The internet has fundamentally changed the way we work and communicate. We can do things faster, more effectively, and cheaper. However, using the Internet for commerce and communication can be dangerous if you don’t take the proper precautions.
In fact, 82% of data breaches involve a human element like making a mistake that enables cyber criminals to access an organization’s systems, according to Verizon’s Data Breach Incident Report. The damage from data breaches costs businesses $400 billion a year.
Use these 12 internet safety best practices to keep yourself, your family and your company protected.
1. Verify you are on a valid and legitimate website, and always double check before logging in to them.
Entering login information on a website before checking to see if it is a valid and legitimate website, makes you more susceptible to phishing attacks and increases the risk of your login information being disclosed to cyber criminals.
Here’s a quick checklist to see if a site is valid and legitimate:
Check the padlock in the address bar and make sure the connection is secure
Search any site using Google’s Transparency Report
Do you notice anything unordinary on the website? Are logos clear? Is good grammar and spelling used? Is the location shown? Are there customer reviews? How active is the company on social media? All indicators of a legitimate organization and website.
2. When you are done with a website, always log out rather than simply closing the browser window.
By simply closing the browser, instead of logging out first, you are increasing the risk of someone else gaining unauthorized access to the accounts that you were logged into. You are potentially allowing anyone with access to your computer, legally or not, to open the browser and have instant access to your accounts on sites, without entering any passwords or usernames. The risk is significantly higher on public systems or any system where you allow anyone else’s use.
3. Always verify if an email is genuine and safe before taking action on it
Failing to perform basic security checks on the emails you receive will increase your risk of being a victim of identity theft and computer compromise. Email is arguably the most common method used by attackers to trick users into disclosing confidential information and installing malicious programs.
Scammers like to impersonate your coworkers or a vendor that you use to make the email look legitimate. You can reach out to the employee or vendor that the email appears to have come from to validate if they sent it.
According to our knowledge, the biggest social engineering attack of this kind was perpetrated by Lithuanian national, Evaldas Rimasauskas, against Google and Facebook. A fake company was set up by Rimasauskas and his team pretending to be computer manufacturers working with Google and Facebook. In addition, Rimsauskas opened bank accounts in the company's name.
Using phishing emails, the scammers sent invoices for goods and services that the manufacturer had provided - but instructed employees to deposit money into their fraudulent accounts. Rimasauskas and his associates defrauded both tech giants out of over $100 million between 2013 and 2015.
4. Check the legitimacy of unexpected emails, especially those that ask for any sensitive or personal information.
Clicking on links in emails and responding to emails without checking their legitimacy is very risky behavior. Your identity, one or more of your accounts, and your systems are all at a higher risk of compromise. If you are unsure if an email is legitimate, send it over to your IT team for review.
5. Validate the safety of hyperlinks in emails before clicking them.
Cybercriminals commonly use email to attack victims because they know that most people don’t check the source of email links. Taking an email link at face value, without validating the source, puts you at an increased risk of identity theft, account and system compromise.
6. Never log into websites from links in emails.
Arguably the most common method of compromising any one of your accounts is through a phishing email where the attacker sends you a legitimate looking email that contains a link to a legitimate looking website that he/she controls. On the surface, everything looks normal, especially when you're in a hurry or distracted. If you log into a website from a link in an email, and it’s a common practice for you, you are more at risk of account and/or confidential information compromise.
7. Never open a file attachment in an email unless you are specifically expecting one.
One of the most effective methods of getting malicious software (or malware) onto your system is through an email. Opening an (unexpected) file attachment from any (unconfirmed) source puts you and your information at risk.
Ransomware, a particular type of malicious software can have devastating effects. This is common when a user downloads a malicious attachment within a phishing email that contains ransomware, all the user's files are encrypted and made inaccessible until the ransom is paid.
8. Keep your work email separate from your personal email.
Your business and personal email addresses are used for different purposes, and the more you co-mingle the two, the more difficult it becomes to decipher common patterns. Using one email address for both business and personal reasons increases the risk of both types of information being compromised through the compromise of one or the other.
9. Do not disclose any sensitive information in a communication (e.g. telephone, email, etc.) that you did not initiate yourself.
Cybercriminals can be very convincing in their methods, whether through email, phone, or even in person. Giving out sensitive information through any communication channel where you didn’t initiate the conversation puts your information more at risk of compromise.
10. Do not send sensitive information (e.g. financial, personal, private, etc.) through unencrypted email.
Email is not a point-to-point communication method, although it may appear to be. Your email is routed through the Internet over a series of systems that are outside of your control. The failure to use encryption to protect the confidentiality of email contents puts your information at an increased risk of unauthorized disclosure.
11. Always ensure that communications are encrypted when conducting business or transferring sensitive information online.
The failure to use encryption for all sensitive information transfers, including transactions, puts the information your sending/receiving at an increased risk of unauthorized disclosure.
12. Do not use peer-to-peer file sharing services (e.g. LimeWire, uTorrent, BitTorrent, etc.).
There are several increased risks associated with the use of peer-to-peer (P2P) file sharing services, including:
• Installation of malicious code
• Exposure of sensitive or personal information
• Susceptibility to attack
• Denial of service
• Prosecution - See the United States Computer Emergency Response Team (US-CERT) Security Tip (ST05-007) for more reference information; https://www.us-cert.gov/ncas/tips/ST05-007.
The conveniences of using the internet and accessing services online do not come without serious security risks. However, following these online safety best practices can help you, your family and your organization stay safe and secure.
Want to see how your internet security habits stack up against other internet users?
Pivotalogic provides your team a comprehensive security solution combined with expert guidance to help you assess, address, and continually improve your security posture over time.