Written by Phil Muncaster, guest writer at ESET
The new year is a new opportunity to rewire your digital life. An increasingly important part of this is cybersecurity. In fact, 2021 is already shaping up to have been one of the most prolific years yet for cybercriminals. Almost 19 billion records were exposed in the first half of the year alone. Better security should mean you’re more insulated from the risk of identity fraud and financial loss. The cost of these scams reached a record $56bn in 2020, with most of this coming online. Although the organizations you interact with have a duty, and often a legal responsibility, to keep your data protected, it’s important to do your bit.
If you’re still feeling reluctant to find new ways to protect your digital world, consider this: a third of US identity crime victims have claimed they didn’t have enough money to buy food or pay for utilities last year as a result of fraud, according to the U.S. Identity Theft Resource Center.
Be alert, be proactive and break these 10 bad habits to improve your cyber-hygiene in 2022:
Using outdated software
Vulnerabilities in operating systems, browsers, and other software on your PCs and devices are one of the top ways cyber-criminals can attack. The problem is that more of these bugs were discovered in 2020 than any year previously: over 18,100. That amounts to more than 50 new software vulnerabilities per day. The good news is that by switching on automatic update functionality and clicking through to update when prompted, this task needn’t intrude too much on day-to-day life.
Poor password hygiene
Passwords represent the keys to our digital front door. Unfortunately, as we have so many to remember these days – around 100 on average – we tend to use them insecurely. Using the same password for multiple accounts and easy-to-guess credentials gives hackers a massive advantage. They have software to crack weak encryption, try commonly-used variants and attempt to use breached passwords across other accounts (known as credential stuffing). Instead, use a password manager to remember and recall strong, unique passwords or passphrases. And switch on two-factor authentication (2FA) on any account that offers it.
Using public Wi-Fi
We’re all getting out-and-about more these days. And that brings with it a temptation to use public Wi-Fi. But there are risks. Hackers can use the same networks to eavesdrop on your internet usage, access your accounts and steal your identity. To stay safe, try to avoid these public hotspots altogether. If you must use them, don’t log in to any important accounts while connected.
Not thinking before clicking
Phishing is one of the most prolific cyber threats out there. It uses a technique known as social engineering, where the attacker tries to trick their victim into clicking on a malicious link or opening a malware-laden attachment. They take advantage of our hard-wired credulity and often try to force rapid decision-making by lending the message a sense of urgency. The number one rule to thwart these attacks is to think before you click. Double-check with the person or company sending the email to make sure it is legitimate. Take a breath. Don’t be pressured into taking over-hasty action.
Not using security on all devices
It goes without saying that in an era of prolific cyber-threats, you should have anti-malware protection from a reputable provider on all of your PCs and laptops. But how many of us extend the same security to our mobile and tablet devices? Research suggests we spend nearly 5,000 hours each year using these gadgets. And there’s plenty of opportunities to come across malicious apps and websites in that time. Protect your device today.
Using non-secure websites
HTTPS sites use encryption to protect the traffic going from your web browser to the site in question. It has two purposes: to authenticate that website as genuine and not a phishing or fraudulent web property; and to ensure cybercriminals can’t eavesdrop on your communications to steal passwords and financial information. It’s not a 100% guarantee nothing bad will happen as even many phishing sites use HTTPS these days. But it’s a good start. Always look for the padlock symbol.
Sharing work and personal lives
Many of us have spent a large part of the past two years merging a once clearly defined line between our work and our personal lives. As the line has become more blurred, cyber risk has crept in. Consider the use of work emails and passwords to register on consumer shopping and other sites. What if those sites are breached? Now hackers may be able to hijack your corporate account. Using unprotected personal devices for work also adds extra risk. Keeping business and pleasure discrete is worth the extra effort.
Giving out details over the phone
Just as email and SMS-based phishing use social engineering techniques to trick users into clicking, so voice phishing, also called vishing, is an increasingly popular way to elicit personal and financial info from victims. The scammers often disguise their real number to add legitimacy to the attack. The best rule of thumb is not to hand out any sensitive info over the phone. Ask who they are and where they’re calling from and then ring the company directly to check – not using any phone numbers provided by the caller.
Not backing up
Ransomware is costing businesses hundreds of millions annually. So it’s sometimes easy to forget that there are still variants lying in wait for consumers. Imagine if you were suddenly locked out of your home PC. All the data on it, and potentially cloud storage, could be lost forever – including family photos and important work documents. Regular backups, according to the 3-2-1 best practice rule, provide peace of mind in case the worst happens.
Not protecting the smart home
Nearly a third of European houses are fitted out with smart gadgets like voice assistants, smart TVs, and security cameras. But by fitting them with connectivity and intelligence, these devices also become a more attractive target for criminals. They can be hijacked and turned into botnets to launch attacks on others, or used as a gateway to the rest of your devices and data. To keep them secure, change default passwords on start-up. Also, be sure to choose a vendor who has a track record of fixing known vulnerabilities in their products and research potential security flaws before purchasing a gadget.