication – 2FA ) that combines with complex passwords to strengthen network access protection.
- The use of applications on smartphones or computers can save the passwords, preventing them from being written on a post-it or notepad.
- Do not use the same password in different accounts and applications. If a password is compromise, the malicious actor will access only one system or application.
Ignoring operating system updates is another of the most frequent mistakes. There are always software updates for applications, operating systems, or security solutions, whether on a desktop, laptop, or mobile. According to ESET, pop-ups are annoying, contributing to many users not understanding the importance of always having the latest version available. However, by not updating them, devices and software are left vulnerable to attacks that take advantage of security holes not protective. So that it is not a tedious task, the cybersecurity company recommends configuring automatic updates from trusted providers. ”
Beyond the purely technological, ESET Spain wants to put the accent on awareness. “Lack of cybersecurity awareness is possibly the biggest security issue today and has been for decades. CEOs believe that their company will not target, and users believe that their information is not valuable enough to anyone. However, believing that you will not suffer any security incident is a mistake”, says Albors.
Avoiding public Wi-Fi networks and using strong and unique passwords to achieve good levels of security is not a hard job then. However, it does need a change in attitude. Combining these best practices with regular software updates, an anti-malware solution, VPN networks, and password managers. Messaging apps that use encryption will be additional layers of security that will help make things harder for attackers.
Assuming your Organization is not a Target for Attackers
Every company, large or small, and in any vertical market, is a potential target for attackers.
Motivation for cybercriminals spans a broad spectrum: from attackers who are practising honing their “skills”; to the renown associated with the effective intrusion into government institutions and, of course, the activities with profit objectives. Unfortunately, this variety of incentives means that no type of company or institution is free from threat.
The incidents generally covered most extensively in the news are the theft of personal data, including credit card numbers and other data classified as personally identifiable information (PII). Consequently, some companies may conclude that they are not on attackers’ radar because they do not handle this data. However, reality has shown that attackers carry out their activities in all sectors of the economy, seeking to compromise information assets to seize data.
A strong cybersecurity strategy consists of different layers of protection to defend your business against cybercrime, including attacks to access designe, change or destroy data, or extort money from your employees or company. In addition, we aim to disrupt your daily business operations.